1# Key Agreement Overview and Algorithm Specifications 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10Generally, keys cannot be directly transmitted between devices. Key agreement allows two or more parties to jointly establish a shared key in a non-secure environment. During key agreement, only the public key is transmitted, and the private key is still stored on the device, which ensures data security and confidentiality. 11 12For the key agreement between two devices, each device generates an asymmetric key and uses the public key of the peer device and its own private key to agree on a shared key. 13 14> **NOTE** 15> - <!--RP1-->The mini-system devices<!--RP1End--> do not support key agreement. 16> - Using an existing key alias as the alias of the key generated from agreement will overwrite the existing key. 17 18## Supported Algorithms 19 20The following table lists the supported key agreement specifications. 21<!--Del--> 22The key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported. 23 24**You are advised to use mandatory specifications in your development for compatibility purposes.** 25<!--DelEnd--> 26 27| Algorithm| Description| API Level| <!--DelCol4-->Mandatory| 28| -------- | -------- | -------- | -------- | 29| ECDH | The key type must be ECC.| 8+ | Yes| 30| DH | - | 8+ | Yes| 31| X25519 | - | 8+ | Yes| 32