1# 非匿名密钥证明(仅向系统应用开放)(ArkTS) 2 3本接口有权限管控(需申请"ohos.permission.ATTEST_KEY"权限),且仅面向系统应用开放。 4 5## 开发步骤 6 71. 确定密钥别名keyAlias,密钥别名最大长度为64字节。 8 92. 初始化参数集。 10 11 [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。 12 133. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。 14 154. 将密钥别名与参数集作为参数传入[huks.attestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksattestkeyitem9)方法中,即可证明密钥。 16 17```ts 18/* 19 * 以下以attestKey的Promise接口操作验证为例 20 */ 21import huks from '@ohos.security.huks'; 22import { BusinessError } from '@ohos.base'; 23/* 1.确定密钥别名 */ 24let keyAliasString = "key attest"; 25let aliasString = keyAliasString; 26let aliasUint8 = StringToUint8Array(keyAliasString); 27let securityLevel = StringToUint8Array('sec_level'); 28let challenge = StringToUint8Array('challenge_data'); 29let versionInfo = StringToUint8Array('version_info'); 30let attestCertChain: Array<string>; 31class throwObject { 32 isThrow: boolean = false; 33} 34class genKeyPropertyType { 35 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM; 36 value: huks.HuksKeyAlg | huks.HuksKeyStorageType | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest 37 | huks.HuksKeyPadding | huks.HuksKeyGenerateType | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_RSA 38} 39/* 封装生成时的密钥参数集 */ 40let genKeyProperties: genKeyPropertyType[] = [ 41 { 42 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 43 value: huks.HuksKeyAlg.HUKS_ALG_RSA 44 }, 45 { 46 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 47 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 48 }, 49 { 50 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 51 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 52 }, 53 { 54 tag: huks.HuksTag.HUKS_TAG_DIGEST, 55 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 56 }, 57 { 58 tag: huks.HuksTag.HUKS_TAG_PADDING, 59 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 60 }, 61 { 62 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 63 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 64 }, 65 { 66 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 67 value: huks.HuksCipherMode.HUKS_MODE_ECB 68 } 69] 70let genOptions: huks.HuksOptions = { 71 properties: genKeyProperties 72}; 73class attestKeypropertyType { 74 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO; 75 value: Uint8Array = securityLevel; 76} 77/* 2.封装证明密钥的参数集 */ 78let attestKeyproperties: attestKeypropertyType[] = [ 79 { 80 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 81 value: securityLevel 82 }, 83 { 84 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 85 value: challenge 86 }, 87 { 88 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 89 value: versionInfo 90 }, 91 { 92 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 93 value: aliasUint8 94 } 95] 96let huksOptions: huks.HuksOptions = { 97 properties: attestKeyproperties 98}; 99function StringToUint8Array(str: string) { 100 let arr: number[] = []; 101 for (let i = 0, j = str.length; i < j; ++i) { 102 arr.push(str.charCodeAt(i)); 103 } 104 return new Uint8Array(arr); 105} 106function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 107 return new Promise<void>((resolve, reject) => { 108 try { 109 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 110 if (error) { 111 reject(error); 112 } else { 113 resolve(data); 114 } 115 }); 116 } catch (error) { 117 throwObject.isThrow = true; 118 throw(error as Error); 119 } 120 }); 121} 122/* 3.生成密钥 */ 123async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 124 console.info(`enter promise generateKeyItem`); 125 let throwObject: throwObject = {isThrow: false}; 126 try { 127 await generateKeyItem(keyAlias, huksOptions, throwObject) 128 .then((data) => { 129 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 130 }) 131 .catch((error: BusinessError) => { 132 if (throwObject.isThrow) { 133 throw(error as Error); 134 } else { 135 console.error(`promise: generateKeyItem failed` + error); 136 } 137 }); 138 } catch (error) { 139 console.error(`promise: generateKeyItem input arg invalid` + error); 140 } 141} 142/* 4.证明密钥 */ 143function attestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 144 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 145 try { 146 huks.attestKeyItem(keyAlias, huksOptions, (error, data) => { 147 if (error) { 148 reject(error); 149 } else { 150 resolve(data); 151 } 152 }); 153 } catch (error) { 154 throwObject.isThrow = true; 155 throw(error as Error); 156 } 157 }); 158} 159async function publicAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 160 console.info(`enter promise attestKeyItem`); 161 let throwObject: throwObject = {isThrow: false}; 162 try { 163 await attestKeyItem(keyAlias, huksOptions, throwObject) 164 .then ((data) => { 165 console.info(`promise: attestKeyItem success, data = ${JSON.stringify(data)}`); 166 if (data !== null && data.certChains !== null) { 167 attestCertChain = data.certChains as string[]; 168 } 169 }) 170 .catch((error: BusinessError) => { 171 if (throwObject.isThrow) { 172 throw(error as Error); 173 } else { 174 console.error(`promise: attestKeyItem failed` + error); 175 } 176 }); 177 } catch (error) { 178 console.error(`promise: attestKeyItem input arg invalid` + error); 179 } 180} 181async function AttestKeyTest() { 182 await publicGenKeyFunc(aliasString, genOptions); 183 await publicAttestKey(aliasString, huksOptions); 184 console.info('attest certChain data: ' + attestCertChain) 185} 186``` 187