1# 明文导入密钥(ArkTS) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10分别以导入AES256、RSA2048和X25519密钥为例。具体的场景介绍及支持的算法规格,请参考[密钥导入支持的算法](huks-key-import-overview.md#支持的算法)。 11 12## 开发步骤 13 141. 指定密钥别名,密钥别名命名规范参考[密钥生成介绍及算法规格](huks-key-generation-overview.md)。 15 162. 封装密钥属性集和密钥材料。 17 - 密钥属性集同样与密钥生成中指定的密钥属性一致,须包含[HuksKeyAlg](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeyalg)、[HuksKeySize](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeysize)、[HuksKeyPurpose](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeypurpose)属性。 18 - 密钥材料须符合[HUKS密钥材料格式](huks-concepts.md#密钥材料格式),并以Uint8Array形式赋值给[HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)的inData字段。 19 203. 调用[huks.importKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksimportkeyitem9),传入密钥别名和密钥属性集,即可导入密钥。 21 22 HuksParam和HuksOptions的含义参考:[HuksParam](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksparam) 和 [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions) 23 24### 导入AES256密钥 25```ts 26/* 以下以导入AES256密钥的Callback操作使用为例。 */ 27import { huks } from '@kit.UniversalKeystoreKit'; 28import { BusinessError } from "@kit.BasicServicesKit"; 29 30/* 密钥材料。 */ 31let plainTextSize32 = new Uint8Array([ 32 0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca, 33 0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3, 0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9 34]); 35/* 1.确定密钥别名。 */ 36let keyAlias = 'AES256Alias_sample'; 37 38/* 2.封装密钥属性集和密钥材料。 */ 39let properties: Array<huks.HuksParam> = [{ 40 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 41 value: huks.HuksKeyAlg.HUKS_ALG_AES 42 }, { 43 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 44 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 45 }, { 46 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 47 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 48 }, 49] 50let options: huks.HuksOptions = { 51 properties: properties, 52 inData: plainTextSize32 53}; 54 55/* 3.明文导入密钥。 */ 56async function importKeyItem(keyAlias: string, huksOptions: huks.HuksOptions): Promise<boolean> { 57 console.info("promise: enter importKeyItem"); 58 let ret: boolean = false; 59 try { 60 await huks.importKeyItem(keyAlias, huksOptions) 61 .then(() => { 62 console.info(`promise: importKeyItem success`); 63 ret = true; 64 }).catch((error: BusinessError) => { 65 console.error(`promise: importKeyItem failedm errCode : ${error.code}, errMsg : ${error.message}`); 66 }) 67 } catch (error) { 68 console.error(`promise: importKeyItem input arg invalid`); 69 } 70 return ret; 71} 72 73async function testImport() { 74 let retImp = await importKeyItem(keyAlias, options); 75 if (retImp == false) { 76 console.error(`testImport failed`); 77 return; 78 } 79 console.info(`testImport success`); 80} 81``` 82### 导入RSA2048密钥对 83```ts 84/* 以下以导入RSA2048密钥的Callback操作使用为例。 */ 85import { huks } from '@kit.UniversalKeystoreKit'; 86import { BusinessError } from "@kit.BasicServicesKit"; 87 88let rsa2048KeyPairMaterial = new Uint8Array([ 89 0x01, 0x00, 0x00, 0x00, // 密钥算法(小端表示)huks.HuksKeyAlg.HUKS_ALG_RSA = 1。 90 0x00, 0x08, 0x00, 0x00, // 密钥大小(比特):2048。 91 0x00, 0x01, 0x00, 0x00, // 模数n长度(字节):256。 92 0x03, 0x00, 0x00, 0x00, // 公钥指数e长度(字节):3。 93 0x00, 0x01, 0x00, 0x00, // 私钥指数d长度(字节):256。 94 // 模数n。 95 0xc5, 0x35, 0x62, 0x48, 0xc4, 0x92, 0x87, 0x73, 0x0d, 0x42, 0x96, 0xfc, 0x7b, 0x11, 0x05, 0x06, 96 0x0f, 0x8d, 0x66, 0xc1, 0x0e, 0xad, 0x37, 0x44, 0x92, 0x95, 0x2f, 0x6a, 0x55, 0xba, 0xec, 0x1d, 97 0x54, 0x62, 0x0a, 0x4b, 0xd3, 0xc7, 0x05, 0xe4, 0x07, 0x40, 0xd9, 0xb7, 0xc2, 0x12, 0xcb, 0x9a, 98 0x90, 0xad, 0xe3, 0x24, 0xe8, 0x5e, 0xa6, 0xf8, 0xd0, 0x6e, 0xbc, 0xd1, 0x69, 0x7f, 0x6b, 0xe4, 99 0x2b, 0x4e, 0x1a, 0x65, 0xbb, 0x73, 0x88, 0x6b, 0x7c, 0xaf, 0x7e, 0xd0, 0x47, 0x26, 0xeb, 0xa5, 100 0xbe, 0xd6, 0xe8, 0xee, 0x9c, 0xa5, 0x66, 0xa5, 0xc9, 0xd3, 0x25, 0x13, 0xc4, 0x0e, 0x6c, 0xab, 101 0x50, 0xb6, 0x50, 0xc9, 0xce, 0x8f, 0x0a, 0x0b, 0xc6, 0x28, 0x69, 0xe9, 0x83, 0x69, 0xde, 0x42, 102 0x56, 0x79, 0x7f, 0xde, 0x86, 0x24, 0xca, 0xfc, 0xaa, 0xc0, 0xf3, 0xf3, 0x7f, 0x92, 0x8e, 0x8a, 103 0x12, 0x52, 0xfe, 0x50, 0xb1, 0x5e, 0x8c, 0x01, 0xce, 0xfc, 0x7e, 0xf2, 0x4f, 0x5f, 0x03, 0xfe, 104 0xa7, 0xcd, 0xa1, 0xfc, 0x94, 0x52, 0x00, 0x8b, 0x9b, 0x7f, 0x09, 0xab, 0xa8, 0xa4, 0xf5, 0xb4, 105 0xa5, 0xaa, 0xfc, 0x72, 0xeb, 0x17, 0x40, 0xa9, 0xee, 0xbe, 0x8f, 0xc2, 0xd1, 0x80, 0xc2, 0x0d, 106 0x44, 0xa9, 0x59, 0x44, 0x59, 0x81, 0x3b, 0x5d, 0x4a, 0xde, 0xfb, 0xae, 0x24, 0xfc, 0xa3, 0xd9, 107 0xbc, 0x57, 0x55, 0xc2, 0x26, 0xbc, 0x19, 0xa7, 0x9a, 0xc5, 0x59, 0xa3, 0xee, 0x5a, 0xef, 0x41, 108 0x80, 0x7d, 0xf8, 0x5e, 0xc1, 0x1d, 0x32, 0x38, 0x41, 0x5b, 0xb6, 0x92, 0xb8, 0xb7, 0x03, 0x0d, 109 0x3e, 0x59, 0x0f, 0x1c, 0xb3, 0xe1, 0x2a, 0x95, 0x1a, 0x3b, 0x50, 0x4f, 0xc4, 0x1d, 0xcf, 0x73, 110 0x7c, 0x14, 0xca, 0xe3, 0x0b, 0xa7, 0xc7, 0x1a, 0x41, 0x4a, 0xee, 0xbe, 0x1f, 0x43, 0xdd, 0xf9, 111 // 公钥指数e。 112 0x01, 0x00, 0x01, 113 // 私钥指数d。 114 0x88, 0x4b, 0x82, 0xe7, 0xe3, 0xe3, 0x99, 0x75, 0x6c, 0x9e, 0xaf, 0x17, 0x44, 0x3e, 0xd9, 0x07, 115 0xfd, 0x4b, 0xae, 0xce, 0x92, 0xc4, 0x28, 0x44, 0x5e, 0x42, 0x79, 0x08, 0xb6, 0xc3, 0x7f, 0x58, 116 0x2d, 0xef, 0xac, 0x4a, 0x07, 0xcd, 0xaf, 0x46, 0x8f, 0xb4, 0xc4, 0x43, 0xf9, 0xff, 0x5f, 0x74, 117 0x2d, 0xb5, 0xe0, 0x1c, 0xab, 0xf4, 0x6e, 0xd5, 0xdb, 0xc8, 0x0c, 0xfb, 0x76, 0x3c, 0x38, 0x66, 118 0xf3, 0x7f, 0x01, 0x43, 0x7a, 0x30, 0x39, 0x02, 0x80, 0xa4, 0x11, 0xb3, 0x04, 0xd9, 0xe3, 0x57, 119 0x23, 0xf4, 0x07, 0xfc, 0x91, 0x8a, 0xc6, 0xcc, 0xa2, 0x16, 0x29, 0xb3, 0xe5, 0x76, 0x4a, 0xa8, 120 0x84, 0x19, 0xdc, 0xef, 0xfc, 0xb0, 0x63, 0x33, 0x0b, 0xfa, 0xf6, 0x68, 0x0b, 0x08, 0xea, 0x31, 121 0x52, 0xee, 0x99, 0xef, 0x43, 0x2a, 0xbe, 0x97, 0xad, 0xb3, 0xb9, 0x66, 0x7a, 0xae, 0xe1, 0x8f, 122 0x57, 0x86, 0xe5, 0xfe, 0x14, 0x3c, 0x81, 0xd0, 0x64, 0xf8, 0x86, 0x1a, 0x0b, 0x40, 0x58, 0xc9, 123 0x33, 0x49, 0xb8, 0x99, 0xc6, 0x2e, 0x94, 0x70, 0xee, 0x09, 0x88, 0xe1, 0x5c, 0x4e, 0x6c, 0x22, 124 0x72, 0xa7, 0x2a, 0x21, 0xdd, 0xd7, 0x1d, 0xfc, 0x63, 0x15, 0x0b, 0xde, 0x06, 0x9c, 0xf3, 0x28, 125 0xf3, 0xac, 0x4a, 0xa8, 0xb5, 0x50, 0xca, 0x9b, 0xcc, 0x0a, 0x04, 0xfe, 0x3f, 0x98, 0x68, 0x81, 126 0xac, 0x24, 0x53, 0xea, 0x1f, 0x1c, 0x6e, 0x5e, 0xca, 0xe8, 0x31, 0x0d, 0x08, 0x12, 0xf3, 0x26, 127 0xf8, 0x5e, 0xeb, 0x10, 0x27, 0xae, 0xaa, 0xc3, 0xad, 0x6c, 0xc1, 0x89, 0xdb, 0x7d, 0x5a, 0x12, 128 0x55, 0xad, 0x11, 0x19, 0xa1, 0xa9, 0x8f, 0x0b, 0x6d, 0x78, 0x8d, 0x1c, 0xdf, 0xe5, 0x63, 0x82, 129 0x0b, 0x7d, 0x23, 0x04, 0xb4, 0x75, 0x8c, 0xed, 0x77, 0xfc, 0x1a, 0x85, 0x29, 0x11, 0xe0, 0x61, 130]); 131 132/* 1.确定密钥别名。 */ 133let keyAlias = 'RSA_sample'; 134/* 2.封装密钥属性集和密钥材料。 */ 135let properties: Array<huks.HuksParam> = [{ 136 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 137 value: huks.HuksKeyAlg.HUKS_ALG_RSA 138 }, { 139 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 140 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 141 }, { 142 // 此tag表示密钥导入后的用途,导入后将不可更改。 143 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 144 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 145 }, { 146 // 此tag表示需导入的密钥类型。 147 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 148 // 此value表示导入密钥对,若改为HUKS_KEY_TYPE_PUBLIC_KEY时表示仅导入公钥。 149 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR 150 }, 151] 152let options: huks.HuksOptions = { 153 properties: properties, 154 inData: rsa2048KeyPairMaterial 155}; 156 157/* 3.明文导入密钥。 */ 158async function importKeyItem(keyAlias: string, huksOptions: huks.HuksOptions): Promise<boolean> { 159 console.info("promise: enter importKeyItem"); 160 let ret: boolean = false; 161 try { 162 await huks.importKeyItem(keyAlias, huksOptions) 163 .then(() => { 164 console.info(`promise: importKeyItem success`); 165 ret = true; 166 }).catch((error: BusinessError) => { 167 console.error(`promise: importKeyItem failedm errCode : ${error.code}, errMsg : ${error.message}`); 168 }) 169 } catch (error) { 170 console.error(`promise: importKeyItem input arg invalid`); 171 } 172 return ret; 173} 174 175async function testImport() { 176 let retImp = await importKeyItem(keyAlias, options); 177 if (retImp == false) { 178 console.error(`testImport failed`); 179 return; 180 } 181 console.info(`testImport success`); 182} 183``` 184### 导入X25519密钥公钥 185```ts 186/* 以下以导入X25519密钥的Callback操作使用为例。 */ 187import { huks } from '@kit.UniversalKeystoreKit'; 188import { BusinessError } from "@kit.BasicServicesKit"; 189 190// X25519的公钥数据。X25519密钥对中的私钥和公钥都是32字节(256位),关于算法原理请自行参考相关密钥学资料。 191let x25519KeyPubMaterial = new Uint8Array([ 192 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00, 0xD2, 0x36, 0x9E, 0xCF, 193 0xF0, 0x61, 0x5B, 0x73, 0xCE, 0x4F, 0xF0, 0x40, 0x2B, 0x89, 0x18, 0x3E, 0x06, 0x33, 0x60, 0xC6 194]); 195 196/* 1.确定密钥别名。 */ 197let keyAlias = 'X25519_Pub_import_sample'; 198/* 2.封装密钥属性集和密钥材料。 */ 199let properties: Array<huks.HuksParam> = [{ 200 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 201 value: huks.HuksKeyAlg.HUKS_ALG_X25519 202 }, { 203 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 204 value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256 205 }, { 206 // 此tag表示密钥导入后的用途,导入后将不可更改。 207 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 208 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 209 }, { 210 // 此tag表示需导入的密钥类型。 211 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 212 // 此value表示导入密钥的公钥,若改为HUKS_KEY_TYPE_KEY_PAIR时表示导入密钥对。 213 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_PUBLIC_KEY 214 }, 215] 216let options: huks.HuksOptions = { 217 properties: properties, 218 inData: x25519KeyPubMaterial 219}; 220 221/* 3.明文导入密钥。 */ 222async function importKeyItem(keyAlias: string, huksOptions: huks.HuksOptions): Promise<boolean> { 223 console.info("promise: enter importKeyItem"); 224 let ret: boolean = false; 225 try { 226 await huks.importKeyItem(keyAlias, huksOptions) 227 .then(() => { 228 console.info(`promise: importKeyItem success`); 229 ret = true; 230 }).catch((error: BusinessError) => { 231 console.error(`promise: importKeyItem failedm errCode : ${error.code}, errMsg : ${error.message}`); 232 }) 233 } catch (error) { 234 console.error(`promise: importKeyItem input arg invalid`); 235 } 236 return ret; 237} 238 239async function testImport() { 240 let retImp = await importKeyItem(keyAlias, options); 241 if (retImp == false) { 242 console.error(`testImport failed`); 243 return; 244 } 245 console.info(`testImport success`); 246} 247``` 248## 调测验证 249 250调用[huks.isKeyItemExist](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksiskeyitemexist9)验证密钥是否存在,如密钥存在即表示密钥导入成功。 251 252```ts 253import { huks } from '@kit.UniversalKeystoreKit'; 254import { BusinessError } from "@kit.BasicServicesKit"; 255 256let keyAlias = 'AES256Alias_sample'; 257let keyProperties: Array<huks.HuksParam> = [{ 258 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 259 value: huks.HuksKeyAlg.HUKS_ALG_AES 260 } 261] 262let huksOptions: huks.HuksOptions = { 263 properties: keyProperties, // 非空填充。 264 inData: new Uint8Array(new Array()) // 非空填充。 265} 266 267async function isKeyItemExist(keyAlias: string, options: huks.HuksOptions): Promise<boolean> { 268 console.info(`promise: enter isKeyItemExist success`); 269 let ret: boolean = false; 270 try { 271 await huks.isKeyItemExist(keyAlias, options) 272 .then((data) => { 273 console.info(`promise: isKeyItemExist success, data = ${data}`); 274 ret = true; 275 }).catch((error: BusinessError) => { 276 console.error(`promise: isKeyItemExist success, errCode : ${error.code}, errMsg : ${error.message}`); 277 }) 278 } catch (error) { 279 console.error(`promise: isKeyItemExist input arg invalid`); 280 } 281 return ret; 282} 283 284async function testImportKeyExist() { 285 let retExist = await isKeyItemExist(keyAlias, huksOptions); 286 if (retExist == false) { 287 console.error(`testImportKeyExistd failed`); 288 return; 289 } 290 console.info(`testImportKeyExistd success`); 291} 292```