1# @ohos.security.huks (HUKS) 2 3The **HUKS** module provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations. 4The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs. 5 6> **NOTE** 7> 8> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 9 10## Modules to Import 11 12```ts 13import huks from '@ohos.security.huks' 14``` 15 16## HuksParam 17 18Defines the **param** in the **properties** array of **options** used in the APIs. 19 20**System capability**: SystemCapability.Security.Huks.Core 21 22| Name| Type | Mandatory| Description | 23| ------ | ----------------------------------- | ---- | ------------ | 24| tag | [HuksTag](#hukstag) | Yes | Tag. | 25| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.| 26 27## HuksOptions 28 29Defines the **options** used in the APIs. 30 31**System capability**: SystemCapability.Security.Huks.Core 32 33| Name | Type | Mandatory| Description | 34| ---------- | ----------------- | ---- | ------------------------ | 35| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.| 36| inData | Uint8Array | No | Input data. | 37 38## HuksSessionHandle<sup>9+</sup> 39 40Defines the HUKS handle structure. 41 42**System capability**: SystemCapability.Security.Huks.Core 43 44| Name | Type | Mandatory| Description | 45| --------- | ---------- | ---- | ---------------------------------------------------- | 46| handle | number | Yes | Value of the handle. | 47| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.| 48 49## HuksReturnResult<sup>9+</sup> 50 51Defines the **HuksResult** struct. 52 53**System capability**: SystemCapability.Security.Huks.Core 54 55 56 57| Name | Type | Mandatory| Description | 58| ---------- | ------------------------------- | ---- | ---------------- | 59| outData | Uint8Array | No | Output data. | 60| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 61| certChains | Array\<string> | No | Certificate chain information.| 62 63 64## huks.generateKeyItem<sup>9+</sup> 65 66generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 67 68Generates a key. This API uses an asynchronous callback to return the result. 69 70**System capability**: SystemCapability.Security.Huks.Core 71 72**Parameters** 73 74| Name | Type | Mandatory| Description | 75| -------- | --------------------------- | ---- | --------------------------------------------- | 76| keyAlias | string | Yes | Alias of the key. | 77| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 78| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If no error is captured, the key is successfully generated. In this case, the API does not return the key content because the key is always protected in a TEE. If an error is captured, an exception occurs in the generation process.| 79 80**Error codes** 81 82For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 83 84| ID| Error Message | 85| -------- | ------------- | 86| 401 | argument is invalid. | 87| 801 | api is not supported. | 88| 12000001 | algorithm mode is not supported. | 89| 12000002 | algorithm param is missing. | 90| 12000003 | algorithm param is invalid. | 91| 12000004 | operating file failed. | 92| 12000005 | IPC communication failed. | 93| 12000006 | error occured in crypto engine. | 94| 12000012 | external error. | 95| 12000013 | queried credential does not exist. | 96| 12000014 | memory is insufficient. | 97| 12000015 | call service failed. | 98 99**Example** 100 101```ts 102import huks from '@ohos.security.huks'; 103/* Generate an ECC key of 256 bits. */ 104class HuksProperties { 105 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 106 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 107} 108let keyAlias: string = 'keyAlias'; 109let properties: HuksProperties[] = [ 110 { 111 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 112 value: huks.HuksKeyAlg.HUKS_ALG_ECC 113 }, 114 { 115 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 116 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 117 }, 118 { 119 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 120 value: 121 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 122 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 123 }, 124 { 125 tag: huks.HuksTag.HUKS_TAG_DIGEST, 126 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 127 }, 128]; 129let options: huks.HuksOptions = { 130 properties: properties 131}; 132try { 133 huks.generateKeyItem(keyAlias, options, (error, data) => { 134 if (error) { 135 console.error(`callback: generateKeyItem failed`); 136 } else { 137 console.info(`callback: generateKeyItem key success`); 138 } 139 }); 140} catch (error) { 141 console.error(`callback: generateKeyItem input arg invalid`); 142} 143``` 144 145## huks.generateKeyItem<sup>9+</sup> 146 147generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 148 149Generates a key. This API uses a promise to return the result. Because the key is always protected in an trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 150 151**System capability**: SystemCapability.Security.Huks.Extension 152 153**Parameters** 154 155| Name | Type | Mandatory| Description | 156| -------- | --------------------------- | ---- | ------------------------ | 157| keyAlias | string | Yes | Alias of the key. | 158| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 159 160**Error codes** 161 162For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 163 164| ID| Error Message | 165| -------- | ------------- | 166| 401 | argument is invalid. | 167| 801 | api is not supported. | 168| 12000001 | algorithm mode is not supported. | 169| 12000002 | algorithm param is missing. | 170| 12000003 | algorithm param is invalid. | 171| 12000004 | operating file failed. | 172| 12000005 | IPC communication failed. | 173| 12000006 | error occured in crypto engine. | 174| 12000012 | external error. | 175| 12000013 | queried credential does not exist. | 176| 12000014 | memory is insufficient. | 177| 12000015 | call service failed. | 178 179**Example** 180 181```ts 182/* Generate an ECC key of 256 bits. */ 183import huks from '@ohos.security.huks'; 184import { BusinessError } from '@ohos.base'; 185class HuksProperties { 186 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 187 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 188} 189let keyAlias = 'keyAlias'; 190let properties: HuksProperties[] = [ 191 { 192 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 193 value: huks.HuksKeyAlg.HUKS_ALG_ECC 194 }, 195 { 196 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 197 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 198 }, 199 { 200 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 201 value: 202 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 203 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 204 }, 205 { 206 tag: huks.HuksTag.HUKS_TAG_DIGEST, 207 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 208 }, 209]; 210let options: huks.HuksOptions = { 211 properties: properties 212}; 213try { 214 huks.generateKeyItem(keyAlias, options) 215 .then((data) => { 216 console.info(`promise: generateKeyItem success`); 217 }) 218 .catch((error: BusinessError) => { 219 console.error(`promise: generateKeyItem failed`); 220 }); 221} catch (error) { 222 console.error(`promise: generateKeyItem input arg invalid`); 223} 224``` 225 226## huks.deleteKeyItem<sup>9+</sup> 227 228deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 229 230Deletes a key. This API uses an asynchronous callback to return the result. 231 232**System capability**: SystemCapability.Security.Huks.Core 233 234**Parameters** 235 236| Name | Type | Mandatory| Description | 237| -------- | --------------------------- | ---- | --------------------------------------------- | 238| keyAlias | string | Yes | Key alias passed in when the key was generated. | 239| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 240| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 241 242**Error codes** 243 244For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 245 246| ID| Error Message | 247| -------- | ------------- | 248| 401 | argument is invalid. | 249| 801 | api is not supported. | 250| 12000004 | operating file failed. | 251| 12000005 | IPC communication failed. | 252| 12000011 | queried entity does not exist. | 253| 12000012 | external error. | 254| 12000014 | memory is insufficient. | 255 256**Example** 257 258```ts 259import huks from '@ohos.security.huks'; 260/* Set options to emptyOptions. */ 261let keyAlias = 'keyAlias'; 262let emptyOptions: huks.HuksOptions = { 263 properties: [] 264}; 265try { 266 huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => { 267 if (error) { 268 console.error(`callback: deleteKeyItem failed`); 269 } else { 270 console.info(`callback: deleteKeyItem key success`); 271 } 272 }); 273} catch (error) { 274 console.error(`callback: deleteKeyItem input arg invalid`); 275} 276``` 277 278## huks.deleteKeyItem<sup>9+</sup> 279 280deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 281 282Deletes a key. This API uses a promise to return the result. 283 284**System capability**: SystemCapability.Security.Huks.Extension 285 286**Parameters** 287 288| Name | Type | Mandatory| Description | 289| -------- | --------------------------- | ---- | ----------------------------------- | 290| keyAlias | string | Yes | Key alias passed in when the key was generated.| 291| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 292 293**Error codes** 294 295For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 296 297| ID| Error Message | 298| -------- | ------------- | 299| 401 | argument is invalid. | 300| 801 | api is not supported. | 301| 12000004 | operating file failed. | 302| 12000005 | IPC communication failed. | 303| 12000011 | queried entity does not exist. | 304| 12000012 | external error. | 305| 12000014 | memory is insufficient. | 306 307**Example** 308 309```ts 310import huks from '@ohos.security.huks'; 311import { BusinessError } from '@ohos.base'; 312/* Set options to emptyOptions. */ 313let keyAlias = 'keyAlias'; 314let emptyOptions: huks.HuksOptions = { 315 properties: [] 316}; 317try { 318 huks.deleteKeyItem(keyAlias, emptyOptions) 319 .then ((data) => { 320 console.info(`promise: deleteKeyItem key success`); 321 }) 322 .catch((error: BusinessError) => { 323 console.error(`promise: deleteKeyItem failed`); 324 }); 325} catch (error) { 326 console.error(`promise: deleteKeyItem input arg invalid`); 327} 328``` 329 330## huks.getSdkVersion 331 332getSdkVersion(options: HuksOptions) : string 333 334Obtains the SDK version of the current system. 335 336**System capability**: SystemCapability.Security.Huks.Extension 337 338**Parameters** 339 340| Name | Type | Mandatory| Description | 341| ------- | ---------- | ---- | ------------------------- | 342| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.| 343 344**Return value** 345 346| Type | Description | 347| ------ | ------------- | 348| string | SDK version obtained.| 349 350**Example** 351 352```ts 353import huks from '@ohos.security.huks'; 354/* Set options to emptyOptions. */ 355let emptyOptions: huks.HuksOptions = { 356 properties: [] 357}; 358let result = huks.getSdkVersion(emptyOptions); 359``` 360 361## huks.importKeyItem<sup>9+</sup> 362 363importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 364 365Imports a key in plaintext. This API uses an asynchronous callback to return the result. 366 367**System capability**: SystemCapability.Security.Huks.Extension 368 369**Parameters** 370 371| Name | Type | Mandatory| Description | 372| -------- | --------------------------- | ---- | --------------------------------------------- | 373| keyAlias | string | Yes | Alias of the key. | 374| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 375| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 376 377**Error codes** 378 379For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 380 381| ID| Error Message | 382| -------- | ------------- | 383| 401 | argument is invalid. | 384| 801 | api is not supported. | 385| 12000001 | algorithm mode is not supported. | 386| 12000002 | algorithm param is missing. | 387| 12000003 | algorithm param is invalid. | 388| 12000004 | operating file failed. | 389| 12000005 | IPC communication failed. | 390| 12000006 | error occured in crypto engine. | 391| 12000011 | queried entity does not exist. | 392| 12000012 | external error. | 393| 12000013 | queried credential does not exist. | 394| 12000014 | memory is insufficient. | 395| 12000015 | call service failed. | 396 397**Example** 398 399```ts 400import huks from '@ohos.security.huks'; 401/* Import an AES key of 256 bits. */ 402class HuksProperties { 403 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 404 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding | 405 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 406} 407let plainTextSize32 = makeRandomArr(32); 408function makeRandomArr(size: number) { 409 let arr = new Uint8Array(size); 410 for (let i = 0; i < size; i++) { 411 arr[i] = Math.floor(Math.random() * 10); 412 } 413 return arr; 414}; 415let keyAlias = 'keyAlias'; 416let properties: HuksProperties[] = [ 417 { 418 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 419 value: huks.HuksKeyAlg.HUKS_ALG_AES 420 }, 421 { 422 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 423 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 424 }, 425 { 426 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 427 value: 428 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 429 }, 430 { 431 tag: huks.HuksTag.HUKS_TAG_PADDING, 432 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 433 }, 434 { 435 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 436 value: huks.HuksCipherMode.HUKS_MODE_ECB 437 } 438]; 439let options: huks.HuksOptions = { 440 properties: properties, 441 inData: plainTextSize32 442}; 443try { 444 huks.importKeyItem(keyAlias, options, (error, data) => { 445 if (error) { 446 console.error(`callback: importKeyItem failed`); 447 } else { 448 console.info(`callback: importKeyItem success`); 449 } 450 }); 451} catch (error) { 452 console.error(`callback: importKeyItem input arg invalid`); 453} 454``` 455 456## huks.importKeyItem<sup>9+</sup> 457 458importKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 459 460Imports a key in plaintext. This API uses a promise to return the result. 461 462**System capability**: SystemCapability.Security.Huks.Extension 463 464**Parameters** 465 466| Name | Type | Mandatory| Description | 467| -------- | --------------------------- | ---- | ----------------------------------- | 468| keyAlias | string | Yes | Alias of the key. | 469| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 470 471**Error codes** 472 473For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 474 475| ID| Error Message | 476| -------- | ------------- | 477| 401 | argument is invalid. | 478| 801 | api is not supported. | 479| 12000001 | algorithm mode is not supported. | 480| 12000002 | algorithm param is missing. | 481| 12000003 | algorithm param is invalid. | 482| 12000004 | operating file failed. | 483| 12000005 | IPC communication failed. | 484| 12000006 | error occured in crypto engine. | 485| 12000011 | queried entity does not exist. | 486| 12000012 | external error. | 487| 12000013 | queried credential does not exist. | 488| 12000014 | memory is insufficient. | 489| 12000015 | call service failed. | 490 491**Example** 492 493```ts 494import huks from '@ohos.security.huks'; 495import { BusinessError } from '@ohos.base'; 496/* Import an AES key of 128 bits. */ 497class HuksProperties { 498 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 499 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding | 500 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 501} 502let plainTextSize32 = makeRandomArr(32); 503function makeRandomArr(size: number) { 504 let arr = new Uint8Array(size); 505 for (let i = 0; i < size; i++) { 506 arr[i] = Math.floor(Math.random() * 10); 507 } 508 return arr; 509}; 510/* Step 1 Generate a key. */ 511let keyAlias = 'keyAlias'; 512let properties: HuksProperties[] = [ 513 { 514 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 515 value: huks.HuksKeyAlg.HUKS_ALG_AES 516 }, 517 { 518 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 519 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 520 }, 521 { 522 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 523 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 524 }, 525 { 526 tag: huks.HuksTag.HUKS_TAG_PADDING, 527 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 528 }, 529 { 530 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 531 value: huks.HuksCipherMode.HUKS_MODE_ECB 532 } 533]; 534let huksoptions: huks.HuksOptions = { 535 properties: properties, 536 inData: plainTextSize32 537}; 538try { 539 huks.importKeyItem(keyAlias, huksoptions) 540 .then((data) => { 541 console.info(`promise: importKeyItem success`); 542 }) 543 .catch((error: BusinessError) => { 544 console.error(`promise: importKeyItem failed`); 545 }); 546} catch (error) { 547 console.error(`promise: importKeyItem input arg invalid`); 548} 549``` 550 551## huks.attestKeyItem<sup>9+</sup> 552 553attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 554 555Obtains the certificate used to verify a key. This API uses an asynchronous callback to return the result. 556 557**System capability**: SystemCapability.Security.Huks.Extension 558 559**Parameters** 560 561| Name | Type | Mandatory| Description | 562| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 563| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 564| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 565| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 566 567**Error codes** 568 569For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 570 571| ID| Error Message | 572| -------- | ------------- | 573| 201 | check permission failed. | 574| 401 | argument is invalid. | 575| 801 | api is not supported. | 576| 12000001 | algorithm mode is not supported. | 577| 12000002 | algorithm param is missing. | 578| 12000003 | algorithm param is invalid. | 579| 12000004 | operating file failed. | 580| 12000005 | IPC communication failed. | 581| 12000006 | error occured in crypto engine. | 582| 12000011 | queried entity does not exist. | 583| 12000012 | external error. | 584| 12000014 | memory is insufficient. | 585 586**Example** 587 588```ts 589import huks from '@ohos.security.huks'; 590class HuksProperties { 591 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 592 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 593 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 594 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 595} 596let securityLevel = stringToUint8Array('sec_level'); 597let challenge = stringToUint8Array('challenge_data'); 598let versionInfo = stringToUint8Array('version_info'); 599let keyAliasString = "key attest"; 600function stringToUint8Array(str: string) { 601 let arr: number[] = []; 602 for (let i = 0, j = str.length; i < j; ++i) { 603 arr.push(str.charCodeAt(i)); 604 } 605 let tmpUint8Array = new Uint8Array(arr); 606 return tmpUint8Array; 607} 608 609async function generateKeyThenattestKey(alias: string) { 610 let aliasString = keyAliasString; 611 let aliasUint8 = stringToUint8Array(aliasString); 612 let generateProperties: HuksProperties[] = [ 613 { 614 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 615 value: huks.HuksKeyAlg.HUKS_ALG_RSA 616 }, 617 { 618 tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, 619 value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT 620 }, 621 { 622 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 623 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 624 }, 625 { 626 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 627 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 628 }, 629 { 630 tag: huks.HuksTag.HUKS_TAG_DIGEST, 631 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 632 }, 633 { 634 tag: huks.HuksTag.HUKS_TAG_PADDING, 635 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 636 }, 637 { 638 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 639 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 640 }, 641 { 642 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 643 value: huks.HuksCipherMode.HUKS_MODE_ECB 644 } 645 ]; 646 let generateOptions: huks.HuksOptions = { 647 properties: generateProperties 648 }; 649 let attestProperties: HuksProperties[] = [ 650 { 651 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 652 value: securityLevel 653 }, 654 { 655 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 656 value: challenge 657 }, 658 { 659 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 660 value: versionInfo 661 }, 662 { 663 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 664 value: aliasUint8 665 } 666 ]; 667 let attestOptions: huks.HuksOptions = { 668 properties: attestProperties 669 }; 670 try { 671 huks.generateKeyItem(alias, generateOptions, (error, data) => { 672 if (error) { 673 console.error(`callback: generateKeyItem failed`); 674 } else { 675 console.info(`callback: generateKeyItem success`); 676 try { 677 huks.attestKeyItem(aliasString, attestOptions, (error, data) => { 678 if (error) { 679 console.error(`callback: attestKeyItem failed`); 680 } else { 681 console.info(`callback: attestKeyItem success`); 682 } 683 }); 684 } catch (error) { 685 console.error(`callback: attestKeyItem input arg invalid`); 686 } 687 } 688 }); 689 } catch (error) { 690 console.error(`callback: generateKeyItem input arg invalid`); 691 } 692} 693``` 694 695## huks.attestKeyItem<sup>9+</sup> 696 697attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 698 699Obtains the certificate used to verify a key. This API uses a promise to return the result. 700 701**System capability**: SystemCapability.Security.Huks.Extension 702 703**Parameters** 704 705| Name | Type | Mandatory| Description | 706| -------- | --------------------------- | ---- | ------------------------------------ | 707| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 708| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 709 710**Return value** 711 712| Type | Description | 713| ---------------------------------------------- | --------------------------------------------- | 714| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 715 716**Error codes** 717 718For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 719 720| ID| Error Message | 721| -------- | ------------- | 722| 201 | check permission failed. | 723| 401 | argument is invalid. | 724| 801 | api is not supported. | 725| 12000001 | algorithm mode is not supported. | 726| 12000002 | algorithm param is missing. | 727| 12000003 | algorithm param is invalid. | 728| 12000004 | operating file failed. | 729| 12000005 | IPC communication failed. | 730| 12000006 | error occured in crypto engine. | 731| 12000011 | queried entity does not exist. | 732| 12000012 | external error. | 733| 12000014 | memory is insufficient. | 734 735**Example** 736 737```ts 738import huks from '@ohos.security.huks'; 739import { BusinessError } from '@ohos.base'; 740class HuksProperties { 741 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 742 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 743 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 744 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 745} 746let securityLevel = stringToUint8Array('sec_level'); 747let challenge = stringToUint8Array('challenge_data'); 748let versionInfo = stringToUint8Array('version_info'); 749let keyAliasString = "key attest"; 750function stringToUint8Array(str: string) { 751 let arr: number[] = []; 752 for (let i = 0, j = str.length; i < j; ++i) { 753 arr.push(str.charCodeAt(i)); 754 } 755 let tmpUint8Array = new Uint8Array(arr); 756 return tmpUint8Array; 757} 758async function generateKey(alias: string) { 759 let properties: HuksProperties[] = [ 760 { 761 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 762 value: huks.HuksKeyAlg.HUKS_ALG_RSA 763 }, 764 { 765 tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, 766 value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT 767 }, 768 { 769 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 770 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 771 }, 772 { 773 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 774 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 775 }, 776 { 777 tag: huks.HuksTag.HUKS_TAG_DIGEST, 778 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 779 }, 780 { 781 tag: huks.HuksTag.HUKS_TAG_PADDING, 782 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 783 }, 784 { 785 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 786 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 787 }, 788 { 789 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 790 value: huks.HuksCipherMode.HUKS_MODE_ECB 791 } 792 ]; 793 let options: huks.HuksOptions = { 794 properties: properties 795 }; 796 try { 797 await huks.generateKeyItem(alias, options) 798 .then((data) => { 799 console.info(`promise: generateKeyItem success`); 800 }) 801 .catch((error: BusinessError) => { 802 console.error(`promise: generateKeyItem failed`); 803 }); 804 } catch (error) { 805 console.error(`promise: generateKeyItem input arg invalid`); 806 } 807} 808async function attestKey() { 809 let aliasString = keyAliasString; 810 let aliasUint8 = stringToUint8Array(aliasString); 811 let properties: HuksProperties[] = [ 812 { 813 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 814 value: securityLevel 815 }, 816 { 817 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 818 value: challenge 819 }, 820 { 821 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 822 value: versionInfo 823 }, 824 { 825 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 826 value: aliasUint8 827 } 828 ]; 829 let options: huks.HuksOptions = { 830 properties: properties 831 }; 832 await generateKey(aliasString); 833 try { 834 await huks.attestKeyItem(aliasString, options) 835 .then((data) => { 836 console.info(`promise: attestKeyItem success`); 837 }) 838 .catch((error: BusinessError) => { 839 console.error(`promise: attestKeyItem failed`); 840 }); 841 } catch (error) { 842 console.error(`promise: attestKeyItem input arg invalid`); 843 } 844} 845``` 846 847## huks.importWrappedKeyItem<sup>9+</sup> 848 849importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 850 851Imports a wrapped key. This API uses an asynchronous callback to return the result. 852 853**System capability**: SystemCapability.Security.Huks.Extension 854 855**Parameters** 856 857| Name | Type | Mandatory| Description | 858| ---------------- | --------------------------- | ---- | --------------------------------------------- | 859| keyAlias | string | Yes | Alias of the wrapped key to import. | 860| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 861| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 862| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 863 864**Error codes** 865 866For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 867 868| ID| Error Message | 869| -------- | ------------- | 870| 401 | argument is invalid. | 871| 801 | api is not supported. | 872| 12000001 | algorithm mode is not supported. | 873| 12000002 | algorithm param is missing. | 874| 12000003 | algorithm param is invalid. | 875| 12000004 | operating file failed. | 876| 12000005 | IPC communication failed. | 877| 12000006 | error occured in crypto engine. | 878| 12000011 | queried entity does not exist. | 879| 12000012 | external error. | 880| 12000013 | queried credential does not exist. | 881| 12000014 | memory is insufficient. | 882| 12000015 | call service failed. | 883 884**Example** 885 886```ts 887import huks from '@ohos.security.huks'; 888import { BusinessError } from '@ohos.base'; 889class HuksProperties { 890 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 891 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 892 huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksUnwrapSuite | 893 huks.HuksCipherMode | huks.HuksImportKeyType = huks.HuksKeyAlg.HUKS_ALG_ECC 894} 895let alias1 = "importAlias"; 896let alias2 = "wrappingKeyAlias"; 897async function TestGenFunc(alias: string, options: huks.HuksOptions) { 898 try { 899 await genKey(alias, options) 900 .then((data) => { 901 console.info(`callback: generateKeyItem success`); 902 }) 903 .catch((error: BusinessError) => { 904 console.error(`callback: generateKeyItem failed`); 905 }); 906 } catch (error) { 907 console.error(`callback: generateKeyItem input arg invalid`); 908 } 909} 910function genKey(alias: string, options: huks.HuksOptions) { 911 return new Promise<void>((resolve, reject) => { 912 try { 913 huks.generateKeyItem(alias, options, (error, data) => { 914 if (error) { 915 reject(error); 916 } else { 917 resolve(data); 918 } 919 }); 920 } catch (error) { 921 throw (new Error(error)); 922 } 923 }); 924} 925async function TestExportFunc(alias: string, options: huks.HuksOptions) { 926 try { 927 await exportKey(alias, options) 928 .then((data) => { 929 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 930 }) 931 .catch((error: BusinessError) => { 932 console.error(`callback: exportKeyItem failed`); 933 }); 934 } catch (error) { 935 console.error(`callback: exportKeyItem input arg invalid`); 936 } 937} 938function exportKey(alias: string, options: huks.HuksOptions) { 939 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 940 try { 941 huks.exportKeyItem(alias, options, (error, data) => { 942 if (error) { 943 reject(error); 944 } else { 945 resolve(data); 946 } 947 }); 948 } catch (error) { 949 throw (new Error(error)); 950 } 951 }); 952} 953async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 954 try { 955 await importWrappedKey(alias, wrappingAlias, options) 956 .then((data) => { 957 console.info(`callback: importWrappedKeyItem success`); 958 }) 959 .catch((error: BusinessError) => { 960 console.error(`callback: importWrappedKeyItem failed`); 961 }); 962 } catch (error) { 963 console.error(`callback: importWrappedKeyItem input arg invalid`); 964 } 965} 966function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 967 return new Promise<void>((resolve, reject) => { 968 try { 969 huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => { 970 if (error) { 971 reject(error); 972 } else { 973 resolve(data); 974 } 975 }); 976 } catch (error) { 977 throw (new Error(error)); 978 } 979 }); 980} 981async function TestImportWrappedKeyFunc( 982 alias: string, 983 wrappingAlias: string, 984 genOptions: huks.HuksOptions, 985 importOptions: huks.HuksOptions 986) { 987 await TestGenFunc(wrappingAlias, genOptions); 988 await TestExportFunc(wrappingAlias, genOptions); 989 990 /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here. 991 * For example, import **keyA**. 992 * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**. 993 * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**. 994 * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**. 995 * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**. 996 * 5. Generate the **importOptions.inData** field in the following format: 997 * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 + 998 * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 + 999 * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 + 1000 * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 + 1001 * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc 1002 */ 1003 /* The key data imported vary with the sample code given below. The data structure is described in the preceding comments. */ 1004 let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]); 1005 importOptions.inData = inputKey; 1006 await TestImportWrappedFunc(alias, wrappingAlias, importOptions); 1007} 1008function makeGenerateOptions() { 1009 let properties: HuksProperties[] = [ 1010 { 1011 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1012 value: huks.HuksKeyAlg.HUKS_ALG_ECC 1013 }, 1014 { 1015 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1016 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 1017 }, 1018 { 1019 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1020 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 1021 }, 1022 { 1023 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1024 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1025 }, 1026 { 1027 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 1028 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR, 1029 } 1030 ]; 1031 let options: huks.HuksOptions = { 1032 properties: properties 1033 }; 1034 return options; 1035}; 1036function makeImportOptions() { 1037 let properties: HuksProperties[] = [ 1038 { 1039 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1040 value: huks.HuksKeyAlg.HUKS_ALG_AES 1041 }, 1042 { 1043 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1044 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1045 }, 1046 { 1047 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1048 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1049 }, 1050 { 1051 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1052 value: huks.HuksCipherMode.HUKS_MODE_CBC 1053 }, 1054 { 1055 tag: huks.HuksTag.HUKS_TAG_PADDING, 1056 value: huks.HuksKeyPadding.HUKS_PADDING_NONE 1057 }, 1058 { 1059 tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 1060 value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 1061 } 1062 ]; 1063 let options: huks.HuksOptions = { 1064 properties: properties 1065 }; 1066 return options; 1067}; 1068function huksImportWrappedKey() { 1069 let genOptions = makeGenerateOptions(); 1070 let importOptions = makeImportOptions(); 1071 TestImportWrappedKeyFunc( 1072 alias1, 1073 alias2, 1074 genOptions, 1075 importOptions 1076 ); 1077} 1078``` 1079 1080## huks.importWrappedKeyItem<sup>9+</sup> 1081 1082importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<void> 1083 1084Imports a wrapped key. This API uses a promise to return the result. 1085 1086**System capability**: SystemCapability.Security.Huks.Extension 1087 1088**Parameters** 1089 1090| Name | Type | Mandatory| Description | 1091| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1092| keyAlias | string | Yes | Alias of the wrapped key to import. | 1093| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1094| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1095 1096**Error codes** 1097 1098For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1099 1100| ID| Error Message | 1101| -------- | ------------- | 1102| 401 | argument is invalid. | 1103| 801 | api is not supported. | 1104| 12000001 | algorithm mode is not supported. | 1105| 12000002 | algorithm param is missing. | 1106| 12000003 | algorithm param is invalid. | 1107| 12000004 | operating file failed. | 1108| 12000005 | IPC communication failed. | 1109| 12000006 | error occured in crypto engine. | 1110| 12000011 | queried entity does not exist. | 1111| 12000012 | external error. | 1112| 12000013 | queried credential does not exist. | 1113| 12000014 | memory is insufficient. | 1114| 12000015 | call service failed. | 1115 1116**Example** 1117 1118```ts 1119import huks from '@ohos.security.huks'; 1120import { BusinessError } from '@ohos.base'; 1121/* The process is similar as if a callback is used, except the following:*/ 1122/* The key data imported vary with the sample code given below. The data structure is described in the preceding comments. */ 1123async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1124 try { 1125 await huks.importWrappedKeyItem(alias, wrappingAlias, options) 1126 .then ((data) => { 1127 console.info(`promise: importWrappedKeyItem success`); 1128 }) 1129 .catch((error: BusinessError) => { 1130 console.error(`promise: importWrappedKeyItem failed`); 1131 }); 1132 } catch (error) { 1133 console.error(`promise: importWrappedKeyItem input arg invalid`); 1134 } 1135} 1136``` 1137 1138## huks.exportKeyItem<sup>9+</sup> 1139 1140exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1141 1142Exports a key. This API uses an asynchronous callback to return the result. 1143 1144**System capability**: SystemCapability.Security.Huks.Extension 1145 1146**Parameters** 1147 1148| Name | Type | Mandatory| Description | 1149| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1150| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1151| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1152| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 1153 1154**Error codes** 1155 1156For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1157 1158| ID| Error Message | 1159| -------- | ------------- | 1160| 401 | argument is invalid. | 1161| 801 | api is not supported. | 1162| 12000001 | algorithm mode is not supported. | 1163| 12000002 | algorithm param is missing. | 1164| 12000003 | algorithm param is invalid. | 1165| 12000004 | operating file failed. | 1166| 12000005 | IPC communication failed. | 1167| 12000006 | error occured in crypto engine. | 1168| 12000011 | queried entity does not exist. | 1169| 12000012 | external error. | 1170| 12000014 | memory is insufficient. | 1171 1172**Example** 1173 1174```ts 1175import huks from '@ohos.security.huks'; 1176/* Set options to emptyOptions. */ 1177let keyAlias = 'keyAlias'; 1178let emptyOptions: huks.HuksOptions = { 1179 properties: [] 1180}; 1181try { 1182 huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => { 1183 if (error) { 1184 console.error(`callback: exportKeyItem failed`); 1185 } else { 1186 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1187 } 1188 }); 1189} catch (error) { 1190 console.error(`callback: exportKeyItem input arg invalid`); 1191} 1192``` 1193 1194## huks.exportKeyItem<sup>9+</sup> 1195 1196exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1197 1198Exports a key. This API uses a promise to return the result. 1199 1200**System capability**: SystemCapability.Security.Huks.Extension 1201 1202**Parameters** 1203 1204| Name | Type | Mandatory| Description | 1205| -------- | --------------------------- | ---- | -------------------------------------------- | 1206| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1207| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1208 1209**Return value** 1210 1211| Type | Description | 1212| ---------------------------------------------- | ------------------------------------------------------------ | 1213| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. If the operation fails, an error code is returned. | 1214 1215**Error codes** 1216 1217For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1218 1219| ID| Error Message | 1220| -------- | ------------- | 1221| 401 | argument is invalid. | 1222| 801 | api is not supported. | 1223| 12000001 | algorithm mode is not supported. | 1224| 12000002 | algorithm param is missing. | 1225| 12000003 | algorithm param is invalid. | 1226| 12000004 | operating file failed. | 1227| 12000005 | IPC communication failed. | 1228| 12000006 | error occured in crypto engine. | 1229| 12000011 | queried entity does not exist. | 1230| 12000012 | external error. | 1231| 12000014 | memory is insufficient. | 1232 1233**Example** 1234 1235```ts 1236import huks from '@ohos.security.huks'; 1237import { BusinessError } from '@ohos.base'; 1238/* Set options to emptyOptions. */ 1239let keyAlias = 'keyAlias'; 1240let emptyOptions: huks.HuksOptions = { 1241 properties: [] 1242}; 1243try { 1244 huks.exportKeyItem(keyAlias, emptyOptions) 1245 .then ((data) => { 1246 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 1247 }) 1248 .catch((error: BusinessError) => { 1249 console.error(`promise: exportKeyItem failed`); 1250 }); 1251} catch (error) { 1252 console.error(`promise: exportKeyItem input arg invalid`); 1253} 1254``` 1255 1256## huks.getKeyItemProperties<sup>9+</sup> 1257 1258getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1259 1260Obtains key properties. This API uses an asynchronous callback to return the result. 1261 1262**System capability**: SystemCapability.Security.Huks.Extension 1263 1264**Parameters** 1265 1266| Name | Type | Mandatory| Description | 1267| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1268| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1269| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1270| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.| 1271 1272**Error codes** 1273 1274For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1275 1276| ID| Error Message | 1277| -------- | ------------- | 1278| 401 | argument is invalid. | 1279| 801 | api is not supported. | 1280| 12000001 | algorithm mode is not supported. | 1281| 12000002 | algorithm param is missing. | 1282| 12000003 | algorithm param is invalid. | 1283| 12000004 | operating file failed. | 1284| 12000005 | IPC communication failed. | 1285| 12000006 | error occured in crypto engine. | 1286| 12000011 | queried entity does not exist. | 1287| 12000012 | external error. | 1288| 12000014 | memory is insufficient. | 1289 1290**Example** 1291 1292```ts 1293import huks from '@ohos.security.huks'; 1294/* Set options to emptyOptions. */ 1295let keyAlias = 'keyAlias'; 1296let emptyOptions: huks.HuksOptions = { 1297 properties: [] 1298}; 1299try { 1300 huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => { 1301 if (error) { 1302 console.error(`callback: getKeyItemProperties failed`); 1303 } else { 1304 console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1305 } 1306 }); 1307} catch (error) { 1308 console.error(`callback: getKeyItemProperties input arg invalid`); 1309} 1310``` 1311 1312## huks.getKeyItemProperties<sup>9+</sup> 1313 1314getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1315 1316Obtains key properties. This API uses a promise to return the result. 1317 1318**System capability**: SystemCapability.Security.Huks.Extension 1319 1320**Parameters** 1321 1322| Name | Type | Mandatory| Description | 1323| -------- | --------------------------- | ---- | -------------------------------------------- | 1324| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1325| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1326 1327**Return value** 1328 1329| Type | Description | 1330| ----------------------------------------------- | ------------------------------------------------------------ | 1331| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned. | 1332 1333**Error codes** 1334 1335For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1336 1337| ID| Error Message | 1338| -------- | ------------- | 1339| 401 | argument is invalid. | 1340| 801 | api is not supported. | 1341| 12000001 | algorithm mode is not supported. | 1342| 12000002 | algorithm param is missing. | 1343| 12000003 | algorithm param is invalid. | 1344| 12000004 | operating file failed. | 1345| 12000005 | IPC communication failed. | 1346| 12000006 | error occured in crypto engine. | 1347| 12000011 | queried entity does not exist. | 1348| 12000012 | external error. | 1349| 12000014 | memory is insufficient. | 1350 1351**Example** 1352 1353```ts 1354import huks from '@ohos.security.huks'; 1355import { BusinessError } from '@ohos.base'; 1356/* Set options to emptyOptions. */ 1357let keyAlias = 'keyAlias'; 1358let emptyOptions: huks.HuksOptions = { 1359 properties: [] 1360}; 1361try { 1362 huks.getKeyItemProperties(keyAlias, emptyOptions) 1363 .then ((data) => { 1364 console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1365 }) 1366 .catch((error: BusinessError) => { 1367 console.error(`promise: getKeyItemProperties failed`); 1368 }); 1369} catch (error) { 1370 console.error(`promise: getKeyItemProperties input arg invalid`); 1371} 1372``` 1373 1374## huks.isKeyItemExist<sup>9+</sup> 1375 1376isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1377 1378Checks whether a key exists. This API uses an asynchronous callback to return the result. 1379 1380**System capability**: SystemCapability.Security.Huks.Core 1381 1382**Parameters** 1383 1384| Name | Type | Mandatory| Description | 1385| -------- | --------------------------- | ---- | --------------------------------------- | 1386| keyAlias | string | Yes | Alias of the key to check. | 1387| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1388| callback | AsyncCallback\<boolean> | Yes | Callback invoked to return the result. If the key exists, **data** is **true**. If the key does not exist, **error** is the error code.| 1389 1390**Error codes** 1391 1392For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1393 1394| ID| Error Message | 1395| -------- | ------------- | 1396| 401 | argument is invalid. | 1397| 801 | api is not supported. | 1398| 12000002 | algorithm param is missing. | 1399| 12000003 | algorithm param is invalid. | 1400| 12000004 | operating file failed. | 1401| 12000005 | IPC communication failed. | 1402| 12000006 | error occured in crypto engine. | 1403| 12000012 | external error. | 1404| 12000014 | memory is insufficient. | 1405 1406**Example** 1407 1408```ts 1409import huks from '@ohos.security.huks'; 1410import promptAction from '@ohos.promptAction'; 1411/* Set options to emptyOptions. */ 1412let keyAlias = 'keyAlias'; 1413let emptyOptions: huks.HuksOptions = { 1414 properties: [] 1415}; 1416huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => { 1417 if (data) { 1418 promptAction.showToast({ 1419 message: "keyAlias: " + keyAlias +"is existed! ", 1420 duration: 2500, 1421 }) 1422 } else { 1423 promptAction.showToast({ 1424 message: "find key failed", 1425 duration: 2500, 1426 }) 1427 } 1428}); 1429``` 1430 1431## huks.isKeyItemExist<sup>9+</sup> 1432 1433isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1434 1435Checks whether a key exists. This API uses a promise to return the result. 1436 1437**System capability**: SystemCapability.Security.Huks.Extension 1438 1439**Parameters** 1440 1441| Name | Type | Mandatory| Description | 1442| -------- | --------------------------- | ---- | ------------------------ | 1443| keyAlias | string | Yes | Alias of the key to check. | 1444| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 1445 1446**Return value** 1447 1448| Type | Description | 1449| ----------------- | --------------------------------------- | 1450| Promise\<boolean> | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.| 1451 1452**Error codes** 1453 1454For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1455 1456| ID| Error Message | 1457| -------- | ------------- | 1458| 401 | argument is invalid. | 1459| 801 | api is not supported. | 1460| 12000002 | algorithm param is missing. | 1461| 12000003 | algorithm param is invalid. | 1462| 12000004 | operating file failed. | 1463| 12000005 | IPC communication failed. | 1464| 12000006 | error occured in crypto engine. | 1465| 12000012 | external error. | 1466| 12000014 | memory is insufficient. | 1467 1468**Example** 1469 1470```ts 1471import huks from '@ohos.security.huks'; 1472import { BusinessError } from '@ohos.base'; 1473import promptAction from '@ohos.promptAction'; 1474 1475/* Set options to emptyOptions. */ 1476let keyAlias = 'keyAlias'; 1477let emptyOptions: huks.HuksOptions = { 1478 properties: [] 1479}; 1480huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => { 1481 promptAction.showToast({ 1482 message: "keyAlias: " + keyAlias +"is existed! ", 1483 duration: 500, 1484 }) 1485}).catch((error: BusinessError)=>{ 1486 promptAction.showToast({ 1487 message: "find key failed", 1488 duration: 6500, 1489 }) 1490}) 1491``` 1492 1493## huks.initSession<sup>9+</sup> 1494 1495initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksSessionHandle>) : void 1496 1497Initializes the data for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1498 1499**System capability**: SystemCapability.Security.Huks.Core 1500 1501**Parameters** 1502 1503| Name | Type | Mandatory| Description | 1504| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 1505| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1506| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1507| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback invoked to return a session handle for subsequent operations.| 1508 1509**Error codes** 1510 1511For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1512 1513| ID| Error Message | 1514| -------- | ------------- | 1515| 401 | argument is invalid. | 1516| 801 | api is not supported. | 1517| 12000001 | algorithm mode is not supported. | 1518| 12000002 | algorithm param is missing. | 1519| 12000003 | algorithm param is invalid. | 1520| 12000004 | operating file failed. | 1521| 12000005 | IPC communication failed. | 1522| 12000006 | error occured in crypto engine. | 1523| 12000010 | the number of sessions has reached limit. | 1524| 12000011 | queried entity does not exist. | 1525| 12000012 | external error. | 1526| 12000014 | memory is insufficient. | 1527 1528## huks.initSession<sup>9+</sup> 1529 1530initSession(keyAlias: string, options: HuksOptions) : Promise\<HuksSessionHandle> 1531 1532Initializes the data for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1533 1534**System capability**: SystemCapability.Security.Huks.Extension 1535 1536**Parameters** 1537 1538| Name | Type | Mandatory| Description | 1539| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1540| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1541| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1542 1543**Return value** 1544 1545| Type | Description | 1546| ----------------------------------- | -------------------------------------------------- | 1547| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations.| 1548 1549**Error codes** 1550 1551For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1552 1553| ID| Error Message | 1554| -------- | ------------- | 1555| 401 | argument is invalid. | 1556| 801 | api is not supported. | 1557| 12000001 | algorithm mode is not supported. | 1558| 12000002 | algorithm param is missing. | 1559| 12000003 | algorithm param is invalid. | 1560| 12000004 | operating file failed. | 1561| 12000005 | IPC communication failed. | 1562| 12000006 | error occured in crypto engine. | 1563| 12000010 | the number of sessions has reached limit. | 1564| 12000011 | queried entity does not exist. | 1565| 12000012 | external error. | 1566| 12000014 | memory is insufficient. | 1567 1568## huks.updateSession<sup>9+</sup> 1569 1570updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1571 1572Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1573 1574**System capability**: SystemCapability.Security.Huks.Core 1575 1576**Parameters** 1577 1578| Name | Type | Mandatory| Description | 1579| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1580| handle | number | Yes | Handle for the **updateSession** operation. | 1581| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1582| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **updateSession** operation result.| 1583 1584**Error codes** 1585 1586For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1587 1588| ID| Error Message | 1589| -------- | ------------- | 1590| 401 | argument is invalid. | 1591| 801 | api is not supported. | 1592| 12000001 | algorithm mode is not supported. | 1593| 12000002 | algorithm param is missing. | 1594| 12000003 | algorithm param is invalid. | 1595| 12000004 | operating file failed. | 1596| 12000005 | IPC communication failed. | 1597| 12000006 | error occured in crypto engine. | 1598| 12000007 | this credential is already invalidated permanently. | 1599| 12000008 | verify authtoken failed. | 1600| 12000009 | authtoken is already timeout. | 1601| 12000011 | queried entity does not exist. | 1602| 12000012 | external error. | 1603| 12000014 | memory is insufficient. | 1604 1605## huks.updateSession<sup>9+</sup> 1606 1607updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 1608 1609Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1610 1611**System capability**: SystemCapability.Security.Huks.Extension 1612 1613**Parameters** 1614 1615| Name | Type | Mandatory| Description | 1616| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1617| handle | number | Yes | Handle for the **updateSession** operation. | 1618| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1619| token | Uint8Array | Yes | Token of the **updateSession** operation. | 1620| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **updateSession** operation result.| 1621 1622**Error codes** 1623 1624For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1625 1626| ID| Error Message | 1627| -------- | ------------- | 1628| 401 | argument is invalid. | 1629| 801 | api is not supported. | 1630| 12000001 | algorithm mode is not supported. | 1631| 12000002 | algorithm param is missing. | 1632| 12000003 | algorithm param is invalid. | 1633| 12000004 | operating file failed. | 1634| 12000005 | IPC communication failed. | 1635| 12000006 | error occured in crypto engine. | 1636| 12000007 | this credential is already invalidated permanently. | 1637| 12000008 | verify authtoken failed. | 1638| 12000009 | authtoken is already timeout. | 1639| 12000011 | queried entity does not exist. | 1640| 12000012 | external error. | 1641| 12000014 | memory is insufficient. | 1642 1643## huks.updateSession<sup>9+</sup> 1644 1645updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 1646 1647Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1648 1649**System capability**: SystemCapability.Security.Huks.Extension 1650 1651**Parameters** 1652 1653| Name | Type | Mandatory| Description | 1654| ------- | ---------------------------------------------- | ---- | -------------------------------------------- | 1655| handle | number | Yes | Handle for the **updateSession** operation. | 1656| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1657| token | Uint8Array | No | Token of the **updateSession** operation. | 1658 1659**Return value** 1660 1661| Type | Description | 1662| ----------------------------------- | -------------------------------------------------- | 1663| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the **updateSession** operation result.| 1664 1665**Error codes** 1666 1667For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1668 1669| ID| Error Message | 1670| -------- | ------------- | 1671| 401 | argument is invalid. | 1672| 801 | api is not supported. | 1673| 12000001 | algorithm mode is not supported. | 1674| 12000002 | algorithm param is missing. | 1675| 12000003 | algorithm param is invalid. | 1676| 12000004 | operating file failed. | 1677| 12000005 | IPC communication failed. | 1678| 12000006 | error occured in crypto engine. | 1679| 12000007 | this credential is already invalidated permanently. | 1680| 12000008 | verify authtoken failed. | 1681| 12000009 | authtoken is already timeout. | 1682| 12000011 | queried entity does not exist. | 1683| 12000012 | external error. | 1684| 12000014 | memory is insufficient. | 1685 1686## huks.finishSession<sup>9+</sup> 1687 1688finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1689 1690Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1691 1692**System capability**: SystemCapability.Security.Huks.Core 1693 1694**Parameters** 1695 1696| Name | Type | Mandatory| Description | 1697| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1698| handle | number | Yes | Handle for the **finishSession** operation. | 1699| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 1700| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **finishSession** operation result.| 1701 1702**Error codes** 1703 1704For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1705 1706| ID| Error Message | 1707| -------- | ------------- | 1708| 401 | argument is invalid. | 1709| 801 | api is not supported. | 1710| 12000001 | algorithm mode is not supported. | 1711| 12000002 | algorithm param is missing. | 1712| 12000003 | algorithm param is invalid. | 1713| 12000004 | operating file failed. | 1714| 12000005 | IPC communication failed. | 1715| 12000006 | error occured in crypto engine. | 1716| 12000007 | this credential is already invalidated permanently. | 1717| 12000008 | verify authtoken failed. | 1718| 12000009 | authtoken is already timeout. | 1719| 12000011 | queried entity does not exist. | 1720| 12000012 | external error. | 1721| 12000014 | memory is insufficient. | 1722 1723## huks.finishSession<sup>9+</sup> 1724 1725finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 1726 1727Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1728 1729**System capability**: SystemCapability.Security.Huks.Extension 1730 1731**Parameters** 1732 1733| Name | Type | Mandatory| Description | 1734| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- | 1735| handle | number | Yes | Handle for the **finishSession** operation. | 1736| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 1737| token | Uint8Array | Yes | Token of the **finishSession** operation. | 1738| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **finishSession** operation result.| 1739 1740**Error codes** 1741 1742For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1743 1744| ID| Error Message | 1745| -------- | ------------- | 1746| 401 | argument is invalid. | 1747| 801 | api is not supported. | 1748| 12000001 | algorithm mode is not supported. | 1749| 12000002 | algorithm param is missing. | 1750| 12000003 | algorithm param is invalid. | 1751| 12000004 | operating file failed. | 1752| 12000005 | IPC communication failed. | 1753| 12000006 | error occured in crypto engine. | 1754| 12000007 | this credential is already invalidated permanently. | 1755| 12000008 | verify authtoken failed. | 1756| 12000009 | authtoken is already timeout. | 1757| 12000011 | queried entity does not exist. | 1758| 12000012 | external error. | 1759| 12000014 | memory is insufficient. | 1760 1761## huks.finishSession<sup>9+</sup> 1762 1763finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 1764 1765Completes the key operation and releases resources. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1766 1767**System capability**: SystemCapability.Security.Huks.Extension 1768 1769**Parameters** 1770 1771| Name | Type | Mandatory| Description | 1772| ------- | ----------------------------------------------- | ---- | ----------------------------------- | 1773| handle | number | Yes | Handle for the **finishSession** operation. | 1774| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 1775| token | Uint8Array | No | Token of the **finishSession** operation. | 1776 1777**Return value** 1778 1779| Type | Description | 1780| ----------------------------------- | -------------------------------------------------- | 1781| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 1782 1783**Error codes** 1784 1785For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1786 1787| ID| Error Message | 1788| -------- | ------------- | 1789| 401 | argument is invalid. | 1790| 801 | api is not supported. | 1791| 12000001 | algorithm mode is not supported. | 1792| 12000002 | algorithm param is missing. | 1793| 12000003 | algorithm param is invalid. | 1794| 12000004 | operating file failed. | 1795| 12000005 | IPC communication failed. | 1796| 12000006 | error occured in crypto engine. | 1797| 12000007 | this credential is already invalidated permanently. | 1798| 12000008 | verify authtoken failed. | 1799| 12000009 | authtoken is already timeout. | 1800| 12000011 | queried entity does not exist. | 1801| 12000012 | external error. | 1802| 12000014 | memory is insufficient. | 1803 1804## huks.abortSession<sup>9+</sup> 1805 1806abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\<void>) : void 1807 1808Aborts a key operation. This API uses an asynchronous callback to return the result. 1809 1810**System capability**: SystemCapability.Security.Huks.Core 1811 1812**Parameters** 1813 1814| Name | Type | Mandatory| Description | 1815| -------- | --------------------------- | ---- | ------------------------------------------- | 1816| handle | number | Yes | Handle for the **abortSession** operation. | 1817| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 1818| callback | AsyncCallback\<void> | Yes | Callback invoked to return the **abortSession** operation result.| 1819 1820**Error codes** 1821 1822For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1823 1824| ID| Error Message | 1825| -------- | ------------- | 1826| 401 | argument is invalid. | 1827| 801 | api is not supported. | 1828| 12000004 | operating file failed. | 1829| 12000005 | IPC communication failed. | 1830| 12000006 | error occured in crypto engine. | 1831| 12000012 | external error. | 1832| 12000014 | memory is insufficient. | 1833 1834**Example** 1835 1836```ts 1837import huks from '@ohos.security.huks'; 1838/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 1839 * If an error occurs in any of huks.initSession, huks.updateSession, 1840 * and huks.finishSession operations, 1841 * huks.abortSession must be called to terminate the use of the key. 1842 * 1843 * The following uses the callback of an RSA1024 key as an example. 1844 */ 1845class HuksProperties { 1846 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 1847 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 1848 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 1849} 1850function stringToUint8Array(str: string) { 1851 let arr: number[] = []; 1852 for (let i = 0, j = str.length; i < j; ++i) { 1853 arr.push(str.charCodeAt(i)); 1854 } 1855 let tmpUint8Array = new Uint8Array(arr); 1856 return tmpUint8Array; 1857} 1858let keyAlias = "HuksDemoRSA"; 1859let properties: HuksProperties[] = [] 1860let options: huks.HuksOptions = { 1861 properties: properties, 1862 inData: new Uint8Array(0) 1863}; 1864let handle: number = 0; 1865async function generateKey() { 1866 properties[0] = { 1867 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1868 value: huks.HuksKeyAlg.HUKS_ALG_RSA 1869 }; 1870 properties[1] = { 1871 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1872 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024 1873 }; 1874 properties[2] = { 1875 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1876 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 1877 }; 1878 properties[3] = { 1879 tag: huks.HuksTag.HUKS_TAG_PADDING, 1880 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 1881 }; 1882 properties[4] = { 1883 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1884 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1885 }; 1886 properties[5] = { 1887 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1888 value: huks.HuksCipherMode.HUKS_MODE_ECB, 1889 } 1890 try { 1891 await huks.generateKeyItem(keyAlias, options, (error, data) => { 1892 if (error) { 1893 console.error(`callback: generateKeyItem failed`); 1894 } else { 1895 console.info(`callback: generateKeyItem success`); 1896 } 1897 }); 1898 } catch (error) { 1899 console.error(`callback: generateKeyItem input arg invalid`); 1900 } 1901} 1902async function huksInit() { 1903 console.log('enter huksInit'); 1904 try { 1905 huks.initSession(keyAlias, options, (error, data) => { 1906 if (error) { 1907 console.error(`callback: initSession failed`); 1908 } else { 1909 console.info(`callback: initSession success, data = ${JSON.stringify(data)}`); 1910 handle = data.handle; 1911 } 1912 }); 1913 } catch (error) { 1914 console.error(`callback: initSession input arg invalid`); 1915 } 1916} 1917async function huksUpdate() { 1918 console.log('enter huksUpdate'); 1919 options.inData = stringToUint8Array("huksHmacTest"); 1920 try { 1921 huks.updateSession(handle, options, (error, data) => { 1922 if (error) { 1923 console.error(`callback: updateSession failed`); 1924 } else { 1925 console.info(`callback: updateSession success, data = ${JSON.stringify(data)}`); 1926 } 1927 }); 1928 } catch (error) { 1929 console.error(`callback: updateSession input arg invalid`); 1930 } 1931} 1932async function huksFinish() { 1933 console.log('enter huksFinish'); 1934 options.inData = new Uint8Array(0); 1935 try { 1936 huks.finishSession(handle, options, (error, data) => { 1937 if (error) { 1938 console.error(`callback: finishSession failed`); 1939 } else { 1940 console.info(`callback: finishSession success, data = ${JSON.stringify(data)}`); 1941 } 1942 }); 1943 } catch (error) { 1944 console.error(`callback: finishSession input arg invalid`); 1945 } 1946} 1947async function huksAbort() { 1948 console.log('enter huksAbort'); 1949 try { 1950 huks.abortSession(handle, options, (error, data) => { 1951 if (error) { 1952 console.error(`callback: abortSession failed`); 1953 } else { 1954 console.info(`callback: abortSession success`); 1955 } 1956 }); 1957 } catch (error) { 1958 console.error(`callback: abortSession input arg invalid`); 1959 } 1960} 1961``` 1962 1963## huks.abortSession<sup>9+</sup> 1964 1965abortSession(handle: number, options: HuksOptions) : Promise\<void>; 1966 1967Aborts a key operation. This API uses a promise to return the result. 1968 1969**System capability**: SystemCapability.Security.Huks.Extension 1970 1971**Parameters** 1972 1973| Name | Type | Mandatory| Description | 1974| ------- | --------------------------- | ---- | ------------------------------------------- | 1975| handle | number | Yes | Handle for the **abortSession** operation. | 1976| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 1977 1978**Return value** 1979 1980| Type | Description | 1981| ----------------------------------- | -------------------------------------------------- | 1982| Promise\<void> | Promise used to return the **abortSession** operation result.| 1983 1984**Error codes** 1985 1986For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1987 1988| ID| Error Message | 1989| -------- | ------------- | 1990| 401 | argument is invalid. | 1991| 801 | api is not supported. | 1992| 12000004 | operating file failed. | 1993| 12000005 | IPC communication failed. | 1994| 12000006 | error occured in crypto engine. | 1995| 12000012 | external error. | 1996| 12000014 | memory is insufficient. | 1997 1998**Example** 1999 2000```ts 2001import huks from '@ohos.security.huks'; 2002import { BusinessError } from '@ohos.base'; 2003/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2004 * If an error occurs in any of huks.initSession, huks.updateSession, 2005 * and huks.finishSession operations, 2006 * huks.abortSession must be called to terminate the use of the key. 2007 * 2008 * The following uses the callback of an RSA1024 key as an example. 2009 */ 2010class HuksProperties { 2011 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2012 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2013 huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 2014 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 2015} 2016 2017function stringToUint8Array(str: string) { 2018 let arr: number[] = []; 2019 for (let i = 0, j = str.length; i < j; ++i) { 2020 arr.push(str.charCodeAt(i)); 2021 } 2022 let tmpUint8Array = new Uint8Array(arr); 2023 return tmpUint8Array; 2024} 2025 2026let keyAlias = "HuksDemoRSA"; 2027let properties: HuksProperties[] = [] 2028let options: huks.HuksOptions = { 2029 properties: properties, 2030 inData: new Uint8Array(0) 2031}; 2032let handle: number = 0; 2033 2034async function generateKey() { 2035 properties[0] = { 2036 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2037 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2038 }; 2039 properties[1] = { 2040 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2041 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024 2042 }; 2043 properties[2] = { 2044 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2045 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2046 }; 2047 properties[3] = { 2048 tag: huks.HuksTag.HUKS_TAG_PADDING, 2049 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2050 }; 2051 properties[4] = { 2052 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2053 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2054 }; 2055 properties[5] = { 2056 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2057 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2058 } 2059 2060 try { 2061 await huks.generateKeyItem(keyAlias, options) 2062 .then((data) => { 2063 console.info(`promise: generateKeyItem success`); 2064 }) 2065 .catch((error: BusinessError) => { 2066 console.error(`promise: generateKeyItem failed`); 2067 }); 2068 } catch (error) { 2069 console.error(`promise: generateKeyItem input arg invalid`); 2070 } 2071} 2072 2073async function huksInit() { 2074 console.log('enter huksInit'); 2075 try { 2076 await huks.initSession(keyAlias, options) 2077 .then((data) => { 2078 console.info(`promise: initSession success, data = ${JSON.stringify(data)}`); 2079 handle = data.handle; 2080 }) 2081 .catch((error: BusinessError) => { 2082 console.error(`promise: initSession key failed`); 2083 }); 2084 } catch (error) { 2085 console.error(`promise: initSession input arg invalid`); 2086 } 2087} 2088 2089async function huksUpdate() { 2090 console.log('enter huksUpdate'); 2091 options.inData = stringToUint8Array("huksHmacTest"); 2092 try { 2093 await huks.updateSession(handle, options) 2094 .then((data) => { 2095 console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`); 2096 }) 2097 .catch((error: BusinessError) => { 2098 console.error(`promise: updateSession failed`); 2099 }); 2100 } catch (error) { 2101 console.error(`promise: updateSession input arg invalid`); 2102 } 2103} 2104 2105async function huksFinish() { 2106 console.log('enter huksFinish'); 2107 options.inData = new Uint8Array(0); 2108 try { 2109 await huks.finishSession(handle, options) 2110 .then((data) => { 2111 console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`); 2112 }) 2113 .catch((error: BusinessError) => { 2114 console.error(`promise: finishSession failed`); 2115 }); 2116 } catch (error) { 2117 console.error(`promise: finishSession input arg invalid`); 2118 } 2119} 2120 2121async function huksAbort() { 2122 console.log('enter huksAbort'); 2123 try { 2124 await huks.abortSession(handle, options) 2125 .then((data) => { 2126 console.info(`promise: abortSession success`); 2127 }) 2128 .catch((error: BusinessError) => { 2129 console.error(`promise: abortSession failed`); 2130 }); 2131 } catch (error) { 2132 console.error(`promise: abortSession input arg invalid`); 2133 } 2134} 2135``` 2136 2137 2138## HuksExceptionErrCode<sup>9+</sup> 2139 2140Enumerates the error codes. 2141 2142For details about the error codes, see [KUKS Error Codes](../errorcodes/errorcode-huks.md). 2143 2144**System capability**: SystemCapability.Security.Huks.Core 2145 2146| Name | Value| Description | 2147| ---------------------------------------------- | -------- |--------------------------- | 2148| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed. | 2149| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. | 2150| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported. | 2151| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported. | 2152| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing. | 2153| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected. | 2154| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed. | 2155| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed. | 2156| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library. | 2157| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.| 2158| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.| 2159| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.| 2160| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit. | 2161| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist. | 2162| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs. | 2163| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist. | 2164| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient. | 2165| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services. | 2166 2167## HuksKeyPurpose 2168 2169Enumerates the key purposes. 2170 2171**System capability**: SystemCapability.Security.Huks.Core 2172 2173| Name | Value | Description | 2174| ------------------------ | ---- | -------------------------------- | 2175| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.<br>**System capability**: SystemCapability.Security.Huks.Core| 2176| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.<br>**System capability**: SystemCapability.Security.Huks.Core| 2177| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2178| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2179| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2180| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2181| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2182| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).<br>**System capability**: SystemCapability.Security.Huks.Extension| 2183| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2184 2185## HuksKeyDigest 2186 2187Enumerates the digest algorithms. 2188 2189**System capability**: SystemCapability.Security.Huks.Extension 2190 2191| Name | Value | Description | 2192| ---------------------- | ---- | ---------------------------------------- | 2193| HUKS_DIGEST_NONE | 0 | No digest algorithm| 2194| HUKS_DIGEST_MD5 | 1 | MD5| 2195| HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3| 2196| HUKS_DIGEST_SHA1 | 10 | SHA-1| 2197| HUKS_DIGEST_SHA224 | 11 | SHA-224| 2198| HUKS_DIGEST_SHA256 | 12 | SHA-256| 2199| HUKS_DIGEST_SHA384 | 13 | SHA-384| 2200| HUKS_DIGEST_SHA512 | 14 | SHA-512| 2201 2202## HuksKeyPadding 2203 2204Enumerates the padding algorithms. 2205 2206**System capability**: SystemCapability.Security.Huks.Core 2207 2208| Name | Value | Description | 2209| ---------------------- | ---- | ---------------------------------------- | 2210| HUKS_PADDING_NONE | 0 | No padding algorithm<br>**System capability**: SystemCapability.Security.Huks.Core| 2211| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP)<br>**System capability**: SystemCapability.Security.Huks.Extension| 2212| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS)<br>**System capability**: SystemCapability.Security.Huks.Extension| 2213| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5<br>**System capability**: SystemCapability.Security.Huks.Extension| 2214| HUKS_PADDING_PKCS5 | 4 | PKCS #5<br>**System capability**: SystemCapability.Security.Huks.Extension| 2215| HUKS_PADDING_PKCS7 | 5 | PKCS #7<br>**System capability**: SystemCapability.Security.Huks.Core| 2216 2217## HuksCipherMode 2218 2219Enumerates the cipher modes. 2220 2221**System capability**: SystemCapability.Security.Huks.Core 2222 2223| Name | Value | Description | 2224| ------------- | ---- | --------------------- | 2225| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode<br>**System capability**: SystemCapability.Security.Huks.Core| 2226| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode<br>**System capability**: SystemCapability.Security.Huks.Core| 2227| HUKS_MODE_CTR | 3 | Counter (CTR) mode<br>**System capability**: SystemCapability.Security.Huks.Core| 2228| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode<br>**System capability**: SystemCapability.Security.Huks.Extension| 2229| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode<br>**System capability**: SystemCapability.Security.Huks.Extension| 2230| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode<br>**System capability**: SystemCapability.Security.Huks.Core| 2231 2232## HuksKeySize 2233 2234Enumerates the key sizes. 2235 2236**System capability**: SystemCapability.Security.Huks.Core 2237 2238| Name | Value | Description | 2239| ---------------------------------- | ---- | ------------------------------------------ | 2240| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2241| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2242| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2243| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2244| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2245| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2246| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2247| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2248| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2249| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2250| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits<br>**System capability**: SystemCapability.Security.Huks.Core| 2251| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits<br>**System capability**: SystemCapability.Security.Huks.Core| 2252| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits<br>**System capability**: SystemCapability.Security.Huks.Core| 2253| HUKS_AES_KEY_SIZE_512 | 512 | AES key of 512 bits<br>**System capability**: SystemCapability.Security.Huks.Core| 2254| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2255| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2256| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2257| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2258| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | ShangMi2 (SM2) key of 256 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2259| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | ShangMi4 (SM4) key of 128 bits<br>**System capability**: SystemCapability.Security.Huks.Extension| 2260 2261## HuksKeyAlg 2262 2263Enumerates the key algorithms. 2264 2265**System capability**: SystemCapability.Security.Huks.Core 2266 2267| Name | Value | Description | 2268| ------------------------- | ---- | --------------------- | 2269| HUKS_ALG_RSA | 1 | RSA<br>**System capability**: SystemCapability.Security.Huks.Extension| 2270| HUKS_ALG_ECC | 2 | ECC<br>**System capability**: SystemCapability.Security.Huks.Extension| 2271| HUKS_ALG_DSA | 3 | DSA<br>**System capability**: SystemCapability.Security.Huks.Extension| 2272| HUKS_ALG_AES | 20 | AES<br>**System capability**: SystemCapability.Security.Huks.Core| 2273| HUKS_ALG_HMAC | 50 | HMAC<br>**System capability**: SystemCapability.Security.Huks.Extension| 2274| HUKS_ALG_HKDF | 51 | HKDF<br>**System capability**: SystemCapability.Security.Huks.Extension| 2275| HUKS_ALG_PBKDF2 | 52 | PBKDF2<br>**System capability**: SystemCapability.Security.Huks.Extension| 2276| HUKS_ALG_ECDH | 100 | ECDH<br>**System capability**: SystemCapability.Security.Huks.Extension| 2277| HUKS_ALG_X25519 | 101 | X25519 <br>**System capability**: SystemCapability.Security.Huks.Extension| 2278| HUKS_ALG_ED25519 | 102 | ED25519<br>**System capability**: SystemCapability.Security.Huks.Extension| 2279| HUKS_ALG_DH | 103 | DH<br>**System capability**: SystemCapability.Security.Huks.Extension| 2280| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2<br>**System capability**: SystemCapability.Security.Huks.Extension| 2281| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3<br>**System capability**: SystemCapability.Security.Huks.Extension| 2282| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4<br>**System capability**: SystemCapability.Security.Huks.Extension| 2283 2284## HuksKeyGenerateType 2285 2286Enumerates the key generation types. 2287 2288**System capability**: SystemCapability.Security.Huks.Extension 2289 2290| Name | Value | Description | 2291| ------------------------------ | ---- | ---------------- | 2292| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.| 2293| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.| 2294| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.| 2295 2296## HuksKeyFlag 2297 2298Enumerates the key generation modes. 2299 2300**System capability**: SystemCapability.Security.Huks.Core 2301 2302| Name | Value | Description | 2303| -------------------------- | ---- | ------------------------------------ | 2304| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. | 2305| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. | 2306| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.| 2307| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.| 2308 2309## HuksKeyStorageType 2310 2311Enumerates the key storage modes. 2312 2313**System capability**: SystemCapability.Security.Huks.Core 2314 2315| Name | Value | Description | 2316| -------------------------------------------- | ---- | ------------------------------ | 2317| HUKS_STORAGE_TEMP<sup>(deprecated)</sup> | 0 | The key is managed locally.<br>**NOTE**: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br>**System capability**: SystemCapability.Security.Huks.Core| 2318| HUKS_STORAGE_PERSISTENT<sup>(deprecated)</sup> | 1 | The key is managed by the HUKS service.<br>**NOTE**: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br>**System capability**: SystemCapability.Security.Huks.Core| 2319| HUKS_STORAGE_ONLY_USED_IN_HUKS<sup>10+</sup> | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2320| HUKS_STORAGE_KEY_EXPORT_ALLOWED<sup>10+</sup> | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2321 2322## HuksSendType 2323 2324Enumerates the tag transfer modes. 2325 2326**System capability**: SystemCapability.Security.Huks.Extension 2327 2328| Name | Value | Description | 2329| -------------------- | ---- | ----------------- | 2330| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.| 2331| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.| 2332 2333## HuksUnwrapSuite<sup>9+</sup> 2334 2335Enumerates the algorithm suites used for importing a wrapped key. 2336 2337**System capability**: SystemCapability.Security.Huks.Extension 2338 2339| Name | Value | Description | 2340| ---------------------------------------------- | ---- | ----------------------------------------------------- | 2341| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.| 2342| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. | 2343 2344## HuksImportKeyType<sup>9+</sup> 2345 2346Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported. 2347 2348**System capability**: SystemCapability.Security.Huks.Extension 2349 2350| Name | Value | Description | 2351| ------------------------- | ---- | ------------------------------ | 2352| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key | 2353| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key | 2354| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair| 2355 2356## HuksRsaPssSaltLenType<sup>10+</sup> 2357 2358Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification. 2359 2360**System capability**: SystemCapability.Security.Huks.Extension 2361 2362| Name | Value | Description | 2363| ------------------------------------------ | ---- | ---------------------------- | 2364| HUKS_RSA_PSS_SALT_LEN_DIGEST<sup>10+</sup> | 0 | **salt_len** is set to the digest length.| 2365| HUKS_RSA_PSS_SALT_LEN_MAX<sup>10+</sup> | 1 | **salt_len** is set to the maximum length.| 2366 2367## HuksUserAuthType<sup>9+</sup> 2368 2369Enumerates the user authentication types. 2370 2371**System capability**: SystemCapability.Security.Huks.Extension 2372 2373| Name | Value | Description | 2374| ------------------------------- | ---- | ------------------------- | 2375| HUKS_USER_AUTH_TYPE_FINGERPRINT | 1 << 0 | Fingerprint authentication. | 2376| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.| 2377| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.| 2378 2379## HuksAuthAccessType<sup>9+</sup> 2380 2381Enumerates the access control types. 2382 2383**System capability**: SystemCapability.Security.Huks.Extension 2384 2385| Name | Value | Description | 2386| --------------------------------------- | ---- | ------------------------------------------------ | 2387| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. | 2388| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.| 2389 2390## HuksChallengeType<sup>9+</sup> 2391 2392Enumerates the types of the challenges generated when a key is used. 2393 2394**System capability**: SystemCapability.Security.Huks.Extension 2395 2396| Name | Value | Description | 2397| ------------------------------- | ---- | ------------------------------ | 2398| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.| 2399| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.| 2400| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.| 2401 2402## HuksChallengePosition<sup>9+</sup> 2403 2404Enumerates the positions of the 8-byte valid value in a custom challenge generated. 2405 2406**System capability**: SystemCapability.Security.Huks.Extension 2407 2408| Name | Value | Description | 2409| ------------------------------- | ---- | ------------------------------ | 2410| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.| 2411| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.| 2412| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.| 2413| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.| 2414 2415## HuksSecureSignType<sup>9+</sup> 2416 2417Defines the signature type of the key generated or imported. 2418 2419**System capability**: SystemCapability.Security.Huks.Extension 2420 2421| Name | Value | Description | 2422| ------------------------------ | ---- | ------------------------------------------------------------ | 2423| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.| 2424 2425## HuksTagType 2426 2427Enumerates the tag data types. 2428 2429**System capability**: SystemCapability.Security.Huks.Core 2430 2431| Name | Value | Description | 2432| --------------------- | ------- | --------------------------------------- | 2433| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | 2434| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | 2435| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.| 2436| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. | 2437| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | 2438| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | 2439 2440## HuksTag 2441 2442Enumerates the tags used to invoke parameters. 2443 2444**System capability**: SystemCapability.Security.Huks.Core 2445 2446| Name | Value | Description | 2447| -------------------------------------------- | ---------------------------------------- | -------------------------------------- | 2448| HUKS_TAG_INVALID | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag.<br>**System capability**: SystemCapability.Security.Huks.Core| 2449| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.<br>**System capability**: SystemCapability.Security.Huks.Core| 2450| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.<br>**System capability**: SystemCapability.Security.Huks.Core| 2451| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.<br>**System capability**: SystemCapability.Security.Huks.Core| 2452| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2453| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding algorithm.<br>**System capability**: SystemCapability.Security.Huks.Core| 2454| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.<br>**System capability**: SystemCapability.Security.Huks.Core| 2455| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.<br>**System capability**: SystemCapability.Security.Huks.Core| 2456| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.<br>**System capability**: SystemCapability.Security.Huks.Core| 2457| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Field for key encryption and decryption.<br>**System capability**: SystemCapability.Security.Huks.Core| 2458| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.<br>**System capability**: SystemCapability.Security.Huks.Core| 2459| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.<br>**System capability**: SystemCapability.Security.Huks.Core| 2460| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2461| HUKS_TAG_PWD | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Core| 2462| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2463| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.<br>**System capability**: SystemCapability.Security.Huks.Core| 2464| HUKS_TAG_DERIVE_MAIN_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2465| HUKS_TAG_DERIVE_FACTOR | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2466| HUKS_TAG_DERIVE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2467| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2468| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2469| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2470| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2471| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.<br>**System capability**: SystemCapability.Security.Huks.Core| 2472| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2473| HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2474| HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2475| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2476| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2477| HUKS_TAG_ACTIVE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2478| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br>**System capability**: SystemCapability.Security.Huks.Core| 2479| HUKS_TAG_USAGE_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br>**System capability**: SystemCapability.Security.Huks.Core| 2480| HUKS_TAG_CREATION_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br>**System capability**: SystemCapability.Security.Huks.Core| 2481| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2482| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2483| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2484| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set two of **HKS_USER_AUTH_TYPE_FACE**, **HKS_USER_AUTH_TYPE_FINGERPRINT**, and **HKS_USER_AUTH_TYPE_FACE\**.| HKS_USER_AUTH_TYPE_FINGERPRINT<br>**System capability**: SystemCapability.Security.Huks.Extension| 2485| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | Timeout period of an authentication token.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2486| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Used to pass in the authentication token.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2487| HUKS_TAG_KEY_AUTH_ACCESS_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).<br>**System capability**: SystemCapability.Security.Huks.Extension| 2488| HUKS_TAG_KEY_SECURE_SIGN_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2489| HUKS_TAG_CHALLENGE_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).<br>**System capability**: SystemCapability.Security.Huks.Extension| 2490| HUKS_TAG_CHALLENGE_POS<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).<br>**System capability**: SystemCapability.Security.Huks.Extension| 2491| HUKS_TAG_KEY_AUTH_PURPOSE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2492| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2493| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2494| HUKS_TAG_ATTESTATION_ID_BRAND | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2495| HUKS_TAG_ATTESTATION_ID_DEVICE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2496| HUKS_TAG_ATTESTATION_ID_PRODUCT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2497| HUKS_TAG_ATTESTATION_ID_SERIAL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2498| HUKS_TAG_ATTESTATION_ID_IMEI | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2499| HUKS_TAG_ATTESTATION_ID_MEID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2500| HUKS_TAG_ATTESTATION_ID_MANUFACTURER | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2501| HUKS_TAG_ATTESTATION_ID_MODEL | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2502| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2503| HUKS_TAG_ATTESTATION_ID_SOCID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2504| HUKS_TAG_ATTESTATION_ID_UDID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2505| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2506| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2507| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.<br>**System capability**: SystemCapability.Security.Huks.Core| 2508| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.<br>**System capability**: SystemCapability.Security.Huks.Core| 2509| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2510| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2511| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2512| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2513| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.<br>**System capability**: SystemCapability.Security.Huks.Core| 2514| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2515| HUKS_TAG_SECURE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Core| 2516| HUKS_TAG_SECURE_KEY_UUID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2517| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Core| 2518| HUKS_TAG_PROCESS_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name.<br>**System capability**: SystemCapability.Security.Huks.Core| 2519| HUKS_TAG_PACKAGE_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2520| HUKS_TAG_ACCESS_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2521| HUKS_TAG_USES_TIME | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2522| HUKS_TAG_CRYPTO_CTX | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2523| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Core| 2524| HUKS_TAG_KEY_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2525| HUKS_TAG_PAYLOAD_LEN | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2526| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.<br>**System capability**: SystemCapability.Security.Huks.Core| 2527| HUKS_TAG_IS_KEY_HANDLE | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Core| 2528| HUKS_TAG_OS_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version.<br>**System capability**: SystemCapability.Security.Huks.Core| 2529| HUKS_TAG_OS_PATCHLEVEL | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level.<br>**System capability**: SystemCapability.Security.Huks.Core| 2530| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Core| 2531| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2532| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.<br>**System capability**: SystemCapability.Security.Huks.Extension| 2533 2534## huks.generateKey<sup>(deprecated)</sup> 2535 2536generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2537 2538Generates a key. This API uses an asynchronous callback to return the result. 2539 2540> **NOTE** 2541> 2542> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9). 2543 2544**System capability**: SystemCapability.Security.Huks.Extension 2545 2546**Parameters** 2547 2548| Name | Type | Mandatory| Description | 2549| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 2550| keyAlias | string | Yes | Alias of the key. | 2551| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | 2552| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.| 2553 2554**Example** 2555 2556```ts 2557import huks from '@ohos.security.huks'; 2558/* Generate an RSA key of 512 bits. */ 2559class HuksProperties { 2560 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2561 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2562 huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC 2563} 2564let keyAlias = 'keyAlias'; 2565let properties: HuksProperties[] = [ 2566 { 2567 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2568 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2569 }, 2570 { 2571 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2572 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512 2573 }, 2574 { 2575 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2576 value: 2577 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 2578 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 2579 }, 2580 { 2581 tag: huks.HuksTag.HUKS_TAG_PADDING, 2582 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 2583 }, 2584 { 2585 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2586 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2587 } 2588]; 2589let options: huks.HuksOptions = { 2590 properties: properties 2591}; 2592huks.generateKey(keyAlias, options, (err, data) => { 2593}); 2594``` 2595 2596## huks.generateKey<sup>(deprecated)</sup> 2597 2598generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2599 2600Generates a key. This API uses a promise to return the result. 2601 2602> **NOTE** 2603> 2604> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9-1). 2605 2606**System capability**: SystemCapability.Security.Huks.Extension 2607 2608**Parameters** 2609 2610| Name | Type | Mandatory| Description | 2611| -------- | --------------------------- | ---- | ------------------------ | 2612| keyAlias | string | Yes | Alias of the key. | 2613| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.| 2614 2615**Return value** 2616 2617| Type | Description | 2618| ----------------------------------- | -------------------------------------------------- | 2619| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2620 2621**Example** 2622 2623```ts 2624import huks from '@ohos.security.huks'; 2625/* Generate an ECC key of 256 bits. */ 2626class HuksProperties { 2627 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2628 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2629 huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 2630} 2631 2632let keyAlias = 'keyAlias'; 2633let properties: HuksProperties[] = [ 2634 { 2635 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2636 value: huks.HuksKeyAlg.HUKS_ALG_ECC 2637 }, 2638 { 2639 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2640 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 2641 }, 2642 { 2643 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2644 value: 2645 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 2646 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 2647 }, 2648 { 2649 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2650 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2651 } 2652]; 2653let options: huks.HuksOptions = { 2654 properties: properties 2655}; 2656let result = huks.generateKey(keyAlias, options); 2657``` 2658 2659## huks.deleteKey<sup>(deprecated)</sup> 2660 2661deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2662 2663Deletes a key. This API uses an asynchronous callback to return the result. 2664 2665> **NOTE** 2666> 2667> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9). 2668 2669**System capability**: SystemCapability.Security.Huks.Extension 2670 2671**Parameters** 2672 2673| Name | Type | Mandatory| Description | 2674| -------- | ----------------------------------------- | ---- | -------------------------------------------------- | 2675| keyAlias | string | Yes | Key alias passed in when the key was generated. | 2676| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 2677| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2678 2679**Example** 2680 2681```ts 2682import huks from '@ohos.security.huks'; 2683/* Set options to emptyOptions. */ 2684let keyAlias = 'keyAlias'; 2685let emptyOptions: huks.HuksOptions = { 2686 properties: [] 2687}; 2688huks.deleteKey(keyAlias, emptyOptions, (err, data) => { 2689}); 2690``` 2691 2692## huks.deleteKey<sup>(deprecated)</sup> 2693 2694deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2695 2696Deletes a key. This API uses a promise to return the result. 2697 2698> **NOTE** 2699> 2700> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9-1). 2701 2702**System capability**: SystemCapability.Security.Huks.Extension 2703 2704**Parameters** 2705 2706| Name | Type | Mandatory| Description | 2707| -------- | ----------- | ---- | ----------------------------------------------------- | 2708| keyAlias | string | Yes | Key alias passed in when the key was generated.| 2709| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 2710 2711**Return value** 2712 2713| Type | Description | 2714| ----------------------------------- | -------------------------------------------------- | 2715| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2716 2717**Example** 2718 2719```ts 2720import huks from '@ohos.security.huks'; 2721/* Set options to emptyOptions. */ 2722let keyAlias = 'keyAlias'; 2723let emptyOptions: huks.HuksOptions = { 2724 properties: [] 2725}; 2726let result = huks.deleteKey(keyAlias, emptyOptions); 2727``` 2728 2729## huks.importKey<sup>(deprecated)</sup> 2730 2731importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2732 2733Imports a key in plaintext. This API uses an asynchronous callback to return the result. 2734 2735> **NOTE** 2736> 2737> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9). 2738 2739**System capability**: SystemCapability.Security.Huks.Extension 2740 2741**Parameters** 2742 2743| Name | Type | Mandatory| Description | 2744| -------- | ------------------------ | ---- | ------------------------------------------------- | 2745| keyAlias | string | Yes | Alias of the key.| 2746| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 2747| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2748 2749**Example** 2750 2751```ts 2752import huks from '@ohos.security.huks'; 2753/* Import an AES key of 256 bits. */ 2754class HuksProperties { 2755 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2756 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2757 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 2758} 2759let plainTextSize32 = makeRandomArr(32); 2760function makeRandomArr(size: number) { 2761 let arr = new Uint8Array(size); 2762 for (let i = 0; i < size; i++) { 2763 arr[i] = Math.floor(Math.random() * 10); 2764 } 2765 return arr; 2766}; 2767let keyAlias = 'keyAlias'; 2768let properties: HuksProperties[] = [ 2769 { 2770 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2771 value: huks.HuksKeyAlg.HUKS_ALG_AES 2772 }, 2773 { 2774 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2775 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 2776 }, 2777 { 2778 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2779 value: 2780 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 2781 }, 2782 { 2783 tag: huks.HuksTag.HUKS_TAG_PADDING, 2784 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 2785 }, 2786 { 2787 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2788 value: huks.HuksCipherMode.HUKS_MODE_ECB 2789 } 2790]; 2791let options: huks.HuksOptions = { 2792 properties: properties, 2793 inData: plainTextSize32 2794}; 2795huks.importKey(keyAlias, options, (err, data) => { 2796}); 2797``` 2798 2799## huks.importKey<sup>(deprecated)</sup> 2800 2801importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2802 2803Imports a key in plaintext. This API uses a promise to return the result. 2804 2805> **NOTE** 2806> 2807> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9-1). 2808 2809**System capability**: SystemCapability.Security.Huks.Extension 2810 2811**Parameters** 2812 2813| Name | Type | Mandatory| Description | 2814| -------- | ----------- | ---- | ------------------------------------ | 2815| keyAlias | string | Yes | Alias of the key.| 2816| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 2817 2818**Return value** 2819 2820| Type | Description | 2821| ----------------------------------- | -------------------------------------------------- | 2822| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2823 2824**Example** 2825 2826```ts 2827import huks from '@ohos.security.huks'; 2828/* Import an AES key of 128 bits. */ 2829class HuksProperties { 2830 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2831 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2832 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 2833} 2834let plainTextSize32 = makeRandomArr(32); 2835function makeRandomArr(size: number) { 2836 let arr = new Uint8Array(size); 2837 for (let i = 0; i < size; i++) { 2838 arr[i] = Math.floor(Math.random() * 10); 2839 } 2840 return arr; 2841}; 2842/* Step 1 Generate a key. */ 2843let keyAlias = 'keyAlias'; 2844let properties: HuksProperties[] = [ 2845 { 2846 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2847 value: huks.HuksKeyAlg.HUKS_ALG_AES 2848 }, 2849 { 2850 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2851 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 2852 }, 2853 { 2854 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2855 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 2856 }, 2857 { 2858 tag: huks.HuksTag.HUKS_TAG_PADDING, 2859 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 2860 }, 2861 { 2862 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2863 value: huks.HuksCipherMode.HUKS_MODE_ECB 2864 } 2865]; 2866let huksoptions: huks.HuksOptions = { 2867 properties: properties, 2868 inData: plainTextSize32 2869}; 2870let result = huks.importKey(keyAlias, huksoptions); 2871``` 2872 2873## huks.exportKey<sup>(deprecated)</sup> 2874 2875exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2876 2877Exports a key. This API uses an asynchronous callback to return the result. 2878 2879> **NOTE** 2880> 2881> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9). 2882 2883**System capability**: SystemCapability.Security.Huks.Extension 2884 2885**Parameters** 2886 2887| Name | Type | Mandatory| Description | 2888| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 2889| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 2890| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 2891| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 2892 2893**Example** 2894 2895```ts 2896import huks from '@ohos.security.huks'; 2897/* Set options to emptyOptions. */ 2898let keyAlias = 'keyAlias'; 2899let emptyOptions: huks.HuksOptions = { 2900 properties: [] 2901}; 2902huks.exportKey(keyAlias, emptyOptions, (err, data) => { 2903}); 2904``` 2905 2906## huks.exportKey<sup>(deprecated)</sup> 2907 2908exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2909 2910Exports a key. This API uses a promise to return the result. 2911 2912> **NOTE** 2913> 2914> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9-1). 2915 2916**System capability**: SystemCapability.Security.Huks.Extension 2917 2918**Parameters** 2919 2920| Name | Type | Mandatory| Description | 2921| -------- | ----------- | ---- | ------------------------------------------------------------ | 2922| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 2923| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 2924 2925**Return value** 2926 2927| Type | Description | 2928| ----------------------------------- | ------------------------------------------------------------ | 2929| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 2930 2931**Example** 2932 2933```ts 2934import huks from '@ohos.security.huks'; 2935/* Set options to emptyOptions. */ 2936let keyAlias = 'keyAlias'; 2937let emptyOptions: huks.HuksOptions = { 2938 properties: [] 2939}; 2940let result = huks.exportKey(keyAlias, emptyOptions); 2941``` 2942 2943## huks.getKeyProperties<sup>(deprecated)</sup> 2944 2945getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2946 2947Obtains key properties. This API uses an asynchronous callback to return the result. 2948 2949> **NOTE** 2950> 2951> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9). 2952 2953**System capability**: SystemCapability.Security.Huks.Extension 2954 2955**Parameters** 2956 2957| Name | Type | Mandatory| Description | 2958| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 2959| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 2960| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 2961| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.| 2962 2963**Example** 2964 2965```ts 2966import huks from '@ohos.security.huks'; 2967/* Set options to emptyOptions. */ 2968let keyAlias = 'keyAlias'; 2969let emptyOptions: huks.HuksOptions = { 2970 properties: [] 2971}; 2972huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => { 2973}); 2974``` 2975 2976## huks.getKeyProperties<sup>(deprecated)</sup> 2977 2978getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2979 2980Obtains key properties. This API uses a promise to return the result. 2981 2982> **NOTE** 2983> 2984> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9-1). 2985 2986**System capability**: SystemCapability.Security.Huks.Extension 2987 2988**Parameters** 2989 2990| Name | Type | Mandatory| Description | 2991| -------- | ----------- | ---- | ------------------------------------------------------------ | 2992| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 2993| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 2994 2995**Return value** 2996 2997| Type | Description | 2998| ------------------ | ------------------------------------------------------------ | 2999| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.| 3000 3001**Example** 3002 3003```ts 3004import huks from '@ohos.security.huks'; 3005/* Set options to emptyOptions. */ 3006let keyAlias = 'keyAlias'; 3007let emptyOptions: huks.HuksOptions = { 3008 properties: [] 3009}; 3010let result = huks.getKeyProperties(keyAlias, emptyOptions); 3011``` 3012 3013## huks.isKeyExist<sup>(deprecated)</sup> 3014 3015isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 3016 3017Checks whether a key exists. This API uses an asynchronous callback to return the result. 3018 3019> **NOTE** 3020> 3021> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9). 3022 3023**System capability**: SystemCapability.Security.Huks.Extension 3024 3025**Parameters** 3026 3027| Name | Type | Mandatory| Description | 3028| -------- | ---------------------- | ---- | ------------------------------------- | 3029| keyAlias | string | Yes | Alias of the key to check.| 3030| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3031| callback | AsyncCallback\<boolean> | Yes | Callback invoked to return the result. The value **TRUE** means that the key exists; **FALSE** means the opposite.| 3032 3033**Example** 3034 3035```ts 3036import huks from '@ohos.security.huks'; 3037/* Set options to emptyOptions. */ 3038let keyAlias = 'keyAlias'; 3039let emptyOptions: huks.HuksOptions = { 3040 properties: [] 3041}; 3042huks.isKeyExist(keyAlias, emptyOptions, (err, data) => { 3043}); 3044``` 3045 3046## huks.isKeyExist<sup>(deprecated)</sup> 3047 3048isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 3049 3050Checks whether a key exists. This API uses a promise to return the result. 3051 3052> **NOTE** 3053> 3054> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9-1). 3055 3056**System capability**: SystemCapability.Security.Huks.Extension 3057 3058**Parameters** 3059 3060| Name | Type | Mandatory| Description | 3061| -------- | ----------- | ---- | -------------------------------- | 3062| keyAlias | string | Yes | Alias of the key to check.| 3063| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3064 3065**Return value** 3066 3067| Type | Description | 3068| ----------------- | --------------------------------------- | 3069| Promise\<boolean> | Promise used to return the result. The value **TRUE** means that the key exists; **FALSE** means the opposite.| 3070 3071**Example** 3072 3073```ts 3074import huks from '@ohos.security.huks'; 3075/* Set options to emptyOptions. */ 3076let keyAlias = 'keyAlias'; 3077let emptyOptions: huks.HuksOptions = { 3078 properties: [] 3079}; 3080let result = huks.isKeyExist(keyAlias, emptyOptions); 3081``` 3082 3083## huks.init<sup>(deprecated)</sup> 3084 3085init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksHandle>) : void 3086 3087Initializes the data for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3088 3089> **NOTE** 3090> 3091> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3092 3093**System capability**: SystemCapability.Security.Huks.Extension 3094 3095**Parameters** 3096 3097| Name | Type | Mandatory| Description | 3098| -------- | ---------------------- | ---- | ------------------------------------- | 3099| keyAlias | string | Yes | Alias of the target key.| 3100| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3101| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback invoked to return a session handle for subsequent operations.| 3102 3103## huks.init<sup>(deprecated)</sup> 3104 3105init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> 3106 3107Initializes the data for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3108 3109> **NOTE** 3110> 3111> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3112 3113**System capability**: SystemCapability.Security.Huks.Extension 3114 3115**Parameters** 3116 3117| Name | Type | Mandatory| Description | 3118| -------- | ---------------------- | ---- | ------------------------------------- | 3119| keyAlias | string | Yes | Alias of the target key.| 3120| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3121 3122**Return value** 3123 3124| Type | Description | 3125| ----------------------------------- | -------------------------------------------------- | 3126| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return a session handle for subsequent operations.| 3127 3128## huks.update<sup>(deprecated)</sup> 3129 3130update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3131 3132Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3133 3134> **NOTE** 3135> 3136> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-1). 3137 3138**System capability**: SystemCapability.Security.Huks.Extension 3139 3140**Parameters** 3141 3142| Name | Type | Mandatory| Description | 3143| -------- | ----------------------------------------- | ---- | -------------------------------------------- | 3144| handle | number | Yes | Handle for the **update** operation. | 3145| token | Uint8Array | No | Token of the **update** operation. | 3146| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3147| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the **update** operation result.| 3148 3149## huks.update<sup>(deprecated)</sup> 3150 3151update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>; 3152 3153Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3154 3155> **NOTE** 3156> 3157> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-2). 3158 3159**System capability**: SystemCapability.Security.Huks.Extension 3160 3161**Parameters** 3162 3163| Name | Type | Mandatory| Description | 3164| ------- | ----------------------------------- | ---- | -------------------------------------------- | 3165| handle | number | Yes | Handle for the **update** operation. | 3166| token | Uint8Array | No | Token of the **update** operation. | 3167| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3168 3169**Return value** 3170 3171| Type | Description | 3172| ----------------------------------- | -------------------------------------------------- | 3173| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **update** operation result.| 3174 3175## huks.finish<sup>(deprecated)</sup> 3176 3177finish(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3178 3179Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3180 3181> **NOTE** 3182> 3183> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9). 3184 3185**System capability**: SystemCapability.Security.Huks.Extension 3186 3187**Parameters** 3188 3189| Name | Type | Mandatory| Description | 3190| -------- | ---------------------- | ---- | ------------------------------------- | 3191| handle | number | Yes | Handle for the **finish** operation.| 3192| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3193| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback invoked to return the **finish** operation result.| 3194 3195## huks.finish<sup>(deprecated)</sup> 3196 3197finish(handle: number, options: HuksOptions) : Promise\<HuksResult> 3198 3199Completes the key operation and releases resources. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3200 3201> **NOTE** 3202> 3203> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9-1). 3204 3205**System capability**: SystemCapability.Security.Huks.Extension 3206 3207**Parameters** 3208 3209| Name | Type | Mandatory| Description | 3210| -------- | ---------------------- | ---- | ------------------------------------- | 3211| handle | number | Yes | Handle for the **finish** operation.| 3212| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3213 3214**Return value** 3215 3216| Type | Description | 3217| ----------------------------------- | -------------------------------------------------- | 3218| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.| 3219 3220## huks.abort<sup>(deprecated)</sup> 3221 3222abort(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3223 3224Aborts the use of the key. This API uses an asynchronous callback to return the result. 3225 3226> **NOTE** 3227> 3228> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9). 3229 3230**System capability**: SystemCapability.Security.Huks.Extension 3231 3232**Parameters** 3233 3234| Name | Type | Mandatory| Description | 3235| -------- | ---------------------- | ---- | ------------------------------------- | 3236| handle | number | Yes | Handle for the **abort** operation.| 3237| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3238| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback invoked to return the **abort** operation result.| 3239 3240**Example** 3241 3242```ts 3243import huks from '@ohos.security.huks'; 3244import { BusinessError } from '@ohos.base'; 3245/* huks.init, huks.update, and huks.finish must be used together. 3246 * If an error occurs in any of them, huks.abort must be called to terminate the use of the key. 3247 * 3248 * The following uses the callback of an RSA 1024 key as an example. 3249 */ 3250class HuksProperties { 3251 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3252 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3253 huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC 3254} 3255let keyalias = "HuksDemoRSA"; 3256let properties: HuksProperties[] = []; 3257let options: huks.HuksOptions = { 3258 properties: properties, 3259 inData: new Uint8Array(0) 3260}; 3261let handle: number = 0; 3262let resultMessage = ""; 3263async function generateKey() { 3264 properties[0] = { 3265 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3266 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3267 }; 3268 properties[1] = { 3269 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3270 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024 3271 }; 3272 properties[2] = { 3273 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3274 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3275 }; 3276 properties[3] = { 3277 tag: huks.HuksTag.HUKS_TAG_PADDING, 3278 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3279 }; 3280 properties[4] = { 3281 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3282 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3283 }; 3284 huks.generateKey(keyalias, options); 3285} 3286function stringToUint8Array(str: string) { 3287 let arr: number[] = []; 3288 for (let i = 0, j = str.length; i < j; ++i) { 3289 arr.push(str.charCodeAt(i)); 3290 } 3291 let tmpUint8Array = new Uint8Array(arr); 3292 return tmpUint8Array; 3293} 3294async function huksInit() { 3295 await huks.init(keyalias, options).then((data) => { 3296 console.log(`test init data: ${JSON.stringify(data)}`); 3297 handle = data.handle; 3298 }).catch((err: BusinessError) => { 3299 console.log("test init err information: " + JSON.stringify(err)) 3300 }) 3301} 3302async function huksUpdate() { 3303 options.inData = stringToUint8Array("huksHmacTest"); 3304 await huks.update(handle, options.inData, options).then((data) => { 3305 if (data.errorCode === 0) { 3306 resultMessage += "update success!"; 3307 } else { 3308 resultMessage += "update fail!"; 3309 } 3310 }); 3311 console.log(resultMessage); 3312} 3313function huksFinish() { 3314 options.inData = stringToUint8Array("HuksDemoHMAC"); 3315 huks.finish(handle, options).then((data) => { 3316 if (data.errorCode === 0) { 3317 resultMessage = "finish success!"; 3318 } else { 3319 resultMessage = "finish fail errorCode: " + data.errorCode; 3320 } 3321 }).catch((err: BusinessError) => { 3322 resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err) 3323 }); 3324 console.log(resultMessage); 3325} 3326async function huksAbort() { 3327 huks.abort(handle, options).then((data) => { 3328 if (data.errorCode === 0) { 3329 resultMessage = "abort success!"; 3330 } else { 3331 resultMessage = "abort fail errorCode: " + data.errorCode; 3332 } 3333 }).catch((err: BusinessError) => { 3334 resultMessage = "Failed to abort the use of the key. catch errorMessage:" + JSON.stringify(err) 3335 }); 3336 console.log(resultMessage); 3337} 3338``` 3339 3340## huks.abort<sup>(deprecated)</sup> 3341 3342abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; 3343 3344Aborts the use of the key. This API uses a promise to return the result. 3345 3346> **NOTE** 3347> 3348> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9-1). 3349 3350**System capability**: SystemCapability.Security.Huks.Extension 3351 3352**Parameters** 3353 3354| Name | Type | Mandatory| Description | 3355| -------- | ---------------------- | ---- | ------------------------------------- | 3356| handle | number | Yes | Handle for the **abort** operation.| 3357| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3358 3359**Return value** 3360 3361| Type | Description | 3362| ----------------------------------- | -------------------------------------------------- | 3363| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **abort** operation result.| 3364 3365**Example** 3366 3367```ts 3368import huks from '@ohos.security.huks'; 3369import { BusinessError } from '@ohos.base'; 3370/* huks.init, huks.update, and huks.finish must be used together. 3371 * If an error occurs in any of them, huks.abort must be called to terminate the use of the key. 3372 * 3373 * The following uses the promise of an RSA 1024-bit key as an example. 3374 */ 3375class HuksProperties { 3376 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3377 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3378 huks.HuksKeyPadding | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 3379} 3380let keyalias = "HuksDemoRSA"; 3381let properties: HuksProperties[] = []; 3382let options: huks.HuksOptions = { 3383 properties: properties, 3384 inData: new Uint8Array(0) 3385}; 3386let handle: number = 0; 3387let resultMessage = ""; 3388 3389function stringToUint8Array(str: string) { 3390 let arr: number[] = []; 3391 for (let i = 0, j = str.length; i < j; ++i) { 3392 arr.push(str.charCodeAt(i)); 3393 } 3394 let tmpUint8Array = new Uint8Array(arr); 3395 return tmpUint8Array; 3396} 3397 3398async function generateKey() { 3399 properties[0] = { 3400 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3401 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3402 }; 3403 properties[1] = { 3404 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3405 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024 3406 }; 3407 properties[2] = { 3408 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3409 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3410 }; 3411 properties[3] = { 3412 tag: huks.HuksTag.HUKS_TAG_PADDING, 3413 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3414 }; 3415 properties[4] = { 3416 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3417 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3418 }; 3419 huks.generateKey(keyalias, options, (err, data) => { 3420 }); 3421} 3422 3423async function huksInit() { 3424 return new Promise<huks.HuksHandle>((resolve, reject) => { 3425 huks.init(keyalias, options, async (err, data) => { 3426 if (data.errorCode === 0) { 3427 resultMessage = "init success!" 3428 handle = data.handle; 3429 } else { 3430 resultMessage = "init fail errorCode: " + data.errorCode 3431 } 3432 }); 3433 }); 3434} 3435 3436async function huksUpdate() { 3437 options.inData = stringToUint8Array("huksHmacTest"); 3438 new Promise<huks.HuksResult>((resolve, reject) => { 3439 huks.update(handle, options.inData, options, (err, data) => { 3440 if (data.errorCode === 0) { 3441 resultMessage += "update success!"; 3442 } else { 3443 resultMessage += "update fail!"; 3444 } 3445 }); 3446 }); 3447 console.log(resultMessage); 3448 3449} 3450 3451async function huksFinish() { 3452 options.inData = stringToUint8Array("0"); 3453 new Promise<huks.HuksResult>((resolve, reject) => { 3454 huks.finish(handle, options, (err, data) => { 3455 if (data.errorCode === 0) { 3456 resultMessage = "finish success!"; 3457 } else { 3458 resultMessage = "finish fail errorCode: " + data.errorCode; 3459 } 3460 }); 3461 }); 3462} 3463 3464function huksAbort() { 3465 new Promise<huks.HuksResult>((resolve, reject) => { 3466 huks.abort(handle, options, (err, data) => { 3467 console.log(`Huks_Demo hmac huksAbort1 data ${JSON.stringify(data)}`); 3468 console.log(`Huks_Demo hmac huksAbort1 err ${JSON.stringify(err)}`); 3469 }); 3470 }); 3471} 3472``` 3473 3474## HuksHandle<sup>(deprecated)</sup> 3475 3476Defines the HUKS handle structure. 3477 3478**System capability**: SystemCapability.Security.Huks.Extension 3479> **NOTE** 3480> 3481> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle<sup>9+</sup>](#hukssessionhandle9). 3482 3483| Name | Type | Mandatory| Description | 3484| ---------- | ---------------- | ---- | -------- | 3485| errorCode | number | Yes | Error code.| 3486| handle | number | Yes| Value of the handle.| 3487| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.| 3488 3489## HuksResult<sup>(deprecated)</sup> 3490 3491Defines the **HuksResult** structure. 3492 3493**System capability**: SystemCapability.Security.Huks.Extension 3494 3495> **NOTE** 3496> 3497> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult<sup>9+</sup>](#huksreturnresult9). 3498> - For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 3499 3500| Name | Type | Mandatory| Description | 3501| ---------- | ------------------------------- | ---- | ---------------- | 3502| errorCode | number | Yes | Error code. | 3503| outData | Uint8Array | No | Output data. | 3504| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 3505| certChains | Array\<string> | No | Certificate chain information.| 3506 3507## HuksErrorCode<sup>(deprecated)</sup> 3508 3509Enumerates the error codes. 3510 3511**System capability**: SystemCapability.Security.Huks.Extension 3512> **NOTE** 3513> 3514> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode<sup>9+</sup>](#huksexceptionerrcode9). 3515 3516| Name | Value | Description| 3517| -------------------------- | ----- | ---- | 3518| HUKS_SUCCESS | 0 |Success.| 3519| HUKS_FAILURE | -1 |Failure.| 3520| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.| 3521| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.| 3522| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.| 3523| HUKS_ERROR_NO_PERMISSION | -5 |No permission.| 3524| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.| 3525| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.| 3526| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.| 3527| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.| 3528| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.| 3529| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.| 3530| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.| 3531| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.| 3532| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.| 3533| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.| 3534| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.| 3535| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.| 3536| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.| 3537| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.| 3538| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.| 3539| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.| 3540| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.| 3541| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.| 3542| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.| 3543| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.| 3544| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.| 3545| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.| 3546| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.| 3547| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.| 3548| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.| 3549| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.| 3550| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.| 3551| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.| 3552| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.| 3553| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFUSE.| 3554| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.| 3555| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.| 3556| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.| 3557| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. | 3558| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.| 3559| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.| 3560| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.| 3561| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.| 3562| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.| 3563| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.| 3564| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.| 3565| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).| 3566| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.| 3567| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.| 3568| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.| 3569| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.| 3570| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.| 3571| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.| 3572| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.| 3573| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.| 3574| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.| 3575| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.| 3576| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.| 3577| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.| 3578| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.| 3579| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.| 3580| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.| 3581| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.| 3582| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.| 3583| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.| 3584| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.| 3585