1# Introduction to Universal Keystore Kit 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10Universal Keystore Kit (referred to as HUKS) provides applications and services with unified secure key operations, including key management (key generation/destruction, key import, key attestation, key agreement, and key derivation) and key use (encryption/decryption, signing/signature verification, and access control). 11 12The keys managed by HUKS can be imported by a service or an application or generated by invoking HUKS APIs. HUKS also provides the key access control, which ensures secure and authorized access to the keys in HUKS. 13 14## HUKS Architecture 15 16The HUKS module consists of the following: 17 18- SDK: provides key management APIs. You can use ArkTS or C APIs based on your services. 19 20- HUKS service layer: implements key session management and storage management. 21 22- HUKS core layer: implements core functionalities, including cryptographic operations, encryption and decryption, and key access control. 23 > **NOTE** 24 > The HUKS core layer must run in a secure environment, such as the [TEE](huks-concepts.md) or secure chipset of a system or device. The secure environment depends on the hardware. The implementation in the open source repository is simulated, and subject to adaptation by OEM vendors. 25 26 27 28## Core Functionalities 29 30HUKS provides the following key management functionalities throughout their lifecycle. 31 32### Key Generation 33 34| Functionality| Description| 35| -------- | -------- | 36| **[Key generation](huks-key-generation-overview.md)**| Generates a key randomly. During the lifecycle of the key, the plaintext of the key can be accessed only in the secure environment and cannot be exposed out of the secure environment.| 37| **[Key import](huks-key-import-overview.md)**| Imports an externally generated key to HUKS for management.| 38 39### Key Use 40 41| Functionality| Description| 42| -------- | -------- | 43| [Encryption/Decryption](huks-encryption-decryption-overview.md)| Encrypts plaintext into ciphertext using a key, or decrypts ciphertext into plaintext using a key.| 44| **[Signing/Signature Verification](huks-signing-signature-verification-overview.md)**| Generates a digital signature, which confirms the data authenticity (the message came from the stated sender).| 45| **[Key agreement](huks-key-agreement-overview.md)**| Allows two or more parties to jointly establish a shared key in a non-secure environment.| 46| **[Key derivation](huks-key-derivation-overview.md)**| Derives one or more secrete keys from a key.| 47| **[Access control](huks-identity-authentication-overview.md)**| Prevents unauthorized access to the keys in HUKS.| 48 49### Key Deletion 50 51| Functionality| Description| 52| -------- | -------- | 53| **[Key deletion](huks-delete-key-arkts.md)**| Securely deletes key data from HUKS.| 54 55### Key Attestation 56 57| Functionality| Description| 58| -------- | -------- | 59| **[Key attestation](huks-key-attestation-overview.md)**| Issues a certificate for the public key in an asymmetric key pair stored in HUKS to prove the validity of the key (the key is generated in a secure environment).| 60 61## Related Kits 62 63[Key access control based on user identity authentication](huks-identity-authentication-overview.md) depends on [User Authentication Kit](../UserAuthenticationKit/user-authentication-overview.md). 64
