1# 匿名密钥证明(ArkTS) 2 3 4## 开发步骤 5 61. 确定密钥别名keyAlias,密钥别名最大长度为64字节。 7 82. 初始化参数集。 9 10 [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。 11 123. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。 13 144. 将密钥别名与参数集作为参数传入[huks.anonAttestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksanonattestkeyitem11)方法中,即可证明密钥。 15 16```ts 17/* 18 * 以下以anonAttestKey的Promise接口操作验证为例 19 */ 20import huks from '@ohos.security.huks'; 21import { BusinessError } from '@ohos.base'; 22/* 1.确定密钥别名 */ 23let keyAliasString = "key anon attest"; 24let aliasString = keyAliasString; 25let aliasUint8 = StringToUint8Array(keyAliasString); 26let securityLevel = StringToUint8Array('sec_level'); 27let challenge = StringToUint8Array('challenge_data'); 28let versionInfo = StringToUint8Array('version_info'); 29let anonAttestCertChain: Array<string>; 30class throwObject { 31 isThrow: boolean = false; 32} 33class genKeyPropertyType { 34 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; 35 value: huks.HuksKeyAlg | huks.HuksKeyStorageType | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest 36 | huks.HuksKeyPadding | huks.HuksKeyGenerateType | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_RSA 37} 38/* 封装生成时的密钥参数集 */ 39let genKeyProperties: genKeyPropertyType[] = [ 40 { 41 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 42 value: huks.HuksKeyAlg.HUKS_ALG_RSA 43 }, 44 { 45 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 46 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 47 }, 48 { 49 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 50 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 51 }, 52 { 53 tag: huks.HuksTag.HUKS_TAG_DIGEST, 54 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 55 }, 56 { 57 tag: huks.HuksTag.HUKS_TAG_PADDING, 58 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 59 }, 60 { 61 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 62 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 63 }, 64 { 65 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 66 value: huks.HuksCipherMode.HUKS_MODE_ECB 67 } 68] 69let genOptions: huks.HuksOptions = { 70 properties: genKeyProperties 71}; 72class anonAttestKeypropertyType { 73 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO; 74 value: Uint8Array = securityLevel; 75} 76/* 2.封装证明密钥的参数集 */ 77let anonAttestKeyproperties: anonAttestKeypropertyType[] = [ 78 { 79 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 80 value: securityLevel 81 }, 82 { 83 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 84 value: challenge 85 }, 86 { 87 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 88 value: versionInfo 89 }, 90 { 91 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 92 value: aliasUint8 93 } 94] 95let huksOptions: huks.HuksOptions = { 96 properties: anonAttestKeyproperties 97}; 98function StringToUint8Array(str: string) { 99 let arr: number[] = []; 100 for (let i = 0, j = str.length; i < j; ++i) { 101 arr.push(str.charCodeAt(i)); 102 } 103 return new Uint8Array(arr); 104} 105function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 106 return new Promise<void>((resolve, reject) => { 107 try { 108 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 109 if (error) { 110 reject(error); 111 } else { 112 resolve(data); 113 } 114 }); 115 } catch (error) { 116 throwObject.isThrow = true; 117 throw(error as Error); 118 } 119 }); 120} 121/* 3.生成密钥 */ 122async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 123 console.info(`enter promise generateKeyItem`); 124 let throwObject: throwObject = {isThrow: false}; 125 try { 126 await generateKeyItem(keyAlias, huksOptions, throwObject) 127 .then((data) => { 128 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 129 }) 130 .catch((error: BusinessError) => { 131 if (throwObject.isThrow) { 132 throw(error as Error); 133 } else { 134 console.error(`promise: generateKeyItem failed` + error); 135 } 136 }); 137 } catch (error) { 138 console.error(`promise: generateKeyItem input arg invalid` + error); 139 } 140} 141/* 4.证明密钥 */ 142function anonAttestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 143 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 144 try { 145 huks.anonAttestKeyItem(keyAlias, huksOptions, (error, data) => { 146 if (error) { 147 reject(error); 148 } else { 149 resolve(data); 150 } 151 }); 152 } catch (error) { 153 throwObject.isThrow = true; 154 throw(error as Error); 155 } 156 }); 157} 158async function publicAnonAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 159 console.info(`enter promise anonAttestKeyItem`); 160 let throwObject: throwObject = {isThrow: false}; 161 try { 162 await anonAttestKeyItem(keyAlias, huksOptions, throwObject) 163 .then ((data) => { 164 console.info(`promise: anonAttestKeyItem success, data = ${JSON.stringify(data)}`); 165 if (data !== null && data.certChains !== null) { 166 anonAttestCertChain = data.certChains as string[]; 167 } 168 }) 169 .catch((error: BusinessError) => { 170 if (throwObject.isThrow) { 171 throw(error as Error); 172 } else { 173 console.error(`promise: anonAttestKeyItem failed` + error); 174 } 175 }); 176 } catch (error) { 177 console.error(`promise: anonAttestKeyItem input arg invalid` + error); 178 } 179} 180async function AnonAttestKeyTest() { 181 await publicGenKeyFunc(aliasString, genOptions); 182 await publicAnonAttestKey(aliasString, huksOptions); 183 console.info('anon attest certChain data: ' + anonAttestCertChain) 184} 185``` 186