• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Key Derivation (ArkTS)
2
3<!--Kit: Universal Keystore Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @wutiantian-gitee-->
6<!--Designer: @HighLowWorld-->
7<!--Tester: @wxy1234564846-->
8<!--Adviser: @zengyawen-->
9
10This topic walks you through on how to derive a 256-bit key using HKDF. For details about the scenarios and supported algorithms, see [Supported Algorithms](huks-key-generation-overview.md#supported-algorithms).
11
12## How to Develop
13
14**Key Generation**
15
161. Specify the key alias. For details about the naming rules, see [Key Generation Overview and Algorithm Specifications](huks-key-generation-overview.md).
17
182. Initialize the key property set. You can set **HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG** (optional) to specify how the key derived from this key is managed.
19
20    - If this tag is set to **HUKS_STORAGE_ONLY_USED_IN_HUKS**, the derived key is managed by HUKS. That is, the derived key is always in a secure environment throughout its lifecycle.
21
22    - If this tag is set to **HUKS_STORAGE_KEY_EXPORT_ALLOWED**, the derived key will be returned to the caller for management. That is, the service side ensures the key security.
23
24    - If this tag is not set, the derived key can be either managed by HUKS or returned to the caller for management. The key protection mode can be set in the subsequent key derivation on the service side.
25
263. Use [generateKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksgeneratekeyitem9) to generate a key. For details, see [Key Generation](huks-key-generation-overview.md).
27
28Alternatively, you can [import a key](huks-key-import-overview.md).
29
30**Key Derivation**
31
321. Obtain the key alias and set the **HuksOptions** parameter.
33
34    You can set **HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG** to specify how the derived key is managed.
35
36    | Key Generation| Key Derivation| Specifications|
37    | -------- | -------- | -------- |
38    | HUKS_STORAGE_ONLY_USED_IN_HUKS | HUKS_STORAGE_ONLY_USED_IN_HUKS | The key is managed by HUKS.|
39    | HUKS_STORAGE_KEY_EXPORT_ALLOWED | HUKS_STORAGE_KEY_EXPORT_ALLOWED | The key is returned to the caller for management.|
40    | The tag is not set.| HUKS_STORAGE_ONLY_USED_IN_HUKS | The key is managed by HUKS.|
41    | The tag is not set.| HUKS_STORAGE_KEY_EXPORT_ALLOWED | The key is returned to the caller for management.|
42    | The tag is not set.| The tag is not set.| The key is returned to the caller for management.|
43
44    Note: The tag value set in key derivation should not conflict with the tag value set in key generation. The above table lists only valid settings.
45
46
472. Use [initSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksinitsession9) to initialize a key session. The session handle is returned after the initialization.
48
493. Use [updateSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksupdatesession9) to process data.
50
514. Use [finishSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksfinishsession9) to derive a key.
52
53**Key Deletion**
54
55Use [deleteKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksdeletekeyitem9) to delete the key that is not required. For details, see [Deleting a Key](huks-delete-key-arkts.md).
56
57## Development Cases
58
59### HKDF
60```ts
61/*
62 * Derive an HKDF key using promise-based APIs.
63 */
64import { huks } from '@kit.UniversalKeystoreKit';
65
66function StringToUint8Array(str: string) {
67  let arr: number[] = new Array();
68  for (let i = 0, j = str.length; i < j; ++i) {
69    arr.push(str.charCodeAt(i));
70  }
71  return new Uint8Array(arr);
72}
73
74/*
75 * Set the key alias and encapsulate the key property set.
76 */
77let srcKeyAlias = "hkdf_Key";
78let deriveHkdfInData = "deriveHkdfTestIndata";
79let handle: number;
80let finishOutData: Uint8Array;
81let HuksKeyDeriveKeySize = 32;
82/* Set the parameter set used for key generation. */
83let properties: Array<huks.HuksParam> = [
84  {
85    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
86    value: huks.HuksKeyAlg.HUKS_ALG_AES,
87  }, {
88  tag: huks.HuksTag.HUKS_TAG_PURPOSE,
89  value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE,
90}, {
91  tag: huks.HuksTag.HUKS_TAG_DIGEST,
92  value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
93}, {
94  tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
95  value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
96}, {
97  tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG,
98  value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS,
99}];
100
101let huksOptions: huks.HuksOptions = {
102  properties: properties,
103  inData: new Uint8Array(new Array())
104}
105/* Set the parameter set used for init(). */
106let initProperties: Array<huks.HuksParam> = [{
107  tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
108  value: huks.HuksKeyAlg.HUKS_ALG_HKDF,
109}, {
110  tag: huks.HuksTag.HUKS_TAG_PURPOSE,
111  value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE,
112}, {
113  tag: huks.HuksTag.HUKS_TAG_DIGEST,
114  value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
115}, {
116  tag: huks.HuksTag.HUKS_TAG_DERIVE_KEY_SIZE,
117  value: HuksKeyDeriveKeySize,
118}];
119
120let initOptions: huks.HuksOptions = {
121  properties: initProperties,
122  inData: new Uint8Array(new Array())
123}
124/* Set the parameter set used for finish(). */
125let finishProperties: Array<huks.HuksParam> = [{
126  tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG,
127  value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS,
128}, {
129  tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS,
130  value: true,
131}, {
132  tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
133  value: huks.HuksKeyAlg.HUKS_ALG_AES,
134}, {
135  tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
136  value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
137}, {
138  tag: huks.HuksTag.HUKS_TAG_PURPOSE,
139  value:
140  huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
141  huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
142}, {
143  tag: huks.HuksTag.HUKS_TAG_DIGEST,
144  value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
145}, {
146  tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
147  value: StringToUint8Array(srcKeyAlias),
148}, {
149  tag: huks.HuksTag.HUKS_TAG_PADDING,
150  value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
151}, {
152  tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
153  value: huks.HuksCipherMode.HUKS_MODE_ECB,
154}];
155let finishOptions: huks.HuksOptions = {
156  properties: finishProperties,
157  inData: new Uint8Array(new Array())
158}
159
160class ThrowObject {
161  isThrow = false;
162}
163
164function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
165  return new Promise<void>((resolve, reject) => {
166    try {
167      huks.generateKeyItem(keyAlias, huksOptions, (error, data) => {
168        if (error) {
169          reject(error);
170        } else {
171          resolve(data);
172        }
173      });
174    } catch (error) {
175      throwObject.isThrow = true;
176      throw (error as Error);
177    }
178  });
179}
180
181async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
182  console.info(`enter promise generateKeyItem`);
183  let throwObject: ThrowObject = { isThrow: false };
184  try {
185    await generateKeyItem(keyAlias, huksOptions, throwObject)
186      .then((data) => {
187        console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
188      })
189      .catch((error: Error) => {
190        if (throwObject.isThrow) {
191          throw (error as Error);
192        } else {
193          console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`);
194        }
195      });
196  } catch (error) {
197    console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`);
198  }
199}
200
201function initSession(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
202  return new Promise<huks.HuksSessionHandle>((resolve, reject) => {
203    try {
204      huks.initSession(keyAlias, huksOptions, (error, data) => {
205        if (error) {
206          reject(error);
207        } else {
208          resolve(data);
209        }
210      });
211    } catch (error) {
212      throwObject.isThrow = true;
213      throw (error as Error);
214    }
215  });
216}
217
218async function publicInitFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
219  console.info(`enter promise doInit`);
220  let throwObject: ThrowObject = { isThrow: false };
221  try {
222    await initSession(keyAlias, huksOptions, throwObject)
223      .then((data) => {
224        console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
225        handle = data.handle;
226      })
227      .catch((error: Error) => {
228        if (throwObject.isThrow) {
229          throw (error as Error);
230        } else {
231          console.error(`promise: doInit failed, ${JSON.stringify(error)}`);
232        }
233      });
234  } catch (error) {
235    console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
236  }
237}
238
239function updateSession(handle: number, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
240  return new Promise<huks.HuksOptions>((resolve, reject) => {
241    try {
242      huks.updateSession(handle, huksOptions, (error, data) => {
243        if (error) {
244          reject(error);
245        } else {
246          resolve(data);
247        }
248      });
249    } catch (error) {
250      throwObject.isThrow = true;
251      throw (error as Error);
252    }
253  });
254}
255
256async function publicUpdateFunc(handle: number, huksOptions: huks.HuksOptions) {
257  console.info(`enter promise doUpdate`);
258  let throwObject: ThrowObject = { isThrow: false };
259  try {
260    await updateSession(handle, huksOptions, throwObject)
261      .then((data) => {
262        console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
263      })
264      .catch((error: Error) => {
265        if (throwObject.isThrow) {
266          throw (error as Error);
267        } else {
268          console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
269        }
270      });
271  } catch (error) {
272    console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
273  }
274}
275
276function finishSession(handle: number, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
277  return new Promise<huks.HuksReturnResult>((resolve, reject) => {
278    try {
279      huks.finishSession(handle, huksOptions, (error, data) => {
280        if (error) {
281          reject(error);
282        } else {
283          resolve(data);
284        }
285      });
286    } catch (error) {
287      throwObject.isThrow = true;
288      throw (error as Error);
289    }
290  });
291}
292
293async function publicFinishFunc(handle: number, huksOptions: huks.HuksOptions) {
294  console.info(`enter promise doFinish`);
295  let throwObject: ThrowObject = { isThrow: false };
296  try {
297    await finishSession(handle, huksOptions, throwObject)
298      .then((data) => {
299        finishOutData = data.outData as Uint8Array;
300        console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`);
301      })
302      .catch((error: Error) => {
303        if (throwObject.isThrow) {
304          throw (error as Error);
305        } else {
306          console.error(`promise: doFinish failed, ${JSON.stringify(error)}`);
307        }
308      });
309  } catch (error) {
310    console.error(`promise: doFinish input arg invalid, ${JSON.stringify(error)}`);
311  }
312}
313
314function deleteKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
315  return new Promise<void>((resolve, reject) => {
316    try {
317      huks.deleteKeyItem(keyAlias, huksOptions, (error, data) => {
318        if (error) {
319          reject(error);
320        } else {
321          resolve(data);
322        }
323      });
324    } catch (error) {
325      throwObject.isThrow = true;
326      throw (error as Error);
327    }
328  });
329}
330
331async function publicDeleteKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
332  console.info(`enter promise deleteKeyItem`);
333  let throwObject: ThrowObject = { isThrow: false };
334  try {
335    await deleteKeyItem(keyAlias, huksOptions, throwObject)
336      .then((data) => {
337        console.info(`promise: deleteKeyItem key success, data = ${JSON.stringify(data)}`);
338      })
339      .catch((error: Error) => {
340        if (throwObject.isThrow) {
341          throw (error as Error);
342        } else {
343          console.error(`promise: deleteKeyItem failed, ${JSON.stringify(error)}`);
344        }
345      });
346  } catch (error) {
347    console.error(`promise: deleteKeyItem input arg invalid, ${JSON.stringify(error)}`);
348  }
349}
350
351async function testDerive() {
352  /* Generate a key. */
353  await publicGenKeyFunc(srcKeyAlias, huksOptions);
354  /* Perform key derivation. */
355  await publicInitFunc(srcKeyAlias, initOptions);
356  initOptions.inData = StringToUint8Array(deriveHkdfInData);
357  await publicUpdateFunc(handle, initOptions);
358  await publicFinishFunc(handle, finishOptions);
359  await publicDeleteKeyFunc(srcKeyAlias, huksOptions);
360}
361```
362### PBKDF2
363
364```ts
365/*
366 * Derive a PBKDF2 key using promise-based APIs.
367 */
368import { huks } from '@kit.UniversalKeystoreKit';
369
370function StringToUint8Array(str: string) {
371  let arr: number[] = new Array();
372  for (let i = 0, j = str.length; i < j; ++i) {
373    arr.push(str.charCodeAt(i));
374  }
375  return new Uint8Array(arr);
376}
377
378/*
379 * Set the key alias and encapsulate the key property set.
380 */
381let srcKeyAlias = "pbkdf2_Key";
382let salt = "mySalt";
383let iterationCount = 10000;
384let derivedKeySize = 32;
385let handle: number;
386let finishOutData: Uint8Array;
387
388/* Set the parameter set used for key generation. */
389let properties: Array<huks.HuksParam> = [
390  {
391    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
392    value: huks.HuksKeyAlg.HUKS_ALG_AES,
393  }, {
394    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
395    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE,
396  }, {
397    tag: huks.HuksTag.HUKS_TAG_DIGEST,
398    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
399  }, {
400    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
401    value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
402  }, {
403    tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG,
404    value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS,
405  }
406];
407
408let huksOptions: huks.HuksOptions = {
409  properties: properties,
410  inData: new Uint8Array(new Array())
411}
412
413/* Set the parameter set used for init(). */
414let initProperties: Array<huks.HuksParam> = [
415  {
416    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
417    value: huks.HuksKeyAlg.HUKS_ALG_PBKDF2,
418  }, {
419    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
420    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DERIVE,
421  }, {
422    tag: huks.HuksTag.HUKS_TAG_DIGEST,
423    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256,
424  }, {
425    tag: huks.HuksTag.HUKS_TAG_DERIVE_KEY_SIZE,
426    value: derivedKeySize,
427  }, {
428    tag: huks.HuksTag.HUKS_TAG_ITERATION,
429    value: iterationCount,
430  }, {
431    tag: huks.HuksTag.HUKS_TAG_SALT,
432    value: StringToUint8Array(salt),
433  }
434];
435
436let initOptions: huks.HuksOptions = {
437  properties: initProperties,
438  inData: new Uint8Array(new Array())
439}
440
441/* Set the parameter set used for finish(). */
442let finishProperties: Array<huks.HuksParam> = [
443  {
444    tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG,
445    value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS,
446  }, {
447    tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS,
448    value: true,
449  }, {
450    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
451    value: huks.HuksKeyAlg.HUKS_ALG_AES,
452  }, {
453    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
454    value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256,
455  }, {
456    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
457    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
458  }, {
459    tag: huks.HuksTag.HUKS_TAG_DIGEST,
460    value: huks.HuksKeyDigest.HUKS_DIGEST_NONE,
461  }, {
462    tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS,
463    value: StringToUint8Array(srcKeyAlias),
464  }, {
465    tag: huks.HuksTag.HUKS_TAG_PADDING,
466    value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
467  }, {
468    tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
469    value: huks.HuksCipherMode.HUKS_MODE_ECB,
470  }
471];
472
473let finishOptions: huks.HuksOptions = {
474  properties: finishProperties,
475  inData: new Uint8Array(new Array())
476}
477
478class ThrowObject {
479  isThrow = false;
480}
481
482function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
483  return new Promise<void>((resolve, reject) => {
484    try {
485      huks.generateKeyItem(keyAlias, huksOptions, (error, data) => {
486        if (error) {
487          reject(error);
488        } else {
489          resolve(data);
490        }
491      });
492    } catch (error) {
493      throwObject.isThrow = true;
494      throw (error as Error);
495    }
496  });
497}
498
499async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
500  console.info(`enter promise generateKeyItem`);
501  let throwObject: ThrowObject = { isThrow: false };
502  try {
503    await generateKeyItem(keyAlias, huksOptions, throwObject)
504      .then((data) => {
505        console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
506      })
507      .catch((error: Error) => {
508        if (throwObject.isThrow) {
509          throw (error as Error);
510        } else {
511          console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`);
512        }
513      });
514  } catch (error) {
515    console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`);
516  }
517}
518
519function initSession(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
520  return new Promise<huks.HuksSessionHandle>((resolve, reject) => {
521    try {
522      huks.initSession(keyAlias, huksOptions, (error, data) => {
523        if (error) {
524          reject(error);
525        } else {
526          resolve(data);
527        }
528      });
529    } catch (error) {
530      throwObject.isThrow = true;
531      throw (error as Error);
532    }
533  });
534}
535
536async function publicInitFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
537  console.info(`enter promise doInit`);
538  let throwObject: ThrowObject = { isThrow: false };
539  try {
540    await initSession(keyAlias, huksOptions, throwObject)
541      .then((data) => {
542        console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
543        handle = data.handle;
544      })
545      .catch((error: Error) => {
546        if (throwObject.isThrow) {
547          throw (error as Error);
548        } else {
549          console.error(`promise: doInit failed, ${JSON.stringify(error)}`);
550        }
551      });
552  } catch (error) {
553    console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
554  }
555}
556
557function updateSession(handle: number, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
558  return new Promise<huks.HuksOptions>((resolve, reject) => {
559    try {
560      huks.updateSession(handle, huksOptions, (error, data) => {
561        if (error) {
562          reject(error);
563        } else {
564          resolve(data);
565        }
566      });
567    } catch (error) {
568      throwObject.isThrow = true;
569      throw (error as Error);
570    }
571  });
572}
573
574async function publicUpdateFunc(handle: number, huksOptions: huks.HuksOptions) {
575  console.info(`enter promise doUpdate`);
576  let throwObject: ThrowObject = { isThrow: false };
577  try {
578    await updateSession(handle, huksOptions, throwObject)
579      .then((data) => {
580        console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
581      })
582      .catch((error: Error) => {
583        if (throwObject.isThrow) {
584          throw (error as Error);
585        } else {
586          console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
587        }
588      });
589  } catch (error) {
590    console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
591  }
592}
593
594function finishSession(handle: number, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
595  return new Promise<huks.HuksReturnResult>((resolve, reject) => {
596    try {
597      huks.finishSession(handle, huksOptions, (error, data) => {
598        if (error) {
599          reject(error);
600        } else {
601          resolve(data);
602        }
603      });
604    } catch (error) {
605      throwObject.isThrow = true;
606      throw (error as Error);
607    }
608  });
609}
610
611async function publicFinishFunc(handle: number, huksOptions: huks.HuksOptions) {
612  console.info(`enter promise doFinish`);
613  let throwObject: ThrowObject = { isThrow: false };
614  try {
615    await finishSession(handle, huksOptions, throwObject)
616      .then((data) => {
617        finishOutData = data.outData as Uint8Array;
618        console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`);
619      })
620      .catch((error: Error) => {
621        if (throwObject.isThrow) {
622          throw (error as Error);
623        } else {
624          console.error(`promise: doFinish failed, ${JSON.stringify(error)}`);
625        }
626      });
627  } catch (error) {
628    console.error(`promise: doFinish input arg invalid, ${JSON.stringify(error)}`);
629  }
630}
631
632function deleteKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: ThrowObject) {
633  return new Promise<void>((resolve, reject) => {
634    try {
635      huks.deleteKeyItem(keyAlias, huksOptions, (error, data) => {
636        if (error) {
637          reject(error);
638        } else {
639          resolve(data);
640        }
641      });
642    } catch (error) {
643      throwObject.isThrow = true;
644      throw (error as Error);
645    }
646  });
647}
648
649async function publicDeleteKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
650  console.info(`enter promise deleteKeyItem`);
651  let throwObject: ThrowObject = { isThrow: false };
652  try {
653    await deleteKeyItem(keyAlias, huksOptions, throwObject)
654      .then((data) => {
655        console.info(`promise: deleteKeyItem key success, data = ${JSON.stringify(data)}`);
656      })
657      .catch((error: Error) => {
658        if (throwObject.isThrow) {
659          throw (error as Error);
660        } else {
661          console.error(`promise: deleteKeyItem failed, ${JSON.stringify(error)}`);
662        }
663      });
664  } catch (error) {
665    console.error(`promise: deleteKeyItem input arg invalid, ${JSON.stringify(error)}`);
666  }
667}
668
669async function testDerive() {
670  /* Generate a key. */
671  await publicGenKeyFunc(srcKeyAlias, huksOptions);
672  /* Perform key derivation. */
673  await publicInitFunc(srcKeyAlias, initOptions);
674  await publicUpdateFunc(handle, initOptions);
675  await publicFinishFunc(handle, finishOptions);
676  await publicDeleteKeyFunc(srcKeyAlias, huksOptions);
677}
678```
679