• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 匿名密钥证明(ArkTS)
2
3<!--Kit: Universal Keystore Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @wutiantian-gitee-->
6<!--Designer: @HighLowWorld-->
7<!--Tester: @wxy1234564846-->
8<!--Adviser: @zengyawen-->
9
10在使用本功能时,需确保网络通畅。
11
12## 开发步骤
13
141. 指定密钥别名,密钥别名命名规范参考[密钥生成介绍及算法规格](huks-key-generation-overview.md)。
15
162. 初始化参数集。
17
18   [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。
19
203. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。
21
224. 将密钥别名与参数集作为参数传入[anonAttestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksanonattestkeyitem11)方法中,即可证明密钥。
23
24```ts
25/*
26 * 以下以anonAttestKey的Promise接口操作验证为例
27 */
28import { huks } from '@kit.UniversalKeystoreKit';
29import { BusinessError } from "@kit.BasicServicesKit";
30
31function StringToUint8Array(str: string) {
32  let arr: number[] = [];
33  for (let i = 0, j = str.length; i < j; ++i) {
34    arr.push(str.charCodeAt(i));
35  }
36  return new Uint8Array(arr);
37}
38
39/* 1.确定密钥别名 */
40let keyAliasString = "key anon attest";
41let aliasUint8 = StringToUint8Array(keyAliasString);
42let securityLevel = StringToUint8Array('sec_level');
43let challenge = StringToUint8Array('challenge_data');
44let versionInfo = StringToUint8Array('version_info');
45let anonAttestCertChain: Array<string>;
46
47/* 封装生成时的密钥参数集 */
48let genKeyProperties: Array<huks.HuksParam> = [{
49    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
50    value: huks.HuksKeyAlg.HUKS_ALG_RSA
51  }, {
52    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
53    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
54  }, {
55    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
56    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
57  }, {
58    tag: huks.HuksTag.HUKS_TAG_DIGEST,
59    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
60  }, {
61    tag: huks.HuksTag.HUKS_TAG_PADDING,
62    value: huks.HuksKeyPadding.HUKS_PADDING_PSS
63  }, {
64    tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
65    value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
66  }, {
67    tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
68    value: huks.HuksCipherMode.HUKS_MODE_ECB
69  }
70]
71let genOptions: huks.HuksOptions = {
72  properties: genKeyProperties
73};
74
75/* 2.封装证明密钥的参数集 */
76let anonAttestKeyProperties: Array<huks.HuksParam> = [{
77    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
78    value: securityLevel
79  }, {
80    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
81    value: challenge
82  }, {
83    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
84    value: versionInfo
85  }, {
86    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
87    value: aliasUint8
88  }
89]
90let huksOptions: huks.HuksOptions = {
91  properties: anonAttestKeyProperties
92};
93
94/* 3.生成密钥 */
95async function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions) {
96  console.info(`promise: enter generateKeyItem`);
97  try {
98    await huks.generateKeyItem(keyAlias, huksOptions)
99      .then(() => {
100        console.info(`promise: generateKeyItem success`);
101      }).catch((error: BusinessError) => {
102        console.error(`promise: generateKeyItem failed, errCode : ${error.code}, errMsg : ${error.message}`);
103      })
104  } catch (error) {
105    console.error(`promise: generateKeyItem input arg invalid`);
106  }
107}
108
109/* 4.证明密钥 */
110async function anonAttestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions) {
111  console.info(`enter promise anonAttestKeyItem`);
112  try {
113    await huks.anonAttestKeyItem(keyAlias, huksOptions)
114      .then((data) => {
115        if (data !== null && data.certChains !== null) {
116          anonAttestCertChain = data.certChains as string[];
117        }
118        console.info(`promise: anonAttestKeyItem success, anonAttestCertChain = ${anonAttestCertChain}`);
119      }).catch((error: BusinessError) => {
120        console.error(`promise: anonAttestKeyItem failed, errCode : ${error.code}, errMsg : ${error.message}`);
121      })
122  } catch (error) {
123    console.error(`promise: anonAttestKeyItem input arg invalid`);
124  }
125}
126
127async function AnonAttestKeyTest() {
128  await generateKeyItem(keyAliasString, genOptions);
129  await anonAttestKeyItem(keyAliasString, huksOptions);
130  console.info('anon attest certChain data: ' + anonAttestCertChain)
131}
132```