1# @ohos.security.huks (Universal Keystore) 2 3The **huks** module provides KeyStore (KS) capabilities, including key management and cryptographic operations, for applications. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs. 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import { huks } from '@kit.UniversalKeystoreKit'; 13``` 14 15## HuksParam 16 17Defines the **param** field in the **properties** array of **options** used in the APIs. 18 19**Atomic service API**: This API can be used in atomic services since API version 11. 20 21**System capability**: SystemCapability.Security.Huks.Core 22 23| Name| Type | Mandatory| Description | 24| ------ | ----------------------------------- | ---- | ------------ | 25| tag | [HuksTag](#hukstag) | Yes | Tag. | 26| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.| 27 28## HuksOptions 29 30Defines **options** used in the APIs. 31 32**Atomic service API**: This API can be used in atomic services since API version 11. 33 34**System capability**: SystemCapability.Security.Huks.Core 35 36| Name | Type | Mandatory| Description | 37| ---------- | ----------------- | ---- | ------------------------ | 38| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.| 39| inData | Uint8Array | No | Input data. | 40 41## HuksSessionHandle<sup>9+</sup> 42 43Defines the struct for a HUKS handle. 44 45**Atomic service API**: This API can be used in atomic services since API version 11. 46 47**System capability**: SystemCapability.Security.Huks.Core 48 49| Name | Type | Mandatory| Description | 50| --------- | ---------- | ---- | ---------------------------------------------------- | 51| handle | number | Yes | Value of the handle. | 52| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.| 53 54## HuksReturnResult<sup>9+</sup> 55 56Represents the result returned. 57 58**System capability**: SystemCapability.Security.Huks.Core 59 60 61 62| Name | Type | Mandatory| Description | 63| ---------- | ------------------------------- | ---- | ---------------- | 64| outData | Uint8Array | No | Output data.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 65| properties | Array\<[HuksParam](#huksparam)> | No | Property information.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 66| certChains | Array\<string> | No | Certificate chain information.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 67 68## HuksListAliasesReturnResult<sup>12+</sup> 69 70Represents an array of key aliases. 71 72**Atomic service API**: This API can be used in atomic services since API version 12. 73 74**System capability**: SystemCapability.Security.Huks.Extension 75 76 77 78| Name | Type | Mandatory| Description | 79| ---------- | ------------------------------- | ---- | ---------------- | 80| keyAliases | Array\<string> | Yes | Array of key aliases.| 81 82 83## huks.generateKeyItem<sup>9+</sup> 84 85generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 86 87Generates a key. This API uses an asynchronous callback to return the result. 88 89**Atomic service API**: This API can be used in atomic services since API version 11. 90 91**System capability**: SystemCapability.Security.Huks.Core 92 93**Parameters** 94 95| Name | Type | Mandatory| Description | 96| -------- | --------------------------- | ---- | --------------------------------------------- | 97| keyAlias | string | Yes | Alias of the key. | 98| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 99| callback | AsyncCallback\<void> | Yes | Callback used to return the result. <br/>If the operation is successful, this API does not return the key content because the key is always protected in a TEE. <br/>If an exception occurs in the generation process, an error is captured.| 100 101**Error codes** 102 103For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 104 105| ID| Error Message | 106| -------- | ------------- | 107| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 108| 801 | api is not supported. | 109| 12000001 | algorithm mode is not supported. | 110| 12000002 | algorithm param is missing. | 111| 12000003 | algorithm param is invalid. | 112| 12000004 | operating file failed. | 113| 12000005 | IPC communication failed. | 114| 12000006 | error occurred in crypto engine. | 115| 12000012 | external error. | 116| 12000013 | queried credential does not exist. | 117| 12000014 | memory is insufficient. | 118| 12000015 | call service failed. | 119 120**Example** 121 122```ts 123import { huks } from '@kit.UniversalKeystoreKit'; 124/* Generate a 256-bit ECC key. */ 125let keyAlias: string = 'keyAlias'; 126let properties: Array<huks.HuksParam> =[ 127 { 128 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 129 value: huks.HuksKeyAlg.HUKS_ALG_ECC 130 }, 131 { 132 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 133 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 134 }, 135 { 136 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 137 value: 138 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 139 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 140 }, 141 { 142 tag: huks.HuksTag.HUKS_TAG_DIGEST, 143 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 144 }, 145]; 146let options: huks.HuksOptions = { 147 properties: properties 148}; 149try { 150 huks.generateKeyItem(keyAlias, options, (error, data) => { 151 if (error) { 152 console.error(`callback: generateKeyItem failed`); 153 } else { 154 console.info(`callback: generateKeyItem key success`); 155 } 156 }); 157} catch (error) { 158 console.error(`callback: generateKeyItem input arg invalid`); 159} 160``` 161 162## huks.generateKeyItem<sup>9+</sup> 163 164generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 165 166Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 167 168**Atomic service API**: This API can be used in atomic services since API version 11. 169 170**System capability**: SystemCapability.Security.Huks.Extension 171 172**Parameters** 173 174| Name | Type | Mandatory| Description | 175| -------- | --------------------------- | ---- | ------------------------ | 176| keyAlias | string | Yes | Alias of the key. | 177| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 178 179**Return value** 180 181| Type | Description | 182| ---------------------------------------------- | --------------------------------------------- | 183| Promise\<void> | Promise that returns no value.| 184 185**Error codes** 186 187For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 188 189| ID| Error Message | 190| -------- | ------------- | 191| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 192| 801 | api is not supported. | 193| 12000001 | algorithm mode is not supported. | 194| 12000002 | algorithm param is missing. | 195| 12000003 | algorithm param is invalid. | 196| 12000004 | operating file failed. | 197| 12000005 | IPC communication failed. | 198| 12000006 | error occurred in crypto engine. | 199| 12000012 | external error. | 200| 12000013 | queried credential does not exist. | 201| 12000014 | memory is insufficient. | 202| 12000015 | call service failed. | 203 204**Example** 205 206```ts 207/* Generate a 256-bit ECC key. */ 208import { huks } from '@kit.UniversalKeystoreKit'; 209let keyAlias = 'keyAlias'; 210let properties: Array<huks.HuksParam> =[ 211 { 212 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 213 value: huks.HuksKeyAlg.HUKS_ALG_ECC 214 }, 215 { 216 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 217 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 218 }, 219 { 220 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 221 value: 222 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 223 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 224 }, 225 { 226 tag: huks.HuksTag.HUKS_TAG_DIGEST, 227 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 228 }, 229]; 230let options: huks.HuksOptions = { 231 properties: properties 232}; 233try { 234 huks.generateKeyItem(keyAlias, options) 235 .then((data) => { 236 console.info(`promise: generateKeyItem success`); 237 }) 238 .catch((error: Error) => { 239 console.error(`promise: generateKeyItem failed`); 240 }); 241} catch (error) { 242 console.error(`promise: generateKeyItem input arg invalid`); 243} 244``` 245 246## huks.deleteKeyItem<sup>9+</sup> 247 248deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 249 250Deletes a key. This API uses an asynchronous callback to return the result. 251 252**Atomic service API**: This API can be used in atomic services since API version 11. 253 254**System capability**: SystemCapability.Security.Huks.Core 255 256**Parameters** 257 258| Name | Type | Mandatory| Description | 259| -------- | --------------------------- | ---- | --------------------------------------------- | 260| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 261| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 262| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 263 264**Error codes** 265 266For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 267 268| ID| Error Message | 269| -------- | ------------- | 270| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 271| 801 | api is not supported. | 272| 12000004 | operating file failed. | 273| 12000005 | IPC communication failed. | 274| 12000011 | queried entity does not exist. | 275| 12000012 | external error. | 276| 12000014 | memory is insufficient. | 277 278**Example** 279 280```ts 281import { huks } from '@kit.UniversalKeystoreKit'; 282/* Set options to emptyOptions. */ 283let keyAlias = 'keyAlias'; 284let emptyOptions: huks.HuksOptions = { 285 properties: [] 286}; 287try { 288 huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => { 289 if (error) { 290 console.error(`callback: deleteKeyItem failed`); 291 } else { 292 console.info(`callback: deleteKeyItem key success`); 293 } 294 }); 295} catch (error) { 296 console.error(`callback: deleteKeyItem input arg invalid`); 297} 298``` 299 300## huks.deleteKeyItem<sup>9+</sup> 301 302deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 303 304Deletes a key. This API uses a promise to return the result. 305 306**Atomic service API**: This API can be used in atomic services since API version 11. 307 308**System capability**: SystemCapability.Security.Huks.Extension 309 310**Parameters** 311 312| Name | Type | Mandatory| Description | 313| -------- | --------------------------- | ---- | ----------------------------------- | 314| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 315| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 316 317**Return value** 318 319| Type | Description | 320| ---------------------------------------------- | --------------------------------------------- | 321| Promise\<void> | Promise that returns no value.| 322 323**Error codes** 324 325For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 326 327| ID| Error Message | 328| -------- | ------------- | 329| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 330| 801 | api is not supported. | 331| 12000004 | operating file failed. | 332| 12000005 | IPC communication failed. | 333| 12000011 | queried entity does not exist. | 334| 12000012 | external error. | 335| 12000014 | memory is insufficient. | 336 337**Example** 338 339```ts 340import { huks } from '@kit.UniversalKeystoreKit'; 341/* Set options to emptyOptions. */ 342let keyAlias = 'keyAlias'; 343let emptyOptions: huks.HuksOptions = { 344 properties: [] 345}; 346try { 347 huks.deleteKeyItem(keyAlias, emptyOptions) 348 .then ((data) => { 349 console.info(`promise: deleteKeyItem key success`); 350 }) 351 .catch((error: Error) => { 352 console.error(`promise: deleteKeyItem failed`); 353 }); 354} catch (error) { 355 console.error(`promise: deleteKeyItem input arg invalid`); 356} 357``` 358 359## huks.importKeyItem<sup>9+</sup> 360 361importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 362 363Imports a key in plaintext. This API uses an asynchronous callback to return the result. 364 365**Atomic service API**: This API can be used in atomic services since API version 11. 366 367**System capability**: SystemCapability.Security.Huks.Core 368 369The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 370 371**Parameters** 372 373| Name | Type | Mandatory| Description | 374| -------- | --------------------------- | ---- | --------------------------------------------- | 375| keyAlias | string | Yes | Alias of the key. | 376| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 377| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 378 379**Error codes** 380 381For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 382 383| ID| Error Message | 384| -------- | ------------- | 385| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 386| 801 | api is not supported. | 387| 12000001 | algorithm mode is not supported. | 388| 12000002 | algorithm param is missing. | 389| 12000003 | algorithm param is invalid. | 390| 12000004 | operating file failed. | 391| 12000005 | IPC communication failed. | 392| 12000006 | error occurred in crypto engine. | 393| 12000011 | queried entity does not exist. | 394| 12000012 | external error. | 395| 12000013 | queried credential does not exist. | 396| 12000014 | memory is insufficient. | 397| 12000015 | call service failed. | 398 399**Example** 400 401```ts 402import { huks } from '@kit.UniversalKeystoreKit'; 403/* Import a 256-bit AES key. */ 404let plainTextSize32 = makeRandomArr(32); 405function makeRandomArr(size: number) { 406 let arr = new Uint8Array(size); 407 for (let i = 0; i < size; i++) { 408 arr[i] = Math.floor(Math.random() * 10); 409 } 410 return arr; 411}; 412let keyAlias = 'keyAlias'; 413let properties: Array<huks.HuksParam> = [ 414 { 415 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 416 value: huks.HuksKeyAlg.HUKS_ALG_AES 417 }, 418 { 419 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 420 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 421 }, 422 { 423 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 424 value: 425 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 426 }, 427 { 428 tag: huks.HuksTag.HUKS_TAG_PADDING, 429 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 430 }, 431 { 432 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 433 value: huks.HuksCipherMode.HUKS_MODE_ECB 434 } 435]; 436let options: huks.HuksOptions = { 437 properties: properties, 438 inData: plainTextSize32 439}; 440try { 441 huks.importKeyItem(keyAlias, options, (error, data) => { 442 if (error) { 443 console.error(`callback: importKeyItem failed`); 444 } else { 445 console.info(`callback: importKeyItem success`); 446 } 447 }); 448} catch (error) { 449 console.error(`callback: importKeyItem input arg invalid`); 450} 451``` 452 453## huks.importKeyItem<sup>9+</sup> 454 455importKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 456 457Imports a key in plaintext. This API uses a promise to return the result. 458 459**Atomic service API**: This API can be used in atomic services since API version 11. 460 461**System capability**: SystemCapability.Security.Huks.Extension 462 463**Parameters** 464 465| Name | Type | Mandatory| Description | 466| -------- | --------------------------- | ---- | ----------------------------------- | 467| keyAlias | string | Yes | Alias of the key. | 468| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 469 470**Return value** 471 472| Type | Description | 473| ---------------------------------------------- | --------------------------------------------- | 474| Promise\<void> | Promise that returns no value.| 475 476**Error codes** 477 478For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 479 480| ID| Error Message | 481| -------- | ------------- | 482| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 483| 801 | api is not supported. | 484| 12000001 | algorithm mode is not supported. | 485| 12000002 | algorithm param is missing. | 486| 12000003 | algorithm param is invalid. | 487| 12000004 | operating file failed. | 488| 12000005 | IPC communication failed. | 489| 12000006 | error occurred in crypto engine. | 490| 12000011 | queried entity does not exist. | 491| 12000012 | external error. | 492| 12000013 | queried credential does not exist. | 493| 12000014 | memory is insufficient. | 494| 12000015 | call service failed. | 495 496**Example** 497 498```ts 499import { huks } from '@kit.UniversalKeystoreKit'; 500/* Import an AES key of 128 bits. */ 501let plainTextSize32 = makeRandomArr(32); 502function makeRandomArr(size: number) { 503 let arr = new Uint8Array(size); 504 for (let i = 0; i < size; i++) { 505 arr[i] = Math.floor(Math.random() * 10); 506 } 507 return arr; 508}; 509/* Step 1 Generate a key. */ 510let keyAlias = 'keyAlias'; 511let properties: Array<huks.HuksParam> = [ 512 { 513 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 514 value: huks.HuksKeyAlg.HUKS_ALG_AES 515 }, 516 { 517 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 518 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 519 }, 520 { 521 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 522 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 523 }, 524 { 525 tag: huks.HuksTag.HUKS_TAG_PADDING, 526 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 527 }, 528 { 529 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 530 value: huks.HuksCipherMode.HUKS_MODE_ECB 531 } 532]; 533let huksOptions: huks.HuksOptions = { 534 properties: properties, 535 inData: plainTextSize32 536}; 537try { 538 huks.importKeyItem(keyAlias, huksOptions) 539 .then((data) => { 540 console.info(`promise: importKeyItem success`); 541 }) 542 .catch((error: Error) => { 543 console.error(`promise: importKeyItem failed`); 544 }); 545} catch (error) { 546 console.error(`promise: importKeyItem input arg invalid`); 547} 548``` 549 550## huks.attestKeyItem<sup>9+</sup> 551 552attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 553 554Obtains the certificate used to attest a key. This API uses an asynchronous callback to return the result. 555 556**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 557 558**System capability**: SystemCapability.Security.Huks.Extension 559 560**Parameters** 561 562| Name | Type | Mandatory| Description | 563| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 564| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 565| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 566| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 567 568**Error codes** 569 570For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 571 572| ID| Error Message | 573| -------- | ------------- | 574| 201 | check permission failed. | 575| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 576| 801 | api is not supported. | 577| 12000001 | algorithm mode is not supported. | 578| 12000002 | algorithm param is missing. | 579| 12000003 | algorithm param is invalid. | 580| 12000004 | operating file failed. | 581| 12000005 | IPC communication failed. | 582| 12000006 | error occurred in crypto engine. | 583| 12000011 | queried entity does not exist. | 584| 12000012 | external error. | 585| 12000014 | memory is insufficient. | 586 587**Example** 588 589```ts 590import { huks } from '@kit.UniversalKeystoreKit'; 591let securityLevel = stringToUint8Array('sec_level'); 592let challenge = stringToUint8Array('challenge_data'); 593let versionInfo = stringToUint8Array('version_info'); 594let keyAliasString = "key attest"; 595function stringToUint8Array(str: string) { 596 let arr: number[] = []; 597 for (let i = 0, j = str.length; i < j; ++i) { 598 arr.push(str.charCodeAt(i)); 599 } 600 let tmpUint8Array = new Uint8Array(arr); 601 return tmpUint8Array; 602} 603 604async function generateKeyThenattestKey(alias: string) { 605 let aliasString = keyAliasString; 606 let aliasUint8 = stringToUint8Array(aliasString); 607 let generateProperties: Array<huks.HuksParam> = [ 608 { 609 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 610 value: huks.HuksKeyAlg.HUKS_ALG_RSA 611 }, 612 { 613 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 614 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 615 }, 616 { 617 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 618 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 619 }, 620 { 621 tag: huks.HuksTag.HUKS_TAG_DIGEST, 622 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 623 }, 624 { 625 tag: huks.HuksTag.HUKS_TAG_PADDING, 626 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 627 }, 628 { 629 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 630 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 631 }, 632 { 633 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 634 value: huks.HuksCipherMode.HUKS_MODE_ECB 635 } 636 ]; 637 let generateOptions: huks.HuksOptions = { 638 properties: generateProperties 639 }; 640 let attestProperties: Array<huks.HuksParam> = [ 641 { 642 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 643 value: securityLevel 644 }, 645 { 646 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 647 value: challenge 648 }, 649 { 650 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 651 value: versionInfo 652 }, 653 { 654 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 655 value: aliasUint8 656 } 657 ]; 658 let attestOptions: huks.HuksOptions = { 659 properties: attestProperties 660 }; 661 try { 662 huks.generateKeyItem(alias, generateOptions, (error, data) => { 663 if (error) { 664 console.error(`callback: generateKeyItem failed`); 665 } else { 666 console.info(`callback: generateKeyItem success`); 667 try { 668 huks.attestKeyItem(aliasString, attestOptions, (error, data) => { 669 if (error) { 670 console.error(`callback: attestKeyItem failed`); 671 } else { 672 console.info(`callback: attestKeyItem success`); 673 } 674 }); 675 } catch (error) { 676 console.error(`callback: attestKeyItem input arg invalid`); 677 } 678 } 679 }); 680 } catch (error) { 681 console.error(`callback: generateKeyItem input arg invalid`); 682 } 683} 684``` 685 686## huks.attestKeyItem<sup>9+</sup> 687 688attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 689 690Obtains the certificate used to attest a key. This API uses a promise to return the result. 691 692**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 693 694**System capability**: SystemCapability.Security.Huks.Extension 695 696**Parameters** 697 698| Name | Type | Mandatory| Description | 699| -------- | --------------------------- | ---- | ------------------------------------ | 700| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 701| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 702 703**Return value** 704 705| Type | Description | 706| ---------------------------------------------- | --------------------------------------------- | 707| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.| 708 709**Error codes** 710 711For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 712 713| ID| Error Message | 714| -------- | ------------- | 715| 201 | check permission failed. | 716| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 717| 801 | api is not supported. | 718| 12000001 | algorithm mode is not supported. | 719| 12000002 | algorithm param is missing. | 720| 12000003 | algorithm param is invalid. | 721| 12000004 | operating file failed. | 722| 12000005 | IPC communication failed. | 723| 12000006 | error occurred in crypto engine. | 724| 12000011 | queried entity does not exist. | 725| 12000012 | external error. | 726| 12000014 | memory is insufficient. | 727 728**Example** 729 730```ts 731import { huks } from '@kit.UniversalKeystoreKit'; 732 733let securityLevel = stringToUint8Array('sec_level'); 734let challenge = stringToUint8Array('challenge_data'); 735let versionInfo = stringToUint8Array('version_info'); 736let keyAliasString = "key attest"; 737function stringToUint8Array(str: string) { 738 let arr: number[] = []; 739 for (let i = 0, j = str.length; i < j; ++i) { 740 arr.push(str.charCodeAt(i)); 741 } 742 let tmpUint8Array = new Uint8Array(arr); 743 return tmpUint8Array; 744} 745async function generateKey(alias: string) { 746 let properties: Array<huks.HuksParam> = [ 747 { 748 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 749 value: huks.HuksKeyAlg.HUKS_ALG_RSA 750 }, 751 { 752 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 753 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 754 }, 755 { 756 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 757 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 758 }, 759 { 760 tag: huks.HuksTag.HUKS_TAG_DIGEST, 761 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 762 }, 763 { 764 tag: huks.HuksTag.HUKS_TAG_PADDING, 765 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 766 }, 767 { 768 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 769 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 770 }, 771 { 772 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 773 value: huks.HuksCipherMode.HUKS_MODE_ECB 774 } 775 ]; 776 let options: huks.HuksOptions = { 777 properties: properties 778 }; 779 try { 780 await huks.generateKeyItem(alias, options) 781 .then((data) => { 782 console.info(`promise: generateKeyItem success`); 783 }) 784 .catch((error: Error) => { 785 console.error(`promise: generateKeyItem failed`); 786 }); 787 } catch (error) { 788 console.error(`promise: generateKeyItem input arg invalid`); 789 } 790} 791async function attestKey() { 792 let aliasString = keyAliasString; 793 let aliasUint8 = stringToUint8Array(aliasString); 794 let properties: Array<huks.HuksParam> = [ 795 { 796 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 797 value: securityLevel 798 }, 799 { 800 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 801 value: challenge 802 }, 803 { 804 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 805 value: versionInfo 806 }, 807 { 808 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 809 value: aliasUint8 810 } 811 ]; 812 let options: huks.HuksOptions = { 813 properties: properties 814 }; 815 await generateKey(aliasString); 816 try { 817 await huks.attestKeyItem(aliasString, options) 818 .then((data) => { 819 console.info(`promise: attestKeyItem success`); 820 }) 821 .catch((error: Error) => { 822 console.error(`promise: attestKeyItem failed`); 823 }); 824 } catch (error) { 825 console.error(`promise: attestKeyItem input arg invalid`); 826 } 827} 828``` 829 830## huks.anonAttestKeyItem<sup>11+</sup> 831 832anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 833 834Obtains the certificate for anonymous attestation. This API uses an asynchronous callback to return the result. 835 836This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 837 838**Atomic service API**: This API can be used in atomic services since API version 12. 839 840**System capability**: SystemCapability.Security.Huks.Extension 841 842**Parameters** 843 844| Name | Type | Mandatory| Description | 845| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 846| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 847| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 848| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 849 850**Error codes** 851 852For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 853 854| ID| Error Message | 855| -------- | ------------- | 856| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 857| 801 | api is not supported. | 858| 12000001 | algorithm mode is not supported. | 859| 12000002 | algorithm param is missing. | 860| 12000003 | algorithm param is invalid. | 861| 12000004 | operating file failed. | 862| 12000005 | IPC communication failed. | 863| 12000006 | error occurred in crypto engine. | 864| 12000011 | queried entity does not exist. | 865| 12000012 | external error. | 866| 12000014 | memory is insufficient. | 867 868**Example** 869 870```ts 871import { huks } from '@kit.UniversalKeystoreKit'; 872let securityLevel = stringToUint8Array('sec_level'); 873let challenge = stringToUint8Array('challenge_data'); 874let versionInfo = stringToUint8Array('version_info'); 875let keyAliasString = "key anon attest"; 876function stringToUint8Array(str: string): Uint8Array { 877 let arr: number[] = []; 878 for (let i = 0, j = str.length; i < j; ++i) { 879 arr.push(str.charCodeAt(i)); 880 } 881 let tmpUint8Array = new Uint8Array(arr); 882 return tmpUint8Array; 883} 884 885async function generateKeyThenAttestKey(alias: string): Promise<void> { 886 let aliasString = keyAliasString; 887 let aliasUint8 = stringToUint8Array(aliasString); 888 let generateProperties: Array<huks.HuksParam> = [ 889 { 890 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 891 value: huks.HuksKeyAlg.HUKS_ALG_RSA 892 }, 893 { 894 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 895 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 896 }, 897 { 898 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 899 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 900 }, 901 { 902 tag: huks.HuksTag.HUKS_TAG_DIGEST, 903 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 904 }, 905 { 906 tag: huks.HuksTag.HUKS_TAG_PADDING, 907 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 908 }, 909 { 910 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 911 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 912 }, 913 { 914 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 915 value: huks.HuksCipherMode.HUKS_MODE_ECB 916 } 917 ]; 918 let generateOptions: huks.HuksOptions = { 919 properties: generateProperties 920 }; 921 let anonAttestProperties: Array<huks.HuksParam> = [ 922 { 923 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 924 value: securityLevel 925 }, 926 { 927 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 928 value: challenge 929 }, 930 { 931 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 932 value: versionInfo 933 }, 934 { 935 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 936 value: aliasUint8 937 } 938 ]; 939 let anonAttestOptions: huks.HuksOptions = { 940 properties: anonAttestProperties 941 }; 942 try { 943 huks.generateKeyItem(alias, generateOptions, (error, data) => { 944 if (error) { 945 console.error(`callback: generateKeyItem failed`); 946 } else { 947 console.info(`callback: generateKeyItem success`); 948 try { 949 huks.anonAttestKeyItem(aliasString, anonAttestOptions, (error, data) => { 950 if (error) { 951 console.error(`callback: anonAttestKeyItem failed`); 952 } else { 953 console.info(`callback: anonAttestKeyItem success`); 954 } 955 }); 956 } catch (error) { 957 console.error(`callback: anonAttestKeyItem input arg invalid`); 958 } 959 } 960 }); 961 } catch (error) { 962 console.error(`callback: generateKeyItem input arg invalid`); 963 } 964} 965``` 966 967## huks.anonAttestKeyItem<sup>11+</sup> 968 969anonAttestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 970 971Obtains the certificate for anonymous attestation. This API uses a promise to return the result. 972 973This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 974 975**Atomic service API**: This API can be used in atomic services since API version 12. 976 977**System capability**: SystemCapability.Security.Huks.Extension 978 979**Parameters** 980 981| Name | Type | Mandatory| Description | 982| -------- | --------------------------- | ---- | ------------------------------------ | 983| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 984| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 985 986**Return value** 987 988| Type | Description | 989| ---------------------------------------------- | --------------------------------------------- | 990| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.| 991 992**Error codes** 993 994For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 995 996| ID| Error Message | 997| -------- | ------------- | 998| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 999| 801 | api is not supported. | 1000| 12000001 | algorithm mode is not supported. | 1001| 12000002 | algorithm param is missing. | 1002| 12000003 | algorithm param is invalid. | 1003| 12000004 | operating file failed. | 1004| 12000005 | IPC communication failed. | 1005| 12000006 | error occurred in crypto engine. | 1006| 12000011 | queried entity does not exist. | 1007| 12000012 | external error. | 1008| 12000014 | memory is insufficient. | 1009 1010**Example** 1011 1012```ts 1013import { huks } from '@kit.UniversalKeystoreKit'; 1014 1015let securityLevel = stringToUint8Array('sec_level'); 1016let challenge = stringToUint8Array('challenge_data'); 1017let versionInfo = stringToUint8Array('version_info'); 1018let keyAliasString = "key anon attest"; 1019function stringToUint8Array(str: string): Uint8Array { 1020 let arr: number[] = []; 1021 for (let i = 0, j = str.length; i < j; ++i) { 1022 arr.push(str.charCodeAt(i)); 1023 } 1024 let tmpUint8Array = new Uint8Array(arr); 1025 return tmpUint8Array; 1026} 1027async function generateKey(alias: string): Promise<void> { 1028 let properties: Array<huks.HuksParam> = [ 1029 { 1030 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1031 value: huks.HuksKeyAlg.HUKS_ALG_RSA 1032 }, 1033 { 1034 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1035 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 1036 }, 1037 { 1038 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1039 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 1040 }, 1041 { 1042 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1043 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1044 }, 1045 { 1046 tag: huks.HuksTag.HUKS_TAG_PADDING, 1047 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 1048 }, 1049 { 1050 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 1051 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 1052 }, 1053 { 1054 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1055 value: huks.HuksCipherMode.HUKS_MODE_ECB 1056 } 1057 ]; 1058 let options: huks.HuksOptions = { 1059 properties: properties 1060 }; 1061 try { 1062 let data = await huks.generateKeyItem(alias, options); 1063 } catch (error) { 1064 console.error(`promise: generateKeyItem failed`); 1065 } 1066} 1067async function anonAttestKey(): Promise<void> { 1068 let aliasString = keyAliasString; 1069 let aliasUint8 = stringToUint8Array(aliasString); 1070 let properties: Array<huks.HuksParam> = [ 1071 { 1072 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 1073 value: securityLevel 1074 }, 1075 { 1076 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 1077 value: challenge 1078 }, 1079 { 1080 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 1081 value: versionInfo 1082 }, 1083 { 1084 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 1085 value: aliasUint8 1086 } 1087 ]; 1088 let options: huks.HuksOptions = { 1089 properties: properties 1090 }; 1091 await generateKey(aliasString); 1092 try { 1093 let data = await huks.anonAttestKeyItem(aliasString, options); 1094 } catch (error) { 1095 console.error(`promise: anonAttestKeyItem fail`); 1096 } 1097} 1098``` 1099 1100## huks.importWrappedKeyItem<sup>9+</sup> 1101 1102importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 1103 1104Imports a wrapped key. This API uses an asynchronous callback to return the result. 1105 1106**Atomic service API**: This API can be used in atomic services since API version 12. 1107 1108**System capability**: SystemCapability.Security.Huks.Core 1109 1110The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1111 1112**Parameters** 1113 1114| Name | Type | Mandatory| Description | 1115| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1116| keyAlias | string | Yes | Alias of the wrapped key to import. | 1117| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1118| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1119| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 1120 1121**Error codes** 1122 1123For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1124 1125| ID| Error Message | 1126| -------- | ------------- | 1127| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1128| 801 | api is not supported. | 1129| 12000001 | algorithm mode is not supported. | 1130| 12000002 | algorithm param is missing. | 1131| 12000003 | algorithm param is invalid. | 1132| 12000004 | operating file failed. | 1133| 12000005 | IPC communication failed. | 1134| 12000006 | error occurred in crypto engine. | 1135| 12000011 | queried entity does not exist. | 1136| 12000012 | external error. | 1137| 12000013 | queried credential does not exist. | 1138| 12000014 | memory is insufficient. | 1139| 12000015 | call service failed. | 1140 1141**Example** 1142 1143```ts 1144import { huks } from '@kit.UniversalKeystoreKit'; 1145 1146let alias1 = "importAlias"; 1147let alias2 = "wrappingKeyAlias"; 1148async function TestGenFunc(alias: string, options: huks.HuksOptions) { 1149 try { 1150 await genKey(alias, options) 1151 .then((data) => { 1152 console.info(`callback: generateKeyItem success`); 1153 }) 1154 .catch((error: Error) => { 1155 console.error(`callback: generateKeyItem failed`); 1156 }); 1157 } catch (error) { 1158 console.error(`callback: generateKeyItem input arg invalid`); 1159 } 1160} 1161function genKey(alias: string, options: huks.HuksOptions) { 1162 return new Promise<void>((resolve, reject) => { 1163 try { 1164 huks.generateKeyItem(alias, options, (error, data) => { 1165 if (error) { 1166 reject(error); 1167 } else { 1168 resolve(data); 1169 } 1170 }); 1171 } catch (error) { 1172 throw (new Error(error)); 1173 } 1174 }); 1175} 1176async function TestExportFunc(alias: string, options: huks.HuksOptions) { 1177 try { 1178 await exportKey(alias, options) 1179 .then((data) => { 1180 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1181 }) 1182 .catch((error: Error) => { 1183 console.error(`callback: exportKeyItem failed`); 1184 }); 1185 } catch (error) { 1186 console.error(`callback: exportKeyItem input arg invalid`); 1187 } 1188} 1189function exportKey(alias: string, options: huks.HuksOptions) { 1190 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 1191 try { 1192 huks.exportKeyItem(alias, options, (error, data) => { 1193 if (error) { 1194 reject(error); 1195 } else { 1196 resolve(data); 1197 } 1198 }); 1199 } catch (error) { 1200 throw (new Error(error)); 1201 } 1202 }); 1203} 1204async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1205 try { 1206 await importWrappedKey(alias, wrappingAlias, options) 1207 .then((data) => { 1208 console.info(`callback: importWrappedKeyItem success`); 1209 }) 1210 .catch((error: Error) => { 1211 console.error(`callback: importWrappedKeyItem failed`); 1212 }); 1213 } catch (error) { 1214 console.error(`callback: importWrappedKeyItem input arg invalid`); 1215 } 1216} 1217function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1218 return new Promise<void>((resolve, reject) => { 1219 try { 1220 huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => { 1221 if (error) { 1222 reject(error); 1223 } else { 1224 resolve(data); 1225 } 1226 }); 1227 } catch (error) { 1228 throw (new Error(error)); 1229 } 1230 }); 1231} 1232async function TestImportWrappedKeyFunc( 1233 alias: string, 1234 wrappingAlias: string, 1235 genOptions: huks.HuksOptions, 1236 importOptions: huks.HuksOptions 1237) { 1238 await TestGenFunc(wrappingAlias, genOptions); 1239 await TestExportFunc(wrappingAlias, genOptions); 1240 1241 /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here. 1242 * For example, import **keyA**. 1243 * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**. 1244 * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**. 1245 * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**. 1246 * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**. 1247 * 5. Generate the **importOptions.inData** field in the following format: 1248 * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 + 1249 * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 + 1250 * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 + 1251 * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 + 1252 * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc 1253 */ 1254 /* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1255 let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]); 1256 importOptions.inData = inputKey; 1257 await TestImportWrappedFunc(alias, wrappingAlias, importOptions); 1258} 1259function makeGenerateOptions() { 1260 let properties: Array<huks.HuksParam> = [ 1261 { 1262 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1263 value: huks.HuksKeyAlg.HUKS_ALG_ECC 1264 }, 1265 { 1266 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1267 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 1268 }, 1269 { 1270 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1271 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 1272 }, 1273 { 1274 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1275 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1276 }, 1277 { 1278 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 1279 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR, 1280 } 1281 ]; 1282 let options: huks.HuksOptions = { 1283 properties: properties 1284 }; 1285 return options; 1286}; 1287function makeImportOptions() { 1288 let properties: Array<huks.HuksParam> = [ 1289 { 1290 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1291 value: huks.HuksKeyAlg.HUKS_ALG_AES 1292 }, 1293 { 1294 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1295 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1296 }, 1297 { 1298 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1299 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1300 }, 1301 { 1302 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1303 value: huks.HuksCipherMode.HUKS_MODE_CBC 1304 }, 1305 { 1306 tag: huks.HuksTag.HUKS_TAG_PADDING, 1307 value: huks.HuksKeyPadding.HUKS_PADDING_NONE 1308 }, 1309 { 1310 tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 1311 value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 1312 } 1313 ]; 1314 let options: huks.HuksOptions = { 1315 properties: properties 1316 }; 1317 return options; 1318}; 1319function huksImportWrappedKey() { 1320 let genOptions = makeGenerateOptions(); 1321 let importOptions = makeImportOptions(); 1322 TestImportWrappedKeyFunc( 1323 alias1, 1324 alias2, 1325 genOptions, 1326 importOptions 1327 ); 1328} 1329``` 1330 1331## huks.importWrappedKeyItem<sup>9+</sup> 1332 1333importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<void> 1334 1335Imports a wrapped key. This API uses a promise to return the result. 1336 1337**Atomic service API**: This API can be used in atomic services since API version 12. 1338 1339**System capability**: SystemCapability.Security.Huks.Extension 1340 1341**Parameters** 1342 1343| Name | Type | Mandatory| Description | 1344| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1345| keyAlias | string | Yes | Alias of the wrapped key to import. | 1346| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1347| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1348 1349**Return value** 1350 1351| Type | Description | 1352| ---------------------------------------------- | --------------------------------------------- | 1353| Promise\<void> | Promise that returns no value.| 1354 1355**Error codes** 1356 1357For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1358 1359| ID| Error Message | 1360| -------- | ------------- | 1361| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1362| 801 | api is not supported. | 1363| 12000001 | algorithm mode is not supported. | 1364| 12000002 | algorithm param is missing. | 1365| 12000003 | algorithm param is invalid. | 1366| 12000004 | operating file failed. | 1367| 12000005 | IPC communication failed. | 1368| 12000006 | error occurred in crypto engine. | 1369| 12000011 | queried entity does not exist. | 1370| 12000012 | external error. | 1371| 12000013 | queried credential does not exist. | 1372| 12000014 | memory is insufficient. | 1373| 12000015 | call service failed. | 1374 1375**Example** 1376 1377```ts 1378import { huks } from '@kit.UniversalKeystoreKit'; 1379/* The process is similar if a callback is used, except the following: */ 1380/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1381async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1382 try { 1383 await huks.importWrappedKeyItem(alias, wrappingAlias, options) 1384 .then ((data) => { 1385 console.info(`promise: importWrappedKeyItem success`); 1386 }) 1387 .catch((error: Error) => { 1388 console.error(`promise: importWrappedKeyItem failed`); 1389 }); 1390 } catch (error) { 1391 console.error(`promise: importWrappedKeyItem input arg invalid`); 1392 } 1393} 1394``` 1395 1396## huks.exportKeyItem<sup>9+</sup> 1397 1398exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1399 1400Exports a key. This API uses an asynchronous callback to return the result. 1401 1402**Atomic service API**: This API can be used in atomic services since API version 12. 1403 1404**System capability**: SystemCapability.Security.Huks.Core 1405 1406The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1407 1408**Parameters** 1409 1410| Name | Type | Mandatory| Description | 1411| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1412| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1413| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1414| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. Otherwise, an error code is returned.| 1415 1416**Error codes** 1417 1418For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1419 1420| ID| Error Message | 1421| -------- | ------------- | 1422| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1423| 801 | api is not supported. | 1424| 12000001 | algorithm mode is not supported. | 1425| 12000002 | algorithm param is missing. | 1426| 12000003 | algorithm param is invalid. | 1427| 12000004 | operating file failed. | 1428| 12000005 | IPC communication failed. | 1429| 12000006 | error occurred in crypto engine. | 1430| 12000011 | queried entity does not exist. | 1431| 12000012 | external error. | 1432| 12000014 | memory is insufficient. | 1433 1434**Example** 1435 1436```ts 1437import { huks } from '@kit.UniversalKeystoreKit'; 1438/* Set options to emptyOptions. */ 1439let keyAlias = 'keyAlias'; 1440let emptyOptions: huks.HuksOptions = { 1441 properties: [] 1442}; 1443try { 1444 huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => { 1445 if (error) { 1446 console.error(`callback: exportKeyItem failed`); 1447 } else { 1448 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1449 } 1450 }); 1451} catch (error) { 1452 console.error(`callback: exportKeyItem input arg invalid`); 1453} 1454``` 1455 1456## huks.exportKeyItem<sup>9+</sup> 1457 1458exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1459 1460Exports a key. This API uses a promise to return the result. 1461 1462**Atomic service API**: This API can be used in atomic services since API version 12. 1463 1464**System capability**: SystemCapability.Security.Huks.Extension 1465 1466**Parameters** 1467 1468| Name | Type | Mandatory| Description | 1469| -------- | --------------------------- | ---- | -------------------------------------------- | 1470| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1471| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1472 1473**Return value** 1474 1475| Type | Description | 1476| ---------------------------------------------- | ------------------------------------------------------------ | 1477| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the public key exported.| 1478 1479**Error codes** 1480 1481For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1482 1483| ID| Error Message | 1484| -------- | ------------- | 1485| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1486| 801 | api is not supported. | 1487| 12000001 | algorithm mode is not supported. | 1488| 12000002 | algorithm param is missing. | 1489| 12000003 | algorithm param is invalid. | 1490| 12000004 | operating file failed. | 1491| 12000005 | IPC communication failed. | 1492| 12000006 | error occurred in crypto engine. | 1493| 12000011 | queried entity does not exist. | 1494| 12000012 | external error. | 1495| 12000014 | memory is insufficient. | 1496 1497**Example** 1498 1499```ts 1500import { huks } from '@kit.UniversalKeystoreKit'; 1501/* Set options to emptyOptions. */ 1502let keyAlias = 'keyAlias'; 1503let emptyOptions: huks.HuksOptions = { 1504 properties: [] 1505}; 1506try { 1507 huks.exportKeyItem(keyAlias, emptyOptions) 1508 .then ((data) => { 1509 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 1510 }) 1511 .catch((error: Error) => { 1512 console.error(`promise: exportKeyItem failed`); 1513 }); 1514} catch (error) { 1515 console.error(`promise: exportKeyItem input arg invalid`); 1516} 1517``` 1518 1519## huks.getKeyItemProperties<sup>9+</sup> 1520 1521getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1522 1523Obtains key properties. This API uses an asynchronous callback to return the result. 1524 1525**Atomic service API**: This API can be used in atomic services since API version 12. 1526 1527**System capability**: SystemCapability.Security.Huks.Core 1528 1529The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1530 1531**Parameters** 1532 1533| Name | Type | Mandatory| Description | 1534| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1535| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1536| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1537| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.| 1538 1539**Error codes** 1540 1541For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1542 1543| ID| Error Message | 1544| -------- | ------------- | 1545| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1546| 801 | api is not supported. | 1547| 12000001 | algorithm mode is not supported. | 1548| 12000002 | algorithm param is missing. | 1549| 12000003 | algorithm param is invalid. | 1550| 12000004 | operating file failed. | 1551| 12000005 | IPC communication failed. | 1552| 12000006 | error occurred in crypto engine. | 1553| 12000011 | queried entity does not exist. | 1554| 12000012 | external error. | 1555| 12000014 | memory is insufficient. | 1556 1557**Example** 1558 1559```ts 1560import { huks } from '@kit.UniversalKeystoreKit'; 1561/* Set options to emptyOptions. */ 1562let keyAlias = 'keyAlias'; 1563let emptyOptions: huks.HuksOptions = { 1564 properties: [] 1565}; 1566try { 1567 huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => { 1568 if (error) { 1569 console.error(`callback: getKeyItemProperties failed`); 1570 } else { 1571 console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1572 } 1573 }); 1574} catch (error) { 1575 console.error(`callback: getKeyItemProperties input arg invalid`); 1576} 1577``` 1578 1579## huks.getKeyItemProperties<sup>9+</sup> 1580 1581getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1582 1583Obtains key properties. This API uses a promise to return the result. 1584 1585**Atomic service API**: This API can be used in atomic services since API version 12. 1586 1587**System capability**: SystemCapability.Security.Huks.Extension 1588 1589**Parameters** 1590 1591| Name | Type | Mandatory| Description | 1592| -------- | --------------------------- | ---- | -------------------------------------------- | 1593| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1594| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1595 1596**Return value** 1597 1598| Type | Description | 1599| ----------------------------------------------- | ------------------------------------------------------------ | 1600| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **properties** in **HuksReturnResult** holds the parameters required for generating the key.| 1601 1602**Error codes** 1603 1604For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1605 1606| ID| Error Message | 1607| -------- | ------------- | 1608| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1609| 801 | api is not supported. | 1610| 12000001 | algorithm mode is not supported. | 1611| 12000002 | algorithm param is missing. | 1612| 12000003 | algorithm param is invalid. | 1613| 12000004 | operating file failed. | 1614| 12000005 | IPC communication failed. | 1615| 12000006 | error occurred in crypto engine. | 1616| 12000011 | queried entity does not exist. | 1617| 12000012 | external error. | 1618| 12000014 | memory is insufficient. | 1619 1620**Example** 1621 1622```ts 1623import { huks } from '@kit.UniversalKeystoreKit'; 1624/* Set options to emptyOptions. */ 1625let keyAlias = 'keyAlias'; 1626let emptyOptions: huks.HuksOptions = { 1627 properties: [] 1628}; 1629try { 1630 huks.getKeyItemProperties(keyAlias, emptyOptions) 1631 .then ((data) => { 1632 console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1633 }) 1634 .catch((error: Error) => { 1635 console.error(`promise: getKeyItemProperties failed`); 1636 }); 1637} catch (error) { 1638 console.error(`promise: getKeyItemProperties input arg invalid`); 1639} 1640``` 1641 1642## huks.isKeyItemExist<sup>9+</sup> 1643 1644isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1645 1646Checks whether a key exists. This API uses an asynchronous callback to return the result. 1647 1648**System capability**: SystemCapability.Security.Huks.Core 1649 1650**Parameters** 1651 1652| Name | Type | Mandatory| Description | 1653| -------- | --------------------------- | ---- |--------------------------------------------------------| 1654| keyAlias | string | Yes | Alias of the key to check. | 1655| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1656| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, **data** is **true**. If the key does not exist, **error** is the error code.| 1657 1658**Error codes** 1659 1660For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1661 1662| ID| Error Message | 1663| -------- | ------------- | 1664| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1665| 801 | api is not supported. | 1666| 12000002 | algorithm param is missing. | 1667| 12000003 | algorithm param is invalid. | 1668| 12000004 | operating file failed. | 1669| 12000005 | IPC communication failed. | 1670| 12000006 | error occurred in crypto engine. | 1671| 12000011 | queried entity does not exist. | 1672| 12000012 | external error. | 1673| 12000014 | memory is insufficient. | 1674 1675**Example** 1676 1677```ts 1678import { huks } from '@kit.UniversalKeystoreKit'; 1679import { promptAction } from '@kit.ArkUI'; 1680/* Set options to emptyOptions. */ 1681let keyAlias = 'keyAlias'; 1682let emptyOptions: huks.HuksOptions = { 1683 properties: [] 1684}; 1685huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => { 1686 if (data) { 1687 promptAction.showToast({ 1688 message: "keyAlias: " + keyAlias +"is existed! ", 1689 duration: 2500, 1690 }) 1691 } else { 1692 promptAction.showToast({ 1693 message: "find key failed", 1694 duration: 2500, 1695 }) 1696 } 1697}); 1698``` 1699 1700## huks.isKeyItemExist<sup>9+</sup> 1701 1702isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1703 1704Checks whether a key exists. This API uses a promise to return the result. 1705 1706**System capability**: SystemCapability.Security.Huks.Extension 1707 1708**Parameters** 1709 1710| Name | Type | Mandatory| Description | 1711| -------- | --------------------------- | ---- | ------------------------ | 1712| keyAlias | string | Yes | Alias of the key to check. | 1713| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used.| 1714 1715**Return value** 1716 1717| Type | Description | 1718| ----------------- | --------------------------------------- | 1719| Promise\<boolean> | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.| 1720 1721**Error codes** 1722 1723For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1724 1725| ID| Error Message | 1726| -------- | ------------- | 1727| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1728| 801 | api is not supported. | 1729| 12000002 | algorithm param is missing. | 1730| 12000003 | algorithm param is invalid. | 1731| 12000004 | operating file failed. | 1732| 12000005 | IPC communication failed. | 1733| 12000006 | error occurred in crypto engine. | 1734| 12000011 | queried entity does not exist. | 1735| 12000012 | external error. | 1736| 12000014 | memory is insufficient. | 1737 1738**Example** 1739 1740```ts 1741import { huks } from '@kit.UniversalKeystoreKit'; 1742import { promptAction } from '@kit.ArkUI'; 1743 1744/* Set options to emptyOptions. */ 1745let keyAlias = 'keyAlias'; 1746let emptyOptions: huks.HuksOptions = { 1747 properties: [] 1748}; 1749huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => { 1750 promptAction.showToast({ 1751 message: "keyAlias: " + keyAlias +"is existed! ", 1752 duration: 500, 1753 }) 1754}).catch((error: Error)=>{ 1755 promptAction.showToast({ 1756 message: "find key failed", 1757 duration: 6500, 1758 }) 1759}) 1760``` 1761 1762## huks.hasKeyItem<sup>11+</sup> 1763 1764hasKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1765 1766Checks whether a key exists. This API uses an asynchronous callback to return the result. 1767 1768**Atomic service API**: This API can be used in atomic services since API version 11. 1769 1770**System capability**: SystemCapability.Security.Huks.Core 1771 1772**Parameters** 1773 1774| Name | Type | Mandatory| Description | 1775| -------- | --------------------------- | ---- |--------------------------------------------------------| 1776| keyAlias | string | Yes | Alias of the key to check. | 1777| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1778| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, **data** is **true**. Otherwise, **data** is **false**.| 1779 1780**Error codes** 1781 1782For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1783 1784| ID| Error Message | 1785| -------- | ------------- | 1786| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1787| 801 | api is not supported. | 1788| 12000002 | algorithm param is missing. | 1789| 12000003 | algorithm param is invalid. | 1790| 12000004 | operating file failed. | 1791| 12000005 | IPC communication failed. | 1792| 12000006 | error occurred in crypto engine. | 1793| 12000012 | external error. | 1794| 12000014 | memory is insufficient. | 1795 1796**Example** 1797 1798```ts 1799import { huks } from '@kit.UniversalKeystoreKit'; 1800import { promptAction } from '@kit.ArkUI'; 1801/* Set options to emptyOptions. */ 1802let keyAlias = 'keyAlias'; 1803let emptyOptions: huks.HuksOptions = { 1804 properties: [] 1805}; 1806 1807try { 1808 huks.hasKeyItem(keyAlias, emptyOptions, (error, data) => { 1809 if (data) { 1810 promptAction.showToast({ 1811 message: "keyAlias: " + keyAlias +" is existed!", 1812 duration: 2500, 1813 }) 1814 } else { 1815 promptAction.showToast({ 1816 message: "find key failed", 1817 duration: 2500, 1818 }) 1819 } 1820 }); 1821} catch (error) { 1822 console.error(`callback: hasKeyItem input args may be invalid`); 1823} 1824``` 1825 1826## huks.hasKeyItem<sup>11+</sup> 1827 1828hasKeyItem(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1829 1830Checks whether a key exists. This API uses a promise to return the result. 1831 1832**Atomic service API**: This API can be used in atomic services since API version 11. 1833 1834**System capability**: SystemCapability.Security.Huks.Extension 1835 1836**Parameters** 1837 1838| Name | Type | Mandatory| Description | 1839| -------- | --------------------------- | ---- | ------------------------ | 1840| keyAlias | string | Yes | Alias of the key to check. | 1841| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1842 1843**Return value** 1844 1845| Type | Description | 1846| ----------------- | --------------------------------------- | 1847| Promise\<boolean> | Promise used to return the result. If the key exists, **true** is returned. If the key does not exist, **false** is returned.| 1848 1849**Error codes** 1850 1851For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1852 1853| ID| Error Message | 1854| -------- | ------------- | 1855| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1856| 801 | api is not supported. | 1857| 12000002 | algorithm param is missing. | 1858| 12000003 | algorithm param is invalid. | 1859| 12000004 | operating file failed. | 1860| 12000005 | IPC communication failed. | 1861| 12000006 | error occurred in crypto engine. | 1862| 12000012 | external error. | 1863| 12000014 | memory is insufficient. | 1864 1865**Example** 1866 1867```ts 1868import { huks } from '@kit.UniversalKeystoreKit'; 1869import { promptAction } from '@kit.ArkUI'; 1870 1871/* Set options to emptyOptions. */ 1872let keyAlias = 'keyAlias'; 1873let emptyOptions: huks.HuksOptions = { 1874 properties: [] 1875}; 1876huks.hasKeyItem(keyAlias, emptyOptions).then((data) => { 1877 if (data) { 1878 promptAction.showToast({ 1879 message: "keyAlias: " + keyAlias +" is existed!", 1880 duration: 2500, 1881 }) 1882 } else { 1883 promptAction.showToast({ 1884 message: "find key failed", 1885 duration: 2500, 1886 }) 1887 } 1888}).catch((error: Error)=>{ 1889 promptAction.showToast({ 1890 message: "find key failed", 1891 duration: 6500, 1892 }) 1893}) 1894``` 1895 1896## huks.initSession<sup>9+</sup> 1897 1898initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksSessionHandle>) : void 1899 1900Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1901 1902**Atomic service API**: This API can be used in atomic services since API version 11. 1903 1904**System capability**: SystemCapability.Security.Huks.Core 1905 1906**Parameters** 1907 1908| Name | Type | Mandatory| Description | 1909| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 1910| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1911| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1912| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback used to return a session handle for subsequent operations.| 1913 1914**Error codes** 1915 1916For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1917 1918| ID| Error Message | 1919| -------- | ------------- | 1920| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1921| 801 | api is not supported. | 1922| 12000001 | algorithm mode is not supported. | 1923| 12000002 | algorithm param is missing. | 1924| 12000003 | algorithm param is invalid. | 1925| 12000004 | operating file failed. | 1926| 12000005 | IPC communication failed. | 1927| 12000006 | error occurred in crypto engine. | 1928| 12000010 | the number of sessions has reached limit. | 1929| 12000011 | queried entity does not exist. | 1930| 12000012 | external error. | 1931| 12000014 | memory is insufficient. | 1932 1933## huks.initSession<sup>9+</sup> 1934 1935initSession(keyAlias: string, options: HuksOptions) : Promise\<HuksSessionHandle> 1936 1937Initializes a session for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1938 1939**Atomic service API**: This API can be used in atomic services since API version 11. 1940 1941**System capability**: SystemCapability.Security.Huks.Extension 1942 1943**Parameters** 1944 1945| Name | Type | Mandatory| Description | 1946| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1947| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1948| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1949 1950**Return value** 1951 1952| Type | Description | 1953| ----------------------------------- | -------------------------------------------------- | 1954| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations.| 1955 1956**Error codes** 1957 1958For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1959 1960| ID| Error Message | 1961| -------- | ------------- | 1962| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1963| 801 | api is not supported. | 1964| 12000001 | algorithm mode is not supported. | 1965| 12000002 | algorithm param is missing. | 1966| 12000003 | algorithm param is invalid. | 1967| 12000004 | operating file failed. | 1968| 12000005 | IPC communication failed. | 1969| 12000006 | error occurred in crypto engine. | 1970| 12000010 | the number of sessions has reached limit. | 1971| 12000011 | queried entity does not exist. | 1972| 12000012 | external error. | 1973| 12000014 | memory is insufficient. | 1974 1975## huks.updateSession<sup>9+</sup> 1976 1977updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1978 1979Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1980 1981**Atomic service API**: This API can be used in atomic services since API version 11. 1982 1983**System capability**: SystemCapability.Security.Huks.Core 1984 1985**Parameters** 1986 1987| Name | Type | Mandatory| Description | 1988| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1989| handle | number | Yes | Handle for the **updateSession** operation. | 1990| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1991| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.| 1992 1993**Error codes** 1994 1995For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1996 1997| ID| Error Message | 1998| -------- | ------------- | 1999| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2000| 801 | api is not supported. | 2001| 12000001 | algorithm mode is not supported. | 2002| 12000002 | algorithm param is missing. | 2003| 12000003 | algorithm param is invalid. | 2004| 12000004 | operating file failed. | 2005| 12000005 | IPC communication failed. | 2006| 12000006 | error occurred in crypto engine. | 2007| 12000007 | this credential is already invalidated permanently. | 2008| 12000008 | verify auth token failed. | 2009| 12000009 | auth token is already timeout. | 2010| 12000011 | queried entity does not exist. | 2011| 12000012 | external error. | 2012| 12000014 | memory is insufficient. | 2013 2014## huks.updateSession<sup>9+</sup> 2015 2016updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2017 2018Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2019 2020**Atomic service API**: This API can be used in atomic services since API version 12. 2021 2022**System capability**: SystemCapability.Security.Huks.Extension 2023 2024**Parameters** 2025 2026| Name | Type | Mandatory| Description | 2027| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2028| handle | number | Yes | Handle for the **updateSession** operation. | 2029| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2030| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). | 2031| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.| 2032 2033**Error codes** 2034 2035For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2036 2037| ID| Error Message | 2038| -------- | ------------- | 2039| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2040| 801 | api is not supported. | 2041| 12000001 | algorithm mode is not supported. | 2042| 12000002 | algorithm param is missing. | 2043| 12000003 | algorithm param is invalid. | 2044| 12000004 | operating file failed. | 2045| 12000005 | IPC communication failed. | 2046| 12000006 | error occurred in crypto engine. | 2047| 12000007 | this credential is already invalidated permanently. | 2048| 12000008 | verify auth token failed. | 2049| 12000009 | auth token is already timeout. | 2050| 12000011 | queried entity does not exist. | 2051| 12000012 | external error. | 2052| 12000014 | memory is insufficient. | 2053 2054## huks.updateSession<sup>9+</sup> 2055 2056updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2057 2058Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2059 2060**Atomic service API**: This API can be used in atomic services since API version 11. 2061 2062**System capability**: SystemCapability.Security.Huks.Extension 2063 2064**Parameters** 2065 2066| Name | Type | Mandatory| Description | 2067| ------- | ---------------------------------------------- | ---- | -------------------------------------------- | 2068| handle | number | Yes | Handle for the **updateSession** operation. | 2069| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2070| token | Uint8Array | No |Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. | 2071 2072**Return value** 2073 2074| Type | Description | 2075| ----------------------------------- | -------------------------------------------------- | 2076| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the **updateSession** operation result.| 2077 2078**Error codes** 2079 2080For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2081 2082| ID| Error Message | 2083| -------- | ------------- | 2084| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2085| 801 | api is not supported. | 2086| 12000001 | algorithm mode is not supported. | 2087| 12000002 | algorithm param is missing. | 2088| 12000003 | algorithm param is invalid. | 2089| 12000004 | operating file failed. | 2090| 12000005 | IPC communication failed. | 2091| 12000006 | error occurred in crypto engine. | 2092| 12000007 | this credential is already invalidated permanently. | 2093| 12000008 | verify auth token failed. | 2094| 12000009 | auth token is already timeout. | 2095| 12000011 | queried entity does not exist. | 2096| 12000012 | external error. | 2097| 12000014 | memory is insufficient. | 2098 2099## huks.finishSession<sup>9+</sup> 2100 2101finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 2102 2103Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2104 2105**Atomic service API**: This API can be used in atomic services since API version 11. 2106 2107**System capability**: SystemCapability.Security.Huks.Core 2108 2109**Parameters** 2110 2111| Name | Type | Mandatory| Description | 2112| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2113| handle | number | Yes | Handle for the **finishSession** operation. | 2114| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2115| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.| 2116 2117**Error codes** 2118 2119For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2120 2121| ID| Error Message | 2122| -------- | ------------- | 2123| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2124| 801 | api is not supported. | 2125| 12000001 | algorithm mode is not supported. | 2126| 12000002 | algorithm param is missing. | 2127| 12000003 | algorithm param is invalid. | 2128| 12000004 | operating file failed. | 2129| 12000005 | IPC communication failed. | 2130| 12000006 | error occurred in crypto engine. | 2131| 12000007 | this credential is already invalidated permanently. | 2132| 12000008 | verify auth token failed. | 2133| 12000009 | auth token is already timeout. | 2134| 12000011 | queried entity does not exist. | 2135| 12000012 | external error. | 2136| 12000014 | memory is insufficient. | 2137 2138## huks.finishSession<sup>9+</sup> 2139 2140finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2141 2142Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2143 2144**Atomic service API**: This API can be used in atomic services since API version 12. 2145 2146**System capability**: SystemCapability.Security.Huks.Extension 2147 2148**Parameters** 2149 2150| Name | Type | Mandatory| Description | 2151| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- | 2152| handle | number | Yes | Handle for the **finishSession** operation. | 2153| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2154| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). | 2155| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.| 2156 2157**Error codes** 2158 2159For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2160 2161| ID| Error Message | 2162| -------- | ------------- | 2163| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2164| 801 | api is not supported. | 2165| 12000001 | algorithm mode is not supported. | 2166| 12000002 | algorithm param is missing. | 2167| 12000003 | algorithm param is invalid. | 2168| 12000004 | operating file failed. | 2169| 12000005 | IPC communication failed. | 2170| 12000006 | error occurred in crypto engine. | 2171| 12000007 | this credential is already invalidated permanently. | 2172| 12000008 | verify auth token failed. | 2173| 12000009 | auth token is already timeout. | 2174| 12000011 | queried entity does not exist. | 2175| 12000012 | external error. | 2176| 12000014 | memory is insufficient. | 2177 2178## huks.finishSession<sup>9+</sup> 2179 2180finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2181 2182Finishes the key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2183 2184**Atomic service API**: This API can be used in atomic services since API version 11. 2185 2186**System capability**: SystemCapability.Security.Huks.Extension 2187 2188**Parameters** 2189 2190| Name | Type | Mandatory| Description | 2191| ------- | ----------------------------------------------- | ---- | ----------------------------------- | 2192| handle | number | Yes | Handle for the **finishSession** operation. | 2193| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2194| token | Uint8Array | No | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. | 2195 2196**Return value** 2197 2198| Type | Description | 2199| ----------------------------------- | -------------------------------------------------- | 2200| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 2201 2202**Error codes** 2203 2204For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2205 2206| ID| Error Message | 2207| -------- | ------------- | 2208| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2209| 801 | api is not supported. | 2210| 12000001 | algorithm mode is not supported. | 2211| 12000002 | algorithm param is missing. | 2212| 12000003 | algorithm param is invalid. | 2213| 12000004 | operating file failed. | 2214| 12000005 | IPC communication failed. | 2215| 12000006 | error occurred in crypto engine. | 2216| 12000007 | this credential is already invalidated permanently. | 2217| 12000008 | verify auth token failed. | 2218| 12000009 | auth token is already timeout. | 2219| 12000011 | queried entity does not exist. | 2220| 12000012 | external error. | 2221| 12000014 | memory is insufficient. | 2222 2223## huks.abortSession<sup>9+</sup> 2224 2225abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\<void>) : void 2226 2227Aborts a key operation. This API uses an asynchronous callback to return the result. 2228 2229**Atomic service API**: This API can be used in atomic services since API version 11. 2230 2231**System capability**: SystemCapability.Security.Huks.Core 2232 2233**Parameters** 2234 2235| Name | Type | Mandatory| Description | 2236| -------- | --------------------------- | ---- | ------------------------------------------- | 2237| handle | number | Yes | Handle for the **abortSession** operation. | 2238| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2239| callback | AsyncCallback\<void> | Yes | Callback used to return the **abortSession** operation result.| 2240 2241**Error codes** 2242 2243For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2244 2245| ID| Error Message | 2246| -------- | ------------- | 2247| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2248| 801 | api is not supported. | 2249| 12000004 | operating file failed. | 2250| 12000005 | IPC communication failed. | 2251| 12000006 | error occurred in crypto engine. | 2252| 12000012 | external error. | 2253| 12000014 | memory is insufficient. | 2254 2255**Example** 2256 2257```ts 2258import { huks } from '@kit.UniversalKeystoreKit'; 2259/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2260 * If an error occurs in any of huks.initSession, huks.updateSession, 2261 * and huks.finishSession operations, 2262 * call huks.abortSession to terminate the use of the key. 2263 * 2264 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 2265 */ 2266 2267let keyAlias = "HuksDemoRSA"; 2268let properties: Array<huks.HuksParam> = [] 2269let options: huks.HuksOptions = { 2270 properties: properties, 2271 inData: new Uint8Array(0) 2272}; 2273let handle: number = 0; 2274async function huksAbort() { 2275 properties[0] = { 2276 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2277 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2278 }; 2279 properties[1] = { 2280 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2281 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2282 }; 2283 properties[2] = { 2284 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2285 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2286 }; 2287 properties[3] = { 2288 tag: huks.HuksTag.HUKS_TAG_PADDING, 2289 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2290 }; 2291 properties[4] = { 2292 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2293 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2294 }; 2295 properties[5] = { 2296 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2297 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2298 } 2299 try { 2300 huks.generateKeyItem(keyAlias, options, (error, data) => { 2301 if (error) { 2302 console.error(`callback: generateKeyItem failed`); 2303 } else { 2304 console.info(`callback: generateKeyItem success`); 2305 huks.initSession(keyAlias, options, (error, data) => {// Use abortSession to abort initSession. 2306 if (error) { 2307 console.error(`callback: initSession failed`); 2308 } else { 2309 console.info(`callback: initSession success, data = ${JSON.stringify(data)}`); 2310 handle = data.handle; 2311 huks.abortSession(handle, options, (error, data) => { 2312 if (error) { 2313 console.error(`callback: abortSession failed`); 2314 } else { 2315 console.info(`callback: abortSession success`); 2316 } 2317 }); 2318 } 2319 }); 2320 } 2321 }); 2322 } catch (error) { 2323 console.error(`callback: huksAbort failed`); 2324 } 2325} 2326``` 2327 2328## huks.abortSession<sup>9+</sup> 2329 2330abortSession(handle: number, options: HuksOptions) : Promise\<void>; 2331 2332Aborts a key operation. This API uses a promise to return the result. 2333 2334**Atomic service API**: This API can be used in atomic services since API version 11. 2335 2336**System capability**: SystemCapability.Security.Huks.Extension 2337 2338**Parameters** 2339 2340| Name | Type | Mandatory| Description | 2341| ------- | --------------------------- | ---- | ------------------------------------------- | 2342| handle | number | Yes | Handle for the **abortSession** operation. | 2343| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2344 2345**Return value** 2346 2347| Type | Description | 2348| ----------------------------------- | -------------------------------------------------- | 2349| Promise\<void> | Promise used to return the **abortSession** operation result.| 2350 2351**Error codes** 2352 2353For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2354 2355| ID| Error Message | 2356| -------- | ------------- | 2357| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2358| 801 | api is not supported. | 2359| 12000004 | operating file failed. | 2360| 12000005 | IPC communication failed. | 2361| 12000006 | error occurred in crypto engine. | 2362| 12000012 | external error. | 2363| 12000014 | memory is insufficient. | 2364 2365**Example** 2366 2367```ts 2368import { huks } from '@kit.UniversalKeystoreKit'; 2369/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2370 * If an error occurs in any of huks.initSession, huks.updateSession, 2371 * and huks.finishSession operations, 2372 * call huks.abortSession to terminate the use of the key. 2373 * 2374 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 2375 */ 2376 2377function stringToUint8Array(str: string) { 2378 let arr: number[] = []; 2379 for (let i = 0, j = str.length; i < j; ++i) { 2380 arr.push(str.charCodeAt(i)); 2381 } 2382 let tmpUint8Array = new Uint8Array(arr); 2383 return tmpUint8Array; 2384} 2385 2386let keyAlias = "HuksDemoRSA"; 2387let properties: Array<huks.HuksParam> = [] 2388let options: huks.HuksOptions = { 2389 properties: properties, 2390 inData: new Uint8Array(0) 2391}; 2392let handle: number = 0; 2393 2394async function generateKey() { 2395 properties[0] = { 2396 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2397 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2398 }; 2399 properties[1] = { 2400 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2401 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2402 }; 2403 properties[2] = { 2404 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2405 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2406 }; 2407 properties[3] = { 2408 tag: huks.HuksTag.HUKS_TAG_PADDING, 2409 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2410 }; 2411 properties[4] = { 2412 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2413 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2414 }; 2415 properties[5] = { 2416 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2417 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2418 } 2419 2420 try { 2421 await huks.generateKeyItem(keyAlias, options) 2422 .then((data) => { 2423 console.info(`promise: generateKeyItem success`); 2424 }) 2425 .catch((error: Error) => { 2426 console.error(`promise: generateKeyItem failed`); 2427 }); 2428 } catch (error) { 2429 console.error(`promise: generateKeyItem input arg invalid`); 2430 } 2431} 2432 2433async function huksInit() { 2434 console.info('enter huksInit'); 2435 try { 2436 await huks.initSession(keyAlias, options) 2437 .then((data) => { 2438 console.info(`promise: initSession success, data = ${JSON.stringify(data)}`); 2439 handle = data.handle; 2440 }) 2441 .catch((error: Error) => { 2442 console.error(`promise: initSession key failed`); 2443 }); 2444 } catch (error) { 2445 console.error(`promise: initSession input arg invalid`); 2446 } 2447} 2448 2449async function huksUpdate() { 2450 console.info('enter huksUpdate'); 2451 options.inData = stringToUint8Array("huksHmacTest"); 2452 try { 2453 await huks.updateSession(handle, options) 2454 .then((data) => { 2455 console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`); 2456 }) 2457 .catch((error: Error) => { 2458 console.error(`promise: updateSession failed`); 2459 }); 2460 } catch (error) { 2461 console.error(`promise: updateSession input arg invalid`); 2462 } 2463} 2464 2465async function huksFinish() { 2466 console.info('enter huksFinish'); 2467 options.inData = new Uint8Array(0); 2468 try { 2469 await huks.finishSession(handle, options) 2470 .then((data) => { 2471 console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`); 2472 }) 2473 .catch((error: Error) => { 2474 console.error(`promise: finishSession failed`); 2475 }); 2476 } catch (error) { 2477 console.error(`promise: finishSession input arg invalid`); 2478 } 2479} 2480 2481async function huksAbort() { 2482 console.info('enter huksAbort'); 2483 try { 2484 await huks.abortSession(handle, options) 2485 .then((data) => { 2486 console.info(`promise: abortSession success`); 2487 }) 2488 .catch((error: Error) => { 2489 console.error(`promise: abortSession failed`); 2490 }); 2491 } catch (error) { 2492 console.error(`promise: abortSession input arg invalid`); 2493 } 2494} 2495 2496async function testAbort() { 2497 await generateKey(); 2498 await huksInit(); // Use abortSession to abort initSession. 2499 await huksAbort(); 2500} 2501``` 2502 2503## huks.listAliases<sup>12+</sup> 2504 2505listAliases(options: HuksOptions): Promise\<HuksListAliasesReturnResult>; 2506 2507Lists key aliases. This API uses a promise to return the result. 2508 2509**Atomic service API**: This API can be used in atomic services since API version 12. 2510 2511**System capability**: SystemCapability.Security.Huks.Extension 2512 2513**Parameters** 2514 2515| Name | Type | Mandatory| Description | 2516| ------- | --------------------------- | ---- | ------------------------------------------- | 2517| options | [HuksOptions](#huksoptions) | Yes | Parameters for listing key aliases. | 2518 2519 2520**Return value** 2521 2522| Type | Description | 2523| ----------------------------------- | -------------------------------------------------- | 2524| Promise<[HuksListAliasesReturnResult](#hukslistaliasesreturnresult12)> | Promise used to return the key aliases obtained.| 2525 2526**Error codes** 2527 2528For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2529 2530| ID| Error Message | 2531| -------- | ------------- | 2532| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2533| 12000004 | operating file failed. | 2534| 12000005 | IPC communication failed. | 2535| 12000012 | external error. | 2536| 12000014 | memory is insufficient. | 2537 2538**Example** 2539 2540```ts 2541import { huks } from '@kit.UniversalKeystoreKit' 2542 2543async function testListAliases() { 2544 let queryProperties: Array<huks.HuksParam> = [ 2545 { 2546 tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 2547 value: huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_DE 2548 } 2549 ]; 2550 let queryOptions: huks.HuksOptions = { 2551 properties: queryProperties 2552 }; 2553 2554 try { 2555 let result: huks.HuksListAliasesReturnResult = await huks.listAliases(queryOptions); 2556 console.info(`promise: listAliases success`); 2557 } catch (error) { 2558 console.error(`promise: listAliases fail , code: ` + error.code + `, msg: ` + error.message); 2559 } 2560} 2561 2562``` 2563 2564 2565## HuksExceptionErrCode<sup>9+</sup> 2566 2567Enumerates the error codes. 2568 2569For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2570 2571**System capability**: SystemCapability.Security.Huks.Core 2572 2573| Name | Value| Description | 2574| ---------------------------------------------- | -------- |--------------------------- | 2575| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2576| HUKS_ERR_CODE_NOT_SYSTEM_APP<sup>12+</sup> | 202 | The caller is not a system application and cannot call the system API.<br> **System capability**: SystemCapability.Security.Huks.Core | 2577| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. Possible causes: 1. Mandatory parameters are left unspecified.2. Incorrect parameter types.3. Parameter verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2578| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2579| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2580| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2581| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2582| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2583| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2584| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2585| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2586| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2587| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2588| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2589| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2590| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2591| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2592| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2593| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2594| HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET<sup>11+</sup> | 12000016 | The required lock screen password is not set.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2595 2596## HuksKeyPurpose 2597 2598Enumerates the key purposes. 2599 2600**System capability**: SystemCapability.Security.Huks.Core 2601 2602| Name | Value | Description | 2603| ------------------------ | ---- | -------------------------------- | 2604| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2605| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2606| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2607| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2608| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2609| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2610| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2611| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2612| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2613 2614## HuksKeyDigest 2615 2616Enumerates the digest algorithms. 2617 2618**Atomic service API**: This API can be used in atomic services since API version 12. 2619 2620**System capability**: SystemCapability.Security.Huks.Core 2621 2622The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2623 2624| Name | Value | Description | 2625| ---------------------- | ---- | ---------------------------------------- | 2626| HUKS_DIGEST_NONE | 0 | No digest algorithm<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2627| HUKS_DIGEST_MD5 | 1 | MD5<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2628| HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2629| HUKS_DIGEST_SHA1 | 10 | SHA-1<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2630| HUKS_DIGEST_SHA224 | 11 | SHA-224<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2631| HUKS_DIGEST_SHA256 | 12 | SHA-256<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2632| HUKS_DIGEST_SHA384 | 13 | SHA-384<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2633| HUKS_DIGEST_SHA512 | 14 | SHA-512<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2634 2635## HuksKeyPadding 2636 2637Enumerates the padding algorithms. 2638 2639**System capability**: SystemCapability.Security.Huks.Core 2640 2641| Name | Value | Description | 2642| ---------------------- | ---- | ---------------------------------------- | 2643| HUKS_PADDING_NONE | 0 | No padding algorithm is used.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2644| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2645| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2646| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2647| HUKS_PADDING_PKCS5 | 4 | PKCS #5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2648| HUKS_PADDING_PKCS7 | 5 | PKCS #7.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2649| HUKS_PADDING_ISO_IEC_9796_2<sup>12+</sup> | 6 | ISO/IEC 9796-2, which is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2650| HUKS_PADDING_ISO_IEC_9797_1<sup>12+</sup> | 7 | ISO/IEC 9796-1, which is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2651 2652## HuksCipherMode 2653 2654Enumerates the cipher modes. 2655 2656**System capability**: SystemCapability.Security.Huks.Core 2657 2658| Name | Value | Description | 2659| ------------- | ---- | --------------------- | 2660| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2661| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2662| HUKS_MODE_CTR | 3 | Counter (CTR) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2663| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2664| HUKS_MODE_CFB<sup>12+</sup> | 5 | Ciphertext Feedback (CFB) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2665| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2666| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2667 2668## HuksKeySize 2669 2670Enumerates the key sizes. 2671 2672**System capability**: SystemCapability.Security.Huks.Core 2673 2674| Name | Value | Description | 2675| ---------------------------------- | ---- | ------------------------------------------ | 2676| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2677| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2678| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2679| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2680| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2681| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2682| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2683| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2684| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2685| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2686| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2687| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2688| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2689| HUKS_AES_KEY_SIZE_512<sup>(deprecated)</sup> | 512 | AES key of 512 bits This API is deprecated since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2690| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2691| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2692| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2693| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2694| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | ShangMi2 (SM2) key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2695| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | ShangMi4 (SM4) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2696| HUKS_DES_KEY_SIZE_64<sup>12+</sup> | 64 | DES key of 64 bits. This value is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2697| HUKS_3DES_KEY_SIZE_128<sup>12+</sup> | 128 | 3DES key of 128 bits. This value is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2698| HUKS_3DES_KEY_SIZE_192<sup>12+</sup> | 192 | 3DES key of 192 bits. This value is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2699 2700## HuksKeyAlg 2701 2702Enumerates the key algorithms. 2703 2704**System capability**: SystemCapability.Security.Huks.Core 2705 2706| Name | Value | Description | 2707| ------------------------- | ---- | --------------------- | 2708| HUKS_ALG_RSA | 1 | RSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2709| HUKS_ALG_ECC | 2 | ECC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2710| HUKS_ALG_DSA | 3 | DSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2711| HUKS_ALG_AES | 20 | AES.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2712| HUKS_ALG_HMAC | 50 | HMAC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2713| HUKS_ALG_HKDF | 51 | HKDF.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2714| HUKS_ALG_PBKDF2 | 52 | PBKDF2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2715| HUKS_ALG_ECDH | 100 | ECDH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2716| HUKS_ALG_X25519 | 101 | X25519. <br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2717| HUKS_ALG_ED25519 | 102 | Ed25519.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2718| HUKS_ALG_DH | 103 | DH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2719| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2720| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2721| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2722| HUKS_ALG_DES<sup>12+</sup> | 160 | DES, which is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2723| HUKS_ALG_3DES<sup>12+</sup> | 161 | 3DES, which is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2724| HUKS_ALG_CMAC<sup>12+</sup> | 162 | CMAC, which is not supported currently.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2725 2726## HuksKeyGenerateType 2727 2728Enumerates the key generation types. 2729 2730**Atomic service API**: This API can be used in atomic services since API version 12. 2731 2732**System capability**: SystemCapability.Security.Huks.Core 2733 2734The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2735 2736| Name | Value | Description | 2737| ------------------------------ | ---- | ---------------- | 2738| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.| 2739| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.| 2740| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.| 2741 2742## HuksKeyFlag 2743 2744Enumerates the key generation modes. 2745 2746**Atomic service API**: This API can be used in atomic services since API version 12. 2747 2748**System capability**: SystemCapability.Security.Huks.Core 2749 2750| Name | Value | Description | 2751| -------------------------- | ---- | ------------------------------------ | 2752| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. | 2753| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. | 2754| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.| 2755| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.| 2756 2757## HuksKeyStorageType 2758 2759Enumerates the key storage modes. 2760 2761**System capability**: SystemCapability.Security.Huks.Core 2762 2763| Name | Value | Description | 2764| -------------------------------------------- | ---- | ------------------------------ | 2765| HUKS_STORAGE_TEMP<sup>(deprecated)</sup> | 0 | The key is managed locally.<br>**NOTE**<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2766| HUKS_STORAGE_PERSISTENT<sup>(deprecated)</sup> | 1 | The key is managed by the HUKS service.<br>NOTE<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2767| HUKS_STORAGE_ONLY_USED_IN_HUKS<sup>10+</sup> | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2768| HUKS_STORAGE_KEY_EXPORT_ALLOWED<sup>10+</sup> | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2769 2770## HuksSendType 2771 2772Enumerates the tag transfer modes. 2773 2774**Atomic service API**: This API can be used in atomic services since API version 12. 2775 2776**System capability**: SystemCapability.Security.Huks.Core 2777 2778The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2779 2780| Name | Value | Description | 2781| -------------------- | ---- | ----------------- | 2782| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.| 2783| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.| 2784 2785## HuksUnwrapSuite<sup>9+</sup> 2786 2787Enumerates the algorithm suites that can be used for importing a key in ciphertext. 2788 2789**Atomic service API**: This API can be used in atomic services since API version 12. 2790 2791**System capability**: SystemCapability.Security.Huks.Core 2792 2793The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12 2794 2795| Name | Value | Description | 2796| ---------------------------------------------- | ---- | ----------------------------------------------------- | 2797| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.| 2798| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. | 2799 2800## HuksImportKeyType<sup>9+</sup> 2801 2802Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported. 2803 2804**Atomic service API**: This API can be used in atomic services since API version 12. 2805 2806**System capability**: SystemCapability.Security.Huks.Core 2807 2808The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12 2809 2810| Name | Value | Description | 2811| ------------------------- | ---- | ------------------------------ | 2812| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key | 2813| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key | 2814| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair| 2815 2816## HuksRsaPssSaltLenType<sup>10+</sup> 2817 2818Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification. 2819 2820**Atomic service API**: This API can be used in atomic services since API version 12. 2821 2822**System capability**: SystemCapability.Security.Huks.Core 2823 2824The system capability is **SystemCapability.Security.Huks.Extension** in API versions 10 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2825 2826| Name | Value | Description | 2827| ------------------------------------------ | ---- | ---------------------------- | 2828| HUKS_RSA_PSS_SALT_LEN_DIGEST<sup>10+</sup> | 0 | **salt_len** is set to the digest length.| 2829| HUKS_RSA_PSS_SALT_LEN_MAX<sup>10+</sup> | 1 | **salt_len** is set to the maximum length.| 2830 2831## HuksUserAuthType<sup>9+</sup> 2832 2833Enumerates the user authentication types. 2834 2835**Atomic service API**: This API can be used in atomic services since API version 12. 2836 2837**System capability**: SystemCapability.Security.Huks.Extension 2838 2839| Name | Value | Description | 2840| ------------------------------- | ---- | ------------------------- | 2841| both.| 1 << 0 | Fingerprint authentication. | 2842| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.| 2843| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.| 2844 2845## HuksUserAuthMode<sup>12+</sup> 2846 2847Enumerates the user authentication modes. 2848 2849**Atomic service API**: This API can be used in atomic services since API version 12. 2850 2851**System capability**: SystemCapability.Security.Huks.Extension 2852 2853| Name | Value | Description | 2854| ------------------------------- | ---- | ------------------------- | 2855| HUKS_USER_AUTH_MODE_LOCAL | 0 | Local authentication. | 2856| HUKS_USER_AUTH_MODE_COAUTH | 1 | Cross-device collaborative authentication.| 2857 2858## HuksAuthAccessType<sup>9+</sup> 2859 2860Enumerates the access control types. 2861 2862**Atomic service API**: This API can be used in atomic services since API version 12. 2863 2864**System capability**: SystemCapability.Security.Huks.Extension 2865 2866| Name | Value | Description | 2867| --------------------------------------- | ---- | ------------------------------------------------ | 2868| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. | 2869| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.| 2870| HUKS_AUTH_ACCESS_ALWAYS_VALID<sup>11+</sup> | 1 << 2 | The key is always valid.| 2871 2872## HuksChallengeType<sup>9+</sup> 2873 2874Enumerates the types of the challenges generated when a key is used. 2875 2876**Atomic service API**: This API can be used in atomic services since API version 12. 2877 2878**System capability**: SystemCapability.Security.Huks.Extension 2879 2880| Name | Value | Description | 2881| ------------------------------- | ---- | ------------------------------ | 2882| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.| 2883| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.| 2884| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.| 2885 2886## HuksChallengePosition<sup>9+</sup> 2887 2888Enumerates the positions of the 8-byte valid value in a custom challenge generated. 2889 2890**Atomic service API**: This API can be used in atomic services since API version 12. 2891 2892**System capability**: SystemCapability.Security.Huks.Extension 2893 2894| Name | Value | Description | 2895| ------------------------------- | ---- | ------------------------------ | 2896| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.| 2897| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.| 2898| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.| 2899| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.| 2900 2901## HuksSecureSignType<sup>9+</sup> 2902 2903Defines the signature type of the key generated or imported. 2904 2905**Atomic service API**: This API can be used in atomic services since API version 12. 2906 2907**System capability**: SystemCapability.Security.Huks.Extension 2908 2909| Name | Value | Description | 2910| ------------------------------ | ---- | ------------------------------------------------------------ | 2911| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.| 2912 2913## HuksAuthStorageLevel<sup>11+</sup> 2914 2915Represents the storage security level of a key. 2916 2917**Atomic service API**: This API can be used in atomic services since API version 12. 2918 2919**System capability**: SystemCapability.Security.Huks.Core 2920 2921The system capability is **SystemCapability.Security.Huks.Extension** in API version 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2922 2923| Name | Value | Description | 2924| ------------------------------ | ---- | ------------------------------------------------------------ | 2925| HUKS_AUTH_STORAGE_LEVEL_DE | 0 | The key can be accessed only after the device is started.| 2926| HUKS_AUTH_STORAGE_LEVEL_CE | 1 | The key can be accessed only after the first unlock of the device.| 2927| HUKS_AUTH_STORAGE_LEVEL_ECE | 2 | The key can be accessed only when the device is unlocked.| 2928 2929## HuksTagType 2930 2931Enumerates the tag data types. 2932 2933**Atomic service API**: This API can be used in atomic services since API version 11. 2934 2935**System capability**: SystemCapability.Security.Huks.Core 2936 2937| Name | Value | Description | 2938| --------------------- | ------- | --------------------------------------- | 2939| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | 2940| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | 2941| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.| 2942| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. | 2943| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | 2944| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | 2945 2946## HuksTag 2947 2948Enumerates the tags used to invoke parameters. 2949 2950**System capability**: SystemCapability.Security.Huks.Core 2951 2952| Name | Value | Description | 2953| ----------------------------------------------------------- | ---------------------------------------- | ------------------------------------------------------------ | 2954| HUKS_TAG_INVALID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2955| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2956| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2957| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2958| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2959| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2960| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2961| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2962| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2963| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Nonce for key encryption and decryption.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2964| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2965| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2966| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2967| HUKS_TAG_PWD<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2968| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2969| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2970| HUKS_TAG_DERIVE_MAIN_KEY<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2971| HUKS_TAG_DERIVE_FACTOR<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2972| HUKS_TAG_DERIVE_ALG<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2973| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2974| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2975| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2976| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2977| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2978| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2979| HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2980| HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2981| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2982| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2983| HUKS_TAG_ACTIVE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2984| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2985| HUKS_TAG_USAGE_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2986| HUKS_TAG_CREATION_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2987| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2988| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2989| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2990| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HUKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set the user authentication type to **HUKS_USER_AUTH_TYPE_FACE**, **HUKS_USER_AUTH_TYPE_FINGERPRINT**, or| both.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2991| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | One-time validity period of the authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2992| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2993| HUKS_TAG_KEY_AUTH_ACCESS_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2994| HUKS_TAG_KEY_SECURE_SIGN_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2995| HUKS_TAG_CHALLENGE_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2996| HUKS_TAG_CHALLENGE_POS<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2997| HUKS_TAG_KEY_AUTH_PURPOSE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2998| HUKS_TAG_AUTH_STORAGE_LEVEL<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|316 | Key storage security level, which is a value of [HuksAuthStorageLevel](#huksauthstoragelevel11).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2999| HUKS_TAG_USER_AUTH_MODE<sup>12+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 319 | User authentication mode, which is a value of [HuksUserAuthMode](#huksuserauthmode12).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3000| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3001| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3002| HUKS_TAG_ATTESTATION_ID_BRAND<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3003| HUKS_TAG_ATTESTATION_ID_DEVICE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3004| HUKS_TAG_ATTESTATION_ID_PRODUCT<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3005| HUKS_TAG_ATTESTATION_ID_SERIAL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3006| HUKS_TAG_ATTESTATION_ID_IMEI<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3007| HUKS_TAG_ATTESTATION_ID_MEID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3008| HUKS_TAG_ATTESTATION_ID_MANUFACTURER<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3009| HUKS_TAG_ATTESTATION_ID_MODEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3010| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3011| HUKS_TAG_ATTESTATION_ID_SOCID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3012| HUKS_TAG_ATTESTATION_ID_UDID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3013| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3014| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3015| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3016| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3017| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3018| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3019| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3020| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3021| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3022| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3023| HUKS_TAG_SECURE_KEY_ALIAS<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3024| HUKS_TAG_SECURE_KEY_UUID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3025| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3026| HUKS_TAG_IS_DEVICE_PASSWORD_SET<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1012 | Whether the key is accessible only when the user sets a lock screen password.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3027| HUKS_TAG_PROCESS_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3028| HUKS_TAG_PACKAGE_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3029| HUKS_TAG_ACCESS_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3030| HUKS_TAG_USES_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3031| HUKS_TAG_CRYPTO_CTX<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3032| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3033| HUKS_TAG_KEY_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3034| HUKS_TAG_PAYLOAD_LEN<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3035| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 3036| HUKS_TAG_IS_KEY_HANDLE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3037| HUKS_TAG_OS_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3038| HUKS_TAG_OS_PATCHLEVEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3039| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3040| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3041| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3042 3043## huks.getSdkVersion<sup>(deprecated)</sup> 3044 3045getSdkVersion(options: HuksOptions) : string 3046 3047Obtains the SDK version of the current system. 3048 3049> **NOTE** 3050> 3051> This API is deprecated since API version 11. 3052 3053**System capability**: SystemCapability.Security.Huks.Extension 3054 3055**Parameters** 3056 3057| Name | Type | Mandatory| Description | 3058| ------- | ---------- | ---- | ------------------------- | 3059| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.| 3060 3061**Return value** 3062 3063| Type | Description | 3064| ------ | ------------- | 3065| string | SDK version obtained.| 3066 3067**Example** 3068 3069```ts 3070import { huks } from '@kit.UniversalKeystoreKit'; 3071/* Set options to emptyOptions. */ 3072let emptyOptions: huks.HuksOptions = { 3073 properties: [] 3074}; 3075let result = huks.getSdkVersion(emptyOptions); 3076``` 3077 3078## huks.generateKey<sup>(deprecated)</sup> 3079 3080generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3081 3082Generates a key. This API uses an asynchronous callback to return the result. 3083 3084> **NOTE** 3085> 3086> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9). 3087 3088**System capability**: SystemCapability.Security.Huks.Extension 3089 3090**Parameters** 3091 3092| Name | Type | Mandatory| Description | 3093| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3094| keyAlias | string | Yes | Alias of the key. | 3095| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | 3096| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.| 3097 3098**Example** 3099 3100```ts 3101import { huks } from '@kit.UniversalKeystoreKit'; 3102/* Generate an RSA key of 512 bits. */ 3103 3104let keyAlias = 'keyAlias'; 3105let properties: Array<huks.HuksParam> = [ 3106 { 3107 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3108 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3109 }, 3110 { 3111 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3112 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512 3113 }, 3114 { 3115 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3116 value: 3117 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 3118 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3119 }, 3120 { 3121 tag: huks.HuksTag.HUKS_TAG_PADDING, 3122 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3123 }, 3124 { 3125 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3126 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3127 } 3128]; 3129let options: huks.HuksOptions = { 3130 properties: properties 3131}; 3132huks.generateKey(keyAlias, options, (err, data) => { 3133}); 3134``` 3135 3136## huks.generateKey<sup>(deprecated)</sup> 3137 3138generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3139 3140Generates a key. This API uses a promise to return the result. 3141 3142> **NOTE** 3143> 3144> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9-1). 3145 3146**System capability**: SystemCapability.Security.Huks.Extension 3147 3148**Parameters** 3149 3150| Name | Type | Mandatory| Description | 3151| -------- | --------------------------- | ---- | ------------------------ | 3152| keyAlias | string | Yes | Alias of the key. | 3153| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.| 3154 3155**Return value** 3156 3157| Type | Description | 3158| ----------------------------------- | -------------------------------------------------- | 3159| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3160 3161**Example** 3162 3163```ts 3164import { huks } from '@kit.UniversalKeystoreKit'; 3165/* Generate a 256-bit ECC key. */ 3166 3167let keyAlias = 'keyAlias'; 3168let properties: Array<huks.HuksParam> = [ 3169 { 3170 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3171 value: huks.HuksKeyAlg.HUKS_ALG_ECC 3172 }, 3173 { 3174 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3175 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 3176 }, 3177 { 3178 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3179 value: 3180 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 3181 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 3182 }, 3183 { 3184 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3185 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3186 } 3187]; 3188let options: huks.HuksOptions = { 3189 properties: properties 3190}; 3191let result = huks.generateKey(keyAlias, options); 3192``` 3193 3194## huks.deleteKey<sup>(deprecated)</sup> 3195 3196deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3197 3198Deletes a key. This API uses an asynchronous callback to return the result. 3199 3200> **NOTE** 3201> 3202> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9). 3203 3204**System capability**: SystemCapability.Security.Huks.Extension 3205 3206**Parameters** 3207 3208| Name | Type | Mandatory| Description | 3209| -------- | ----------------------------------------- | ---- |----------------------------------------------------| 3210| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 3211| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3212| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. | 3213 3214**Example** 3215 3216```ts 3217import { huks } from '@kit.UniversalKeystoreKit'; 3218/* Set options to emptyOptions. */ 3219let keyAlias = 'keyAlias'; 3220let emptyOptions: huks.HuksOptions = { 3221 properties: [] 3222}; 3223huks.deleteKey(keyAlias, emptyOptions, (err, data) => { 3224}); 3225``` 3226 3227## huks.deleteKey<sup>(deprecated)</sup> 3228 3229deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3230 3231Deletes a key. This API uses a promise to return the result. 3232 3233> **NOTE** 3234> 3235> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9-1). 3236 3237**System capability**: SystemCapability.Security.Huks.Extension 3238 3239**Parameters** 3240 3241| Name | Type | Mandatory| Description | 3242| -------- | ----------- | ---- | ----------------------------------------------------- | 3243| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 3244| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3245 3246**Return value** 3247 3248| Type | Description | 3249| ----------------------------------- | -------------------------------------------------- | 3250| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3251 3252**Example** 3253 3254```ts 3255import { huks } from '@kit.UniversalKeystoreKit'; 3256/* Set options to emptyOptions. */ 3257let keyAlias = 'keyAlias'; 3258let emptyOptions: huks.HuksOptions = { 3259 properties: [] 3260}; 3261let result = huks.deleteKey(keyAlias, emptyOptions); 3262``` 3263 3264## huks.importKey<sup>(deprecated)</sup> 3265 3266importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3267 3268Imports a key in plaintext. This API uses an asynchronous callback to return the result. 3269 3270> **NOTE** 3271> 3272> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9). 3273 3274**System capability**: SystemCapability.Security.Huks.Extension 3275 3276**Parameters** 3277 3278| Name | Type | Mandatory| Description | 3279| -------- | ------------------------ | ---- | ------------------------------------------------- | 3280| keyAlias | string | Yes | Alias of the key.| 3281| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3282| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3283 3284**Example** 3285 3286```ts 3287import { huks } from '@kit.UniversalKeystoreKit'; 3288/* Import a 256-bit AES key. */ 3289 3290let plainTextSize32 = makeRandomArr(32); 3291function makeRandomArr(size: number) { 3292 let arr = new Uint8Array(size); 3293 for (let i = 0; i < size; i++) { 3294 arr[i] = Math.floor(Math.random() * 10); 3295 } 3296 return arr; 3297}; 3298let keyAlias = 'keyAlias'; 3299let properties: Array<huks.HuksParam> = [ 3300 { 3301 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3302 value: huks.HuksKeyAlg.HUKS_ALG_AES 3303 }, 3304 { 3305 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3306 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 3307 }, 3308 { 3309 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3310 value: 3311 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3312 }, 3313 { 3314 tag: huks.HuksTag.HUKS_TAG_PADDING, 3315 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3316 }, 3317 { 3318 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3319 value: huks.HuksCipherMode.HUKS_MODE_ECB 3320 } 3321]; 3322let options: huks.HuksOptions = { 3323 properties: properties, 3324 inData: plainTextSize32 3325}; 3326huks.importKey(keyAlias, options, (err, data) => { 3327}); 3328``` 3329 3330## huks.importKey<sup>(deprecated)</sup> 3331 3332importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3333 3334Imports a key in plaintext. This API uses a promise to return the result. 3335 3336> **NOTE** 3337> 3338> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9-1). 3339 3340**System capability**: SystemCapability.Security.Huks.Extension 3341 3342**Parameters** 3343 3344| Name | Type | Mandatory| Description | 3345| -------- | ----------- | ---- | ------------------------------------ | 3346| keyAlias | string | Yes | Alias of the key.| 3347| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3348 3349**Return value** 3350 3351| Type | Description | 3352| ----------------------------------- | -------------------------------------------------- | 3353| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3354 3355**Example** 3356 3357```ts 3358import { huks } from '@kit.UniversalKeystoreKit'; 3359/* Import an AES key of 128 bits. */ 3360 3361let plainTextSize32 = makeRandomArr(32); 3362function makeRandomArr(size: number) { 3363 let arr = new Uint8Array(size); 3364 for (let i = 0; i < size; i++) { 3365 arr[i] = Math.floor(Math.random() * 10); 3366 } 3367 return arr; 3368}; 3369/* Step 1 Generate a key. */ 3370let keyAlias = 'keyAlias'; 3371let properties: Array<huks.HuksParam> = [ 3372 { 3373 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3374 value: huks.HuksKeyAlg.HUKS_ALG_AES 3375 }, 3376 { 3377 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3378 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 3379 }, 3380 { 3381 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3382 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3383 }, 3384 { 3385 tag: huks.HuksTag.HUKS_TAG_PADDING, 3386 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3387 }, 3388 { 3389 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3390 value: huks.HuksCipherMode.HUKS_MODE_ECB 3391 } 3392]; 3393let huksOptions: huks.HuksOptions = { 3394 properties: properties, 3395 inData: plainTextSize32 3396}; 3397let result = huks.importKey(keyAlias, huksOptions); 3398``` 3399 3400## huks.exportKey<sup>(deprecated)</sup> 3401 3402exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3403 3404Exports a key. This API uses an asynchronous callback to return the result. 3405 3406> **NOTE** 3407> 3408> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9). 3409 3410**System capability**: SystemCapability.Security.Huks.Extension 3411 3412**Parameters** 3413 3414| Name | Type | Mandatory| Description | 3415| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3416| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3417| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3418| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3419 3420**Example** 3421 3422```ts 3423import { huks } from '@kit.UniversalKeystoreKit'; 3424/* Set options to emptyOptions. */ 3425let keyAlias = 'keyAlias'; 3426let emptyOptions: huks.HuksOptions = { 3427 properties: [] 3428}; 3429huks.exportKey(keyAlias, emptyOptions, (err, data) => { 3430}); 3431``` 3432 3433## huks.exportKey<sup>(deprecated)</sup> 3434 3435exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3436 3437Exports a key. This API uses a promise to return the result. 3438 3439> **NOTE** 3440> 3441> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9-1). 3442 3443**System capability**: SystemCapability.Security.Huks.Extension 3444 3445**Parameters** 3446 3447| Name | Type | Mandatory| Description | 3448| -------- | ----------- | ---- | ------------------------------------------------------------ | 3449| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3450| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3451 3452**Return value** 3453 3454| Type | Description | 3455| ----------------------------------- | ------------------------------------------------------------ | 3456| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3457 3458**Example** 3459 3460```ts 3461import { huks } from '@kit.UniversalKeystoreKit'; 3462/* Set options to emptyOptions. */ 3463let keyAlias = 'keyAlias'; 3464let emptyOptions: huks.HuksOptions = { 3465 properties: [] 3466}; 3467let result = huks.exportKey(keyAlias, emptyOptions); 3468``` 3469 3470## huks.getKeyProperties<sup>(deprecated)</sup> 3471 3472getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3473 3474Obtains key properties. This API uses an asynchronous callback to return the result. 3475 3476> **NOTE** 3477> 3478> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9). 3479 3480**System capability**: SystemCapability.Security.Huks.Extension 3481 3482**Parameters** 3483 3484| Name | Type | Mandatory| Description | 3485| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3486| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3487| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3488| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.| 3489 3490**Example** 3491 3492```ts 3493import { huks } from '@kit.UniversalKeystoreKit'; 3494/* Set options to emptyOptions. */ 3495let keyAlias = 'keyAlias'; 3496let emptyOptions: huks.HuksOptions = { 3497 properties: [] 3498}; 3499huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => { 3500}); 3501``` 3502 3503## huks.getKeyProperties<sup>(deprecated)</sup> 3504 3505getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3506 3507Obtains key properties. This API uses a promise to return the result. 3508 3509> **NOTE** 3510> 3511> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9-1). 3512 3513**System capability**: SystemCapability.Security.Huks.Extension 3514 3515**Parameters** 3516 3517| Name | Type | Mandatory| Description | 3518| -------- | ----------- | ---- | ------------------------------------------------------------ | 3519| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3520| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3521 3522**Return value** 3523 3524| Type | Description | 3525| ------------------ | ------------------------------------------------------------ | 3526| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** returns the parameters required for generating the key. If the operation fails, an error code is returned.| 3527 3528**Example** 3529 3530```ts 3531import { huks } from '@kit.UniversalKeystoreKit'; 3532/* Set options to emptyOptions. */ 3533let keyAlias = 'keyAlias'; 3534let emptyOptions: huks.HuksOptions = { 3535 properties: [] 3536}; 3537let result = huks.getKeyProperties(keyAlias, emptyOptions); 3538``` 3539 3540## huks.isKeyExist<sup>(deprecated)</sup> 3541 3542isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 3543 3544Checks whether a key exists. This API uses an asynchronous callback to return the result. 3545 3546> **NOTE** 3547> 3548> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9). 3549 3550**System capability**: SystemCapability.Security.Huks.Extension 3551 3552**Parameters** 3553 3554| Name | Type | Mandatory| Description | 3555| -------- | ---------------------- | ---- | ------------------------------------- | 3556| keyAlias | string | Yes | Alias of the key to check.| 3557| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3558| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3559 3560**Example** 3561 3562```ts 3563import { huks } from '@kit.UniversalKeystoreKit'; 3564/* Set options to emptyOptions. */ 3565let keyAlias = 'keyAlias'; 3566let emptyOptions: huks.HuksOptions = { 3567 properties: [] 3568}; 3569huks.isKeyExist(keyAlias, emptyOptions, (err, data) => { 3570}); 3571``` 3572 3573## huks.isKeyExist<sup>(deprecated)</sup> 3574 3575isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 3576 3577Checks whether a key exists. This API uses a promise to return the result. 3578 3579> **NOTE** 3580> 3581> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9-1). 3582 3583**System capability**: SystemCapability.Security.Huks.Extension 3584 3585**Parameters** 3586 3587| Name | Type | Mandatory| Description | 3588| -------- | ----------- | ---- | -------------------------------- | 3589| keyAlias | string | Yes | Alias of the key to check.| 3590| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3591 3592**Return value** 3593 3594| Type | Description | 3595| ----------------- | --------------------------------------- | 3596| Promise\<boolean> | Promise used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3597 3598**Example** 3599 3600```ts 3601import { huks } from '@kit.UniversalKeystoreKit'; 3602/* Set options to emptyOptions. */ 3603let keyAlias = 'keyAlias'; 3604let emptyOptions: huks.HuksOptions = { 3605 properties: [] 3606}; 3607let result = huks.isKeyExist(keyAlias, emptyOptions); 3608``` 3609 3610## huks.init<sup>(deprecated)</sup> 3611 3612init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksHandle>) : void 3613 3614Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3615 3616> **NOTE** 3617> 3618> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3619 3620**System capability**: SystemCapability.Security.Huks.Extension 3621 3622**Parameters** 3623 3624| Name | Type | Mandatory| Description | 3625| -------- | ---------------------- | ---- | ------------------------------------- | 3626| keyAlias | string | Yes | Alias of the target key.| 3627| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3628| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback used to return a session handle for subsequent operations.| 3629 3630## huks.init<sup>(deprecated)</sup> 3631 3632init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> 3633 3634Initializes a session for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3635 3636> **NOTE** 3637> 3638> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3639 3640**System capability**: SystemCapability.Security.Huks.Extension 3641 3642**Parameters** 3643 3644| Name | Type | Mandatory| Description | 3645| -------- | ---------------------- | ---- | ------------------------------------- | 3646| keyAlias | string | Yes | Alias of the target key.| 3647| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3648 3649**Return value** 3650 3651| Type | Description | 3652| ----------------------------------- | -------------------------------------------------- | 3653| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return a session handle for subsequent operations.| 3654 3655## huks.update<sup>(deprecated)</sup> 3656 3657update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3658 3659Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3660 3661> **NOTE** 3662> 3663> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-1). 3664 3665**System capability**: SystemCapability.Security.Huks.Extension 3666 3667**Parameters** 3668 3669| Name | Type | Mandatory| Description | 3670| -------- | ----------------------------------------- | ---- | -------------------------------------------- | 3671| handle | number | Yes | Handle for the **update** operation. | 3672| token | Uint8Array | No | Token of the **update** operation. | 3673| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3674| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the **update** operation result.| 3675 3676## huks.update<sup>(deprecated)</sup> 3677 3678update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>; 3679 3680Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3681 3682> **NOTE** 3683> 3684> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-2). 3685 3686**System capability**: SystemCapability.Security.Huks.Extension 3687 3688**Parameters** 3689 3690| Name | Type | Mandatory| Description | 3691| ------- | ----------------------------------- | ---- | -------------------------------------------- | 3692| handle | number | Yes | Handle for the **update** operation. | 3693| token | Uint8Array | No | Token of the **update** operation. | 3694| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3695 3696**Return value** 3697 3698| Type | Description | 3699| ----------------------------------- | -------------------------------------------------- | 3700| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **update** operation result.| 3701 3702## huks.finish<sup>(deprecated)</sup> 3703 3704finish(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3705 3706Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3707 3708> **NOTE** 3709> 3710> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9). 3711 3712**System capability**: SystemCapability.Security.Huks.Extension 3713 3714**Parameters** 3715 3716| Name | Type | Mandatory| Description | 3717| -------- | ---------------------- | ---- | ------------------------------------- | 3718| handle | number | Yes | Handle for the **finish** operation.| 3719| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3720| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **finish** operation result.| 3721 3722## huks.finish<sup>(deprecated)</sup> 3723 3724finish(handle: number, options: HuksOptions) : Promise\<HuksResult> 3725 3726Finishes the key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3727 3728> **NOTE** 3729> 3730> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9-1). 3731 3732**System capability**: SystemCapability.Security.Huks.Extension 3733 3734**Parameters** 3735 3736| Name | Type | Mandatory| Description | 3737| -------- | ---------------------- | ---- | ------------------------------------- | 3738| handle | number | Yes | Handle for the **finish** operation.| 3739| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3740 3741**Return value** 3742 3743| Type | Description | 3744| ----------------------------------- | -------------------------------------------------- | 3745| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.| 3746 3747## huks.abort<sup>(deprecated)</sup> 3748 3749abort(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3750 3751Aborts the use of the key. This API uses an asynchronous callback to return the result. 3752 3753> **NOTE** 3754> 3755> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9). 3756 3757**System capability**: SystemCapability.Security.Huks.Extension 3758 3759**Parameters** 3760 3761| Name | Type | Mandatory| Description | 3762| -------- | ---------------------- | ---- | ------------------------------------- | 3763| handle | number | Yes | Handle for the **abort** operation.| 3764| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3765| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **abort** operation result.| 3766 3767**Example** 3768 3769```ts 3770import { huks } from '@kit.UniversalKeystoreKit'; 3771/* huks.init, huks.update, and huks.finish must be used together. 3772 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3773 * 3774 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 3775 */ 3776 3777let keyAlias = "HuksDemoRSA"; 3778let properties: Array<huks.HuksParam> = []; 3779let options: huks.HuksOptions = { 3780 properties: properties, 3781 inData: new Uint8Array(0) 3782}; 3783let handle: number = 0; 3784let resultMessage = ""; 3785async function generateKey() { 3786 properties[0] = { 3787 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3788 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3789 }; 3790 properties[1] = { 3791 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3792 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3793 }; 3794 properties[2] = { 3795 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3796 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3797 }; 3798 properties[3] = { 3799 tag: huks.HuksTag.HUKS_TAG_PADDING, 3800 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3801 }; 3802 properties[4] = { 3803 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3804 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3805 }; 3806 huks.generateKey(keyAlias, options); 3807} 3808function stringToUint8Array(str: string) { 3809 let arr: number[] = []; 3810 for (let i = 0, j = str.length; i < j; ++i) { 3811 arr.push(str.charCodeAt(i)); 3812 } 3813 let tmpUint8Array = new Uint8Array(arr); 3814 return tmpUint8Array; 3815} 3816async function huksInit() { 3817 await huks.init(keyAlias, options).then((data) => { 3818 console.info(`test init data: ${JSON.stringify(data)}`); 3819 handle = data.handle; 3820 }).catch((err) => { 3821 console.error("test init err information: " + JSON.stringify(err)) 3822 }) 3823} 3824async function huksUpdate() { 3825 options.inData = stringToUint8Array("huksHmacTest"); 3826 await huks.update(handle, options.inData, options).then((data) => { 3827 if (data.errorCode === 0) { 3828 resultMessage += "update success!"; 3829 } else { 3830 resultMessage += "update fail!"; 3831 } 3832 }); 3833 console.info(resultMessage); 3834} 3835function huksFinish() { 3836 options.inData = stringToUint8Array("HuksDemoHMAC"); 3837 huks.finish(handle, options).then((data) => { 3838 if (data.errorCode === 0) { 3839 resultMessage = "finish success!"; 3840 console.info(resultMessage); 3841 } else { 3842 resultMessage = "finish fail errorCode: " + data.errorCode; 3843 console.error(resultMessage); 3844 } 3845 }).catch((err) => { 3846 resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err) 3847 }); 3848} 3849async function huksAbort() { 3850 new Promise<huks.HuksResult>((resolve, reject) => { 3851 huks.abort(handle, options, (err, data) => { 3852 console.info(`huksAbort data ${JSON.stringify(data)}`); 3853 console.error(`huksAbort err ${JSON.stringify(err)}`); 3854 }); 3855 }); 3856} 3857``` 3858 3859## huks.abort<sup>(deprecated)</sup> 3860 3861abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; 3862 3863Aborts the use of the key. This API uses a promise to return the result. 3864 3865> **NOTE** 3866> 3867> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9-1). 3868 3869**System capability**: SystemCapability.Security.Huks.Extension 3870 3871**Parameters** 3872 3873| Name | Type | Mandatory| Description | 3874| -------- | ---------------------- | ---- | ------------------------------------- | 3875| handle | number | Yes | Handle for the **abort** operation.| 3876| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3877 3878**Return value** 3879 3880| Type | Description | 3881| ----------------------------------- | -------------------------------------------------- | 3882| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **abort** operation result.| 3883 3884**Example** 3885 3886```ts 3887import { huks } from '@kit.UniversalKeystoreKit'; 3888/* huks.init, huks.update, and huks.finish must be used together. 3889 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3890 * 3891 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 3892 */ 3893let keyAlias = "HuksDemoRSA"; 3894let properties: Array<huks.HuksParam> = []; 3895let options: huks.HuksOptions = { 3896 properties: properties, 3897 inData: new Uint8Array(0) 3898}; 3899let handle: number = 0; 3900let resultMessage = ""; 3901 3902function stringToUint8Array(str: string) { 3903 let arr: number[] = []; 3904 for (let i = 0, j = str.length; i < j; ++i) { 3905 arr.push(str.charCodeAt(i)); 3906 } 3907 let tmpUint8Array = new Uint8Array(arr); 3908 return tmpUint8Array; 3909} 3910 3911async function generateKey() { 3912 properties[0] = { 3913 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3914 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3915 }; 3916 properties[1] = { 3917 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3918 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3919 }; 3920 properties[2] = { 3921 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3922 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3923 }; 3924 properties[3] = { 3925 tag: huks.HuksTag.HUKS_TAG_PADDING, 3926 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3927 }; 3928 properties[4] = { 3929 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3930 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3931 }; 3932 huks.generateKey(keyAlias, options, (err, data) => { 3933 }); 3934} 3935 3936async function huksInit() { 3937 return new Promise<huks.HuksHandle>((resolve, reject) => { 3938 huks.init(keyAlias, options, async (err, data) => { 3939 if (data.errorCode === 0) { 3940 resultMessage = "init success!" 3941 handle = data.handle; 3942 } else { 3943 resultMessage = "init fail errorCode: " + data.errorCode 3944 } 3945 }); 3946 }); 3947} 3948 3949async function huksUpdate() { 3950 options.inData = stringToUint8Array("huksHmacTest"); 3951 new Promise<huks.HuksResult>((resolve, reject) => { 3952 huks.update(handle, options.inData, options, (err, data) => { 3953 if (data.errorCode === 0) { 3954 resultMessage += "update success!"; 3955 console.info(resultMessage); 3956 } else { 3957 resultMessage += "update fail!"; 3958 console.error(resultMessage); 3959 } 3960 }); 3961 }); 3962 3963} 3964 3965async function huksFinish() { 3966 options.inData = stringToUint8Array("0"); 3967 new Promise<huks.HuksResult>((resolve, reject) => { 3968 huks.finish(handle, options, (err, data) => { 3969 if (data.errorCode === 0) { 3970 resultMessage = "finish success!"; 3971 } else { 3972 resultMessage = "finish fail errorCode: " + data.errorCode; 3973 } 3974 }); 3975 }); 3976} 3977 3978function huksAbort() { 3979 huks.abort(handle, options).then((data) => { 3980 if (data.errorCode === 0) { 3981 console.info("abort success!"); 3982 } else { 3983 console.error("abort fail errorCode: " + data.errorCode); 3984 } 3985 }).catch((err: Error) => { 3986 console.error("abort fail, catch errorMessage:" + JSON.stringify(err)); 3987 }); 3988} 3989``` 3990 3991## HuksHandle<sup>(deprecated)</sup> 3992 3993Defines the struct for a HUKS handle. 3994 3995**System capability**: SystemCapability.Security.Huks.Extension 3996 3997> **NOTE** 3998> 3999> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle<sup>9+</sup>](#hukssessionhandle9). 4000 4001| Name | Type | Mandatory| Description | 4002| ---------- | ---------------- | ---- | -------- | 4003| errorCode | number | Yes | Error code.| 4004| handle | number | Yes| Value of the handle.| 4005| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.| 4006 4007## HuksResult<sup>(deprecated)</sup> 4008 4009Defines the **HuksResult** struct. 4010 4011**System capability**: SystemCapability.Security.Huks.Extension 4012 4013> **NOTE** 4014> 4015> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult<sup>9+</sup>](#huksreturnresult9). 4016> - For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 4017 4018| Name | Type | Mandatory| Description | 4019| ---------- | ------------------------------- | ---- | ---------------- | 4020| errorCode | number | Yes | Error code. | 4021| outData | Uint8Array | No | Output data. | 4022| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 4023| certChains | Array\<string> | No | Certificate chain information.| 4024 4025## HuksErrorCode<sup>(deprecated)</sup> 4026 4027Enumerates the error codes. 4028 4029**System capability**: SystemCapability.Security.Huks.Extension 4030 4031> **NOTE** 4032> 4033> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode<sup>9+</sup>](#huksexceptionerrcode9). 4034 4035| Name | Value | Description| 4036| -------------------------- | ----- | ---- | 4037| HUKS_SUCCESS | 0 |Success.| 4038| HUKS_FAILURE | -1 |Failure.| 4039| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.| 4040| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.| 4041| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.| 4042| HUKS_ERROR_NO_PERMISSION | -5 |No permission.| 4043| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.| 4044| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.| 4045| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.| 4046| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.| 4047| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.| 4048| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.| 4049| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.| 4050| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.| 4051| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.| 4052| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.| 4053| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.| 4054| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.| 4055| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.| 4056| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.| 4057| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.| 4058| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.| 4059| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.| 4060| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.| 4061| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.| 4062| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.| 4063| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.| 4064| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.| 4065| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.| 4066| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.| 4067| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.| 4068| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.| 4069| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.| 4070| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.| 4071| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.| 4072| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFuse.| 4073| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.| 4074| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.| 4075| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.| 4076| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. | 4077| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.| 4078| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.| 4079| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.| 4080| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.| 4081| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.| 4082| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.| 4083| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.| 4084| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).| 4085| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.| 4086| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.| 4087| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.| 4088| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.| 4089| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.| 4090| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.| 4091| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.| 4092| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.| 4093| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.| 4094| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.| 4095| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.| 4096| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.| 4097| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.| 4098| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.| 4099| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.| 4100| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.| 4101| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.| 4102| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.| 4103| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.| 4104