1# Anonymous Key Attestation (ArkTS) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10Ensure network connection during the operation. 11 12## How to Develop 13 141. Specify the key alias. For details about the naming rules, see [Key Generation Overview and Algorithm Specifications](huks-key-generation-overview.md). 15 162. Initializes a parameter set. 17 18 The **properties** field in [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions) must contain [HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag). Optional parameters include [HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag) and [HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag). 19 203. Generate an asymmetric key. For details, see [Key Generation](huks-key-generation-overview.md). 21 224. Use [anonAttestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksanonattestkeyitem11) with the key alias and parameter set to perform key attestation. 23 24```ts 25/* 26 * Perform anonymous key attestation. This example uses promise-based APIs. 27 */ 28import { huks } from '@kit.UniversalKeystoreKit'; 29 30function StringToUint8Array(str: string) { 31 let arr: number[] = []; 32 for (let i = 0, j = str.length; i < j; ++i) { 33 arr.push(str.charCodeAt(i)); 34 } 35 return new Uint8Array(arr); 36} 37 38/* 1. Set the key alias. */ 39let keyAliasString = "key anon attest"; 40let aliasUint8 = StringToUint8Array(keyAliasString); 41let securityLevel = StringToUint8Array('sec_level'); 42let challenge = StringToUint8Array('challenge_data'); 43let versionInfo = StringToUint8Array('version_info'); 44let anonAttestCertChain: Array<string>; 45 46class throwObject { 47 isThrow: boolean = false; 48} 49 50/* Encapsulate the key parameter set. */ 51let genKeyProperties: Array<huks.HuksParam> = [ 52 { 53 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 54 value: huks.HuksKeyAlg.HUKS_ALG_RSA 55 }, 56 { 57 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 58 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 59 }, 60 { 61 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 62 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 63 }, 64 { 65 tag: huks.HuksTag.HUKS_TAG_DIGEST, 66 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 67 }, 68 { 69 tag: huks.HuksTag.HUKS_TAG_PADDING, 70 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 71 }, 72 { 73 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 74 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 75 }, 76 { 77 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 78 value: huks.HuksCipherMode.HUKS_MODE_ECB 79 } 80] 81let genOptions: huks.HuksOptions = { 82 properties: genKeyProperties 83}; 84 85/* 2. Encapsulate the parameter set for key attestation. */ 86let anonAttestKeyProperties: Array<huks.HuksParam> = [ 87 { 88 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 89 value: securityLevel 90 }, 91 { 92 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 93 value: challenge 94 }, 95 { 96 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 97 value: versionInfo 98 }, 99 { 100 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 101 value: aliasUint8 102 } 103] 104let huksOptions: huks.HuksOptions = { 105 properties: anonAttestKeyProperties 106}; 107 108function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 109 return new Promise<void>((resolve, reject) => { 110 try { 111 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 112 if (error) { 113 reject(error); 114 } else { 115 resolve(data); 116 } 117 }); 118 } catch (error) { 119 throwObject.isThrow = true; 120 throw (error as Error); 121 } 122 }); 123} 124 125/* 3. Generate a key. */ 126async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 127 console.info(`enter promise generateKeyItem`); 128 let throwObject: throwObject = { isThrow: false }; 129 try { 130 await generateKeyItem(keyAlias, huksOptions, throwObject) 131 .then((data) => { 132 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 133 }) 134 .catch((error: Error) => { 135 if (throwObject.isThrow) { 136 throw (error as Error); 137 } else { 138 console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`); 139 } 140 }); 141 } catch (error) { 142 console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`); 143 } 144} 145 146/* 4. Attest the key. */ 147function anonAttestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 148 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 149 try { 150 huks.anonAttestKeyItem(keyAlias, huksOptions, (error, data) => { 151 if (error) { 152 reject(error); 153 } else { 154 resolve(data); 155 } 156 }); 157 } catch (error) { 158 throwObject.isThrow = true; 159 throw (error as Error); 160 } 161 }); 162} 163 164async function publicAnonAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 165 console.info(`enter promise anonAttestKeyItem`); 166 let throwObject: throwObject = { isThrow: false }; 167 try { 168 await anonAttestKeyItem(keyAlias, huksOptions, throwObject) 169 .then((data) => { 170 console.info(`promise: anonAttestKeyItem success, data = ${JSON.stringify(data)}`); 171 if (data !== null && data.certChains !== null) { 172 anonAttestCertChain = data.certChains as string[]; 173 } 174 }) 175 .catch((error: Error) => { 176 if (throwObject.isThrow) { 177 throw (error as Error); 178 } else { 179 console.error(`promise: anonAttestKeyItem failed, ${JSON.stringify(error)}`); 180 } 181 }); 182 } catch (error) { 183 console.error(`promise: anonAttestKeyItem input arg invalid, ${JSON.stringify(error)}`); 184 } 185} 186 187async function AnonAttestKeyTest() { 188 await publicGenKeyFunc(keyAliasString, genOptions); 189 await publicAnonAttestKey(keyAliasString, huksOptions); 190 console.info('anon attest certChain data: ' + anonAttestCertChain) 191} 192``` 193