• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Generating a Key (C/C++)
2
3<!--Kit: Universal Keystore Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @wutiantian-gitee-->
6<!--Designer: @HighLowWorld-->
7<!--Tester: @wxy1234564846-->
8<!--Adviser: @zengyawen-->
9
10This topic walks you through on how to randomly generate a key with the ECC algorithm. For details about the scenarios and supported algorithms, see [Supported Algorithms](huks-key-generation-overview.md#supported-algorithms).
11
12> **NOTE**
13> Key aliases must not contain sensitive information, such as personal data.
14
15## Add the dynamic library in the CMake script.
16```txt
17target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
18```
19
20## How to Develop
21
221. Set the alias (**keyAlias**) of the key to generate.
23   - The key alias can contain a maximum of 128 bytes and cannot contain sensitive information, such as personal data.
24   - For the keys generated for different services, HUKS isolates the storage paths based on the service identity information to prevent conflicts caused by the same key alias.
25
262. Initialize the key property set. Construct **paramSet** using [OH_Huks_InitParamSet](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_initparamset), [OH_Huks_AddParams](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_addparams), and [OH_Huks_BuildParamSet](../../reference/apis-universal-keystore-kit/capi-native-huks-param-h.md#oh_huks_buildparamset).
27   The key property set must contain the [OH_Huks_KeyAlg](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keyalg), [OH_Huks_KeySize](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keysize), and [OH_Huks_KeyPurpose](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_keypurpose) properties. Note that a key can have only one purpose, and the purpose specified during key generation must match the key purpose during usage. Otherwise, an exception occurs.
28
293. Call [OH_Huks_GenerateKeyItem](../../reference/apis-universal-keystore-kit/capi-native-huks-api-h.md#oh_huks_generatekeyitem) and pass in the key alias and key property set to generate a key.
30
31> **NOTE**<br>
32> If the service uses the same key alias to call the HUKS API to generate a key again, HUKS will generate a new key and overwrite the historical key file.
33
34```c++
35/* Generate an ECC key. */
36#include "huks/native_huks_api.h"
37#include "huks/native_huks_param.h"
38#include "napi/native_api.h"
39#include <string.h>
40OH_Huks_Result InitParamSet(
41    struct OH_Huks_ParamSet **paramSet,
42    const struct OH_Huks_Param *params,
43    uint32_t paramCount)
44{
45    OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
46    if (ret.errorCode != OH_HUKS_SUCCESS) {
47        return ret;
48    }
49    ret = OH_Huks_AddParams(*paramSet, params, paramCount);
50    if (ret.errorCode != OH_HUKS_SUCCESS) {
51        OH_Huks_FreeParamSet(paramSet);
52        return ret;
53    }
54    ret = OH_Huks_BuildParamSet(paramSet);
55    if (ret.errorCode != OH_HUKS_SUCCESS) {
56        OH_Huks_FreeParamSet(paramSet);
57        return ret;
58    }
59    return ret;
60}
61struct OH_Huks_Param g_testGenerateKeyParam[] = {
62    {
63        .tag = OH_HUKS_TAG_ALGORITHM,
64        .uint32Param = OH_HUKS_ALG_ECC
65    }, {
66        .tag = OH_HUKS_TAG_PURPOSE,
67        .uint32Param = OH_HUKS_KEY_PURPOSE_AGREE
68    }, {
69        .tag = OH_HUKS_TAG_KEY_SIZE,
70        .uint32Param = OH_HUKS_ECC_KEY_SIZE_256
71    }, {
72        .tag = OH_HUKS_TAG_DIGEST,
73        .uint32Param = OH_HUKS_DIGEST_NONE
74    }
75};
76static napi_value GenerateKey(napi_env env, napi_callback_info info)
77{
78    /* 1. Set the key alias. */
79    const char *alias = "test_generate";
80    struct OH_Huks_Blob aliasBlob = { .size = (uint32_t)strlen(alias), .data = (uint8_t *)alias };
81    struct OH_Huks_ParamSet *testGenerateKeyParamSet = nullptr;
82    struct OH_Huks_Result ohResult;
83    do {
84        /* 2. Initialize the key property set. */
85        ohResult = InitParamSet(&testGenerateKeyParamSet, g_testGenerateKeyParam,
86            sizeof(g_testGenerateKeyParam) / sizeof(OH_Huks_Param));
87        if (ohResult.errorCode != OH_HUKS_SUCCESS) {
88            break;
89        }
90        /* 3. Generate a key. */
91        ohResult = OH_Huks_GenerateKeyItem(&aliasBlob, testGenerateKeyParamSet, nullptr);
92    } while (0);
93    OH_Huks_FreeParamSet(&testGenerateKeyParamSet);
94    napi_value ret;
95    napi_create_int32(env, ohResult.errorCode, &ret);
96    return ret;
97}
98```
99