@ohos.security.huks (HUKS)
The HUKS module provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs.
NOTE
The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
Modules to Import
import huks from '@ohos.security.huks'
HuksParam
Defines the param in the properties array of options used in the APIs.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tag | HuksTag | Yes | Tag. |
| value | boolean|number|bigint|Uint8Array | Yes | Value of the tag. |
HuksOptions
Defines the options used in the APIs.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| properties | Array<HuksParam> | No | Properties used to hold the HuksParam array. |
| inData | Uint8Array | No | Input data. |
HuksSessionHandle9+
Defines the HUKS handle structure.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Value of the handle. |
| challenge | Uint8Array | No | Challenge obtained after the initSession operation. |
HuksReturnResult9+
Defines the HuksResult structure.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| outData | Uint8Array | No | Output data. |
| properties | Array<HuksParam> | No | Property information. |
| certChains | Array<string> | No | Certificate chain information. |
huks.generateKeyItem9+
generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void
Generates a key. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory. |
| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
/* Generate an ECC key of 256 bits. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
let options = {
properties: properties
};
try {
huks.generateKeyItem(keyAlias, options, function (error, data) {
if (error) {
console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: generateKeyItem key success`);
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.generateKeyItem9+
generateKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>
Generates a key. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory. |
Example
/* Generate an ECC key of 256 bits. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
let options = {
properties: properties
};
try {
huks.generateKeyItem(keyAlias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch(error => {
console.error(`promise: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.deleteKeyItem9+
deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void
Deletes a key. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias passed in when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.deleteKeyItem(keyAlias, emptyOptions, function (error, data) {
if (error) {
console.error(`callback: deleteKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: deleteKeyItem key success`);
}
});
} catch (error) {
console.error(`callback: deleteKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.deleteKeyItem9+
deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>
Deletes a key. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias passed in when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.deleteKeyItem(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: deleteKeyItem key success`);
})
.catch(error => {
console.error(`promise: deleteKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: deleteKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.getSdkVersion
getSdkVersion(options: HuksOptions) : string
Obtains the SDK version of the current system.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| options | HuksOptions | Yes | Empty object, which is used to hold the SDK version. |
Return value
| Type | Description |
|---|---|
| string | SDK version obtained. |
Example
/* Set options to emptyOptions. */
let emptyOptions = {
properties: []
};
let result = huks.getSdkVersion(emptyOptions);
huks.importKeyItem9+
importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void
Imports a key in plaintext. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory. |
| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
/* Import an AES key of 256 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value:huks.HuksKeyPadding.HUKS_PADDING_PKCS7
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let options = {
properties: properties,
inData: plainTextSize32
};
try {
huks.importKeyItem(keyAlias, options, function (error, data) {
if (error) {
console.error(`callback: importKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: importKeyItem success`);
}
});
} catch (error) {
console.error(`callback: importKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.importKeyItem9+
importKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>
Imports a key in plaintext. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory. |
Example
/* Import an AES key of 128 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value:huks.HuksKeyPadding.HUKS_PADDING_PKCS7
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let huksoptions = {
properties: properties,
inData: plainTextSize32
};
try {
huks.importKeyItem(keyAlias, huksoptions)
.then ((data) => {
console.info(`promise: importKeyItem success`);
})
.catch(error => {
console.error(`promise: importKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: importKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.attestKeyItem9+
attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void
Obtains the certificate used to verify a key. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. |
| options | HuksOptions | Yes | Parameters and data required for obtaining the certificate. |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey(alias) {
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
};
properties[6] = {
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
};
properties[7] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let options = {
properties: properties
};
try {
huks.generateKeyItem(alias, options, function (error, data) {
if (error) {
console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: generateKeyItem success`);
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function attestKey() {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
};
let options = {
properties: properties
};
await generateKey(aliasString);
try {
huks.attestKeyItem(aliasString, options, function (error, data) {
if (error) {
console.error(`callback: attestKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: attestKeyItem success`);
}
});
} catch (error) {
console.error(`callback: attestKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
huks.attestKeyItem9+
attestKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>
Obtains the certificate used to verify a key. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. |
| options | HuksOptions | Yes | Parameters and data required for obtaining the certificate. |
Return value
| Type | Description |
|---|---|
| Promise<HuksReturnResult> | Promise used to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey(alias) {
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
};
properties[6] = {
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
};
properties[7] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let options = {
properties: properties
};
try {
await huks.generateKeyItem(alias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch(error => {
console.error(`promise: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function attestKey() {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
};
let options = {
properties: properties
};
await generateKey(aliasString);
try {
await huks.attestKeyItem(aliasString, options)
.then ((data) => {
console.info(`promise: attestKeyItem success`);
})
.catch(error => {
console.error(`promise: attestKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: attestKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
huks.importWrappedKeyItem9+
importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void
Imports a wrapped key. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | HuksOptions | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory. |
| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. |
Example
import huks from '@ohos.security.huks';
let exportWrappingKey;
let alias1 = "importAlias";
let alias2 = "wrappingKeyAlias";
async function TestGenFunc(alias, options) {
try {
await genKey(alias, options)
.then((data) => {
console.info(`callback: generateKeyItem success`);
})
.catch(error => {
console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
function genKey(alias, options) {
return new Promise((resolve, reject) => {
try {
huks.generateKeyItem(alias, options, function (error, data) {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw(error);
}
});
}
async function TestExportFunc(alias, options) {
try {
await exportKey(alias, options)
.then ((data) => {
console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
exportWrappingKey = data.outData;
})
.catch(error => {
console.error(`callback: exportKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`callback: exportKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
function exportKey(alias, options) : Promise<huks.HuksReturnResult> {
return new Promise((resolve, reject) => {
try {
huks.exportKeyItem(alias, options, function (error, data) {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw(error);
}
});
}
async function TestImportWrappedFunc(alias, wrappingAlias, options) {
try {
await importWrappedKey(alias, wrappingAlias, options)
.then ((data) => {
console.info(`callback: importWrappedKeyItem success`);
})
.catch(error => {
console.error(`callback: importWrappedKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`callback: importWrappedKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
function importWrappedKey(alias, wrappingAlias, options) {
return new Promise((resolve, reject) => {
try {
huks.importWrappedKeyItem(alias, wrappingAlias, options, function (error, data) {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw(error);
}
});
}
async function TestImportWrappedKeyFunc(
alias,
wrappingAlias,
genOptions,
importOptions
) {
await TestGenFunc(wrappingAlias, genOptions);
await TestExportFunc(wrappingAlias, genOptions);
/*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here.
* For example, import **keyA**.
* 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**.
* 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**.
* 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**.
* 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**.
* 5. Generate the **importOptions.inData** field in the following format:
* keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 +
* nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 +
* kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 +
* nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 +
* Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc
*/
let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]);
importOptions.inData = inputKey;
await TestImportWrappedFunc(alias, wrappingAlias, importOptions);
}
function makeGenerateOptions() {
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR,
};
let options = {
properties: properties
};
return options;
};
function makeImportOptions() {
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
};
let options = {
properties: properties
};
return options;
};
function huksImportWrappedKey() {
let genOptions = makeGenerateOptions();
let importOptions = makeImportOptions();
TestImportWrappedKeyFunc(
alias1,
alias2,
genOptions,
importOptions
);
}
huks.importWrappedKeyItem9+
importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise<void>
Imports a wrapped key. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | HuksOptions | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory. |
Example
/* The process is similar as if a callback is used, except the following:*/
async function TestImportWrappedFunc(alias, wrappingAlias, options) {
try {
await huks.importWrappedKeyItem(alias, wrappingAlias, options)
.then ((data) => {
console.info(`promise: importWrappedKeyItem success`);
})
.catch(error => {
console.error(`promise: importWrappedKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: importWrappedKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
huks.exportKeyItem9+
exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void
Exports a key. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned. outData contains the public key exported. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.exportKeyItem(keyAlias, emptyOptions, function (error, data) {
if (error) {
console.error(`callback: exportKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: exportKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.exportKeyItem9+
exportKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>
Exports a key. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<HuksReturnResult> | Promise used to return the result. If the operation is successful, no err value is returned and outData contains the public key exported. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.exportKeyItem(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch(error => {
console.error(`promise: exportKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: exportKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.getKeyItemProperties9+
getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void
Obtains key properties. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the result. If the operation is successful, no err value is returned and properties contains the parameters required for generating the key. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.getKeyItemProperties(keyAlias, emptyOptions, function (error, data) {
if (error) {
console.error(`callback: getKeyItemProperties failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: getKeyItemProperties input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.getKeyItemProperties9+
getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>
Obtains key properties. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<HuksReturnResult> | Promise used to return the result. If the operation is successful, no err value is returned and properties contains the parameters required for generating the key. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.getKeyItemProperties(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
})
.catch(error => {
console.error(`promise: getKeyItemProperties failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: getKeyItemProperties input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.isKeyItemExist9+
isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback<boolean>) : void
Checks whether a key exists. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key to check. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<boolean> | Yes | Callback invoked to return the result. The value TRUE means that the key exists; FALSE means the opposite. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.isKeyItemExist(keyAlias, emptyOptions, function (error, data) {
if (error) {
console.error(`callback: isKeyItemExist failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: isKeyItemExist success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`promise: isKeyItemExist input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.isKeyItemExist9+
isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise<boolean>
Checks whether a key exists. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key to check. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value TRUE means that the key exists; FALSE means the opposite. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
try {
huks.isKeyItemExist(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: isKeyItemExist success, data = ${JSON.stringify(data)}`);
})
.catch(error => {
console.error(`promise: isKeyItemExist failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: isKeyItemExist input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
huks.initSession9+
initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksSessionHandle>) : void
Initializes the data for a key operation. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key involved in the initSession operation. |
| options | HuksOptions | Yes | Parameter set used for the initSession operation. |
| callback | AsyncCallback<HuksSessionHandle> | Yes | Callback invoked to return a session handle for subsequent operations. |
huks.initSession9+
initSession(keyAlias: string, options: HuksOptions) : Promise<HuksSessionHandle>
Initializes the data for a key operation. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key involved in the initSession operation. |
| options | HuksOptions | Yes | Parameter set used for the initSession operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksSessionHandle> | Promise used to return a session handle for subsequent operations. |
huks.updateSession9+
updateSession(handle: number, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the updateSession operation. |
| options | HuksOptions | Yes | Parameter set used for the updateSession operation. |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the updateSession operation result. |
huks.updateSession9+
updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback<HuksReturnResult>) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the updateSession operation. |
| options | HuksOptions | Yes | Parameter set used for the updateSession operation. |
| token | Uint8Array | Yes | Token of the updateSession operation. |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the updateSession operation result. |
huks.updateSession9+
updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise<HuksReturnResult>
Updates the key operation by segment. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the updateSession operation. |
| options | HuksOptions | Yes | Parameter set used for the updateSession operation. |
| token | Uint8Array | No | Token of the updateSession operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksReturnResult> | Promise used to return the updateSession operation result. |
huks.finishSession9+
finishSession(handle: number, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void
Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the finishSession operation. |
| options | HuksOptions | Yes | Parameter set used for the finishSession operation. |
| token | Uint8Array | Yes | Token of the finishSession operation. |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the finishSession operation result. |
huks.finishSession9+
finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback<HuksReturnResult>) : void
Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the finishSession operation. |
| options | HuksOptions | Yes | Parameter set used for the finishSession operation. |
| token | Uint8Array | Yes | Token of the finishSession operation. |
| callback | AsyncCallback<HuksReturnResult> | Yes | Callback invoked to return the finishSession operation result. |
huks.finishSession9+
finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise<HuksReturnResult>
Completes the key operation and releases resources. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the finishSession operation. |
| options | HuksOptions | Yes | Parameter set used for the finishSession operation. |
| token | Uint8Array | No | Token of the finishSession operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksReturnResult> | Promise used to return the result. |
huks.abortSession9+
abortSession(handle: number, options: HuksOptions, callback: AsyncCallback<void>) : void
Aborts a key operation. This API uses an asynchronous callback to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the abortSession operation. |
| options | HuksOptions | Yes | Parameter set used for the abortSession operation. |
| callback | AsyncCallback<void> | Yes | Callback that returns no value. |
Example
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
* If an error occurs in any of huks.initSession, huks.updateSession,
* and huks.finishSession operations,
* huks.abortSession must be called to terminate the use of the key.
*
* The following uses the callback of an RSA1024 key as an example.
*/
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
let keyAlias = "HuksDemoRSA";
let properties = new Array();
let options = {
properties: properties,
inData: new Uint8Array(0)
};
let handle;
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
try {
await huks.generateKeyItem(keyAlias, options, function (error, data) {
if (error) {
console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: generateKeyItem success`);
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksInit() {
console.log('enter huksInit');
try {
huks.initSession(keyAlias, options, function (error, data) {
if (error) {
console.error(`callback: initSession failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: initSession success, data = ${JSON.stringify(data)}`);
handle = data.handle;
}
});
} catch (error) {
console.error(`callback: initSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksUpdate() {
console.log('enter huksUpdate');
options.inData = stringToUint8Array("huksHmacTest");
try {
huks.updateSession(handle, options, function (error, data) {
if (error) {
console.error(`callback: updateSession failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: updateSession success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: updateSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksFinish() {
console.log('enter huksFinish');
options.inData = new Uint8Array(0);
try {
huks.finishSession(handle, options, function (error, data) {
if (error) {
console.error(`callback: finishSession failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: finishSession success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: finishSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksAbort() {
console.log('enter huksAbort');
try {
huks.abortSession(handle, options, function (error, data) {
if (error) {
console.error(`callback: abortSession failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: abortSession success`);
}
});
} catch (error) {
console.error(`callback: abortSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
huks.abortSession9+
abortSession(handle: number, options: HuksOptions) : Promise<void>;
Aborts a key operation. This API uses a promise to return the result.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the abortSession operation. |
| options | HuksOptions | Yes | Parameter set used for the abortSession operation. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise used to return the abortSession operation result. |
Example
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
* If an error occurs in any of huks.initSession, huks.updateSession,
* and huks.finishSession operations,
* huks.abortSession must be called to terminate the use of the key.
*
* The following uses the callback of an RSA1024 key as an example.
*/
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
let keyAlias = "HuksDemoRSA";
let properties = new Array();
let options = {
properties: properties,
inData: new Uint8Array(0)
};
let handle;
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
try {
await huks.generateKeyItem(keyAlias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch(error => {
console.error(`promise: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksInit() {
console.log('enter huksInit');
try {
await huks.initSession(keyAlias, options)
.then ((data) => {
console.info(`promise: initSession success, data = ${JSON.stringify(data)}`);
handle = data.handle;
})
.catch(error => {
console.error(`promise: initSession key failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: initSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksUpdate() {
console.log('enter huksUpdate');
options.inData = stringToUint8Array("huksHmacTest");
try {
await huks.updateSession(handle, options)
.then ((data) => {
console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`);
})
.catch(error => {
console.error(`promise: updateSession failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: updateSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksFinish() {
console.log('enter huksFinish');
options.inData = new Uint8Array(0);
try {
await huks.finishSession(handle, options)
.then ((data) => {
console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`);
})
.catch(error => {
console.error(`promise: finishSession failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: finishSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
async function huksAbort() {
console.log('enter huksAbort');
try {
await huks.abortSession(handle, options)
.then ((data) => {
console.info(`promise: abortSession success`);
})
.catch(error => {
console.error(`promise: abortSession failed, code: ${error.code}, msg: ${error.message}`);
});
} catch (error) {
console.error(`promise: abortSession input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
}
HuksExceptionErrCode9+
Enumerates the error codes.
For details about the error codes, see KUKS Error Codes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed. |
| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. |
| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported. |
| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported. |
| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing. |
| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected. |
| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed. |
| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed. |
| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library. |
| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired. |
| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed. |
| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out. |
| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit. |
| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist. |
| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs. |
| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist. |
| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient. |
| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services. |
HuksKeyPurpose
Enumerates the key purposes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext. |
| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text. |
| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing. |
| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature. |
| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key. |
| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export. |
| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import. |
| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC). |
| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement. |
HuksKeyDigest
Enumerates the digest algorithms.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_DIGEST_NONE | 0 | No digest algorithm |
| HUKS_DIGEST_MD5 | 1 | MD5 |
| HUKS_DIGEST_SM39+ | 2 | SM3 |
| HUKS_DIGEST_SHA1 | 10 | SHA-1 |
| HUKS_DIGEST_SHA224 | 11 | SHA-224 |
| HUKS_DIGEST_SHA256 | 12 | SHA-256 |
| HUKS_DIGEST_SHA384 | 13 | SHA-384 |
| HUKS_DIGEST_SHA512 | 14 | SHA-512 |
HuksKeyPadding
Enumerates the padding algorithms.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_PADDING_NONE | 0 | No padding algorithm |
| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP) |
| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS) |
| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5 |
| HUKS_PADDING_PKCS5 | 4 | PKCS #5 |
| HUKS_PADDING_PKCS7 | 5 | PKCS #7 |
HuksCipherMode
Enumerates the cipher modes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode |
| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode |
| HUKS_MODE_CTR | 3 | Counter (CTR) mode |
| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode |
| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode |
| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode |
HuksKeySize
Enumerates the key sizes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits |
| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits |
| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits |
| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits |
| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits |
| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits |
| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits |
| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits |
| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits |
| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits |
| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits |
| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits |
| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits |
| HUKS_AES_KEY_SIZE_512 | 512 | AES key of 512 bits |
| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits |
| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits |
| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits |
| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits |
| HUKS_SM2_KEY_SIZE_2569+ | 256 | ShangMi2 (SM2) key of 256 bits |
| HUKS_SM4_KEY_SIZE_1289+ | 128 | ShangMi4 (SM4) key of 128 bits |
HuksKeyAlg
Enumerates the key algorithms.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_ALG_RSA | 1 | RSA |
| HUKS_ALG_ECC | 2 | ECC |
| HUKS_ALG_DSA | 3 | DSA |
| HUKS_ALG_AES | 20 | AES |
| HUKS_ALG_HMAC | 50 | HMAC |
| HUKS_ALG_HKDF | 51 | HKDF |
| HUKS_ALG_PBKDF2 | 52 | PBKDF2 |
| HUKS_ALG_ECDH | 100 | ECDH |
| HUKS_ALG_X25519 | 101 | X25519 |
| HUKS_ALG_ED25519 | 102 | ED25519 |
| HUKS_ALG_DH | 103 | DH |
| HUKS_ALG_SM29+ | 150 | SM2 |
| HUKS_ALG_SM39+ | 151 | SM3 |
| HUKS_ALG_SM49+ | 152 | SM4 |
HuksKeyGenerateType
Enumerates the key generation types.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default. |
| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key. |
| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement. |
HuksKeyFlag
Enumerates the key generation modes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. |
| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. |
| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API. |
| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API. |
HuksKeyStorageType
Enumerates the key storage modes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_STORAGE_TEMP | 0 | The key is managed locally. |
| HUKS_STORAGE_PERSISTENT | 1 | The key is managed by the HUKS service. |
HuksSendType
Enumerates the tag transfer modes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously. |
| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously. |
HuksUnwrapSuite9+
Enumerates the algorithm suites used for importing an encrypted key.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key. |
| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. |
HuksImportKeyType9+
Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key |
| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key |
| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair |
HuksUserAuthType9+
Enumerates the user authentication types.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_USER_AUTH_TYPE_FINGERPRINT | 1 << 0 | Fingerprint authentication. |
| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication. |
| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication. |
HuksAuthAccessType9+
Enumerates the access control types.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. |
| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added. |
HuksChallengeType9+
Enumerates the types of the challenges generated when a key is used.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default. |
| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys. |
| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required. |
HuksChallengePosition9+
Enumerates the positions of the 8-byte valid value in a custom challenge generated.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7. |
| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15. |
| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23. |
| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31. |
HuksSecureSignType9+
Defines the signature type of the key generated or imported.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed. |
HuksTagType
Enumerates the tag data types.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. |
| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. |
| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type. |
| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. |
| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. |
| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. |
HuksTag
Enumerates the tags used to invoke parameters.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_TAG_INVALID | HuksTagType.HUKS_TAG_TYPE_INVALID | 0 | Invalid tag. |
| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT | 1 | Algorithm. |
| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT | 2 | Purpose of the key. |
| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT | 3 | Key size. |
| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT | 4 | Digest algorithm. |
| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT | 5 | Padding algorithm. |
| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT | 6 | Cipher mode. |
| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT | 7 | Key type. |
| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES | 8 | Associated authentication data. |
| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES | 9 | Field for key encryption and decryption. |
| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES | 10 | IV. |
| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES | 11 | Information generated during key derivation. |
| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES | 12 | Salt value used for key derivation. |
| HUKS_TAG_PWD | HuksTagType.HUKS_TAG_TYPE_BYTES | 13 | Password used for key derivation. |
| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT | 14 | Number of iterations for key derivation. |
| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT | 15 | Key generation type. |
| HUKS_TAG_DERIVE_MAIN_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES | 16 | Main key for key derivation. |
| HUKS_TAG_DERIVE_FACTOR | HuksTagType.HUKS_TAG_TYPE_BYTES | 17 | Factor for key derivation. |
| HUKS_TAG_DERIVE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT | 18 | Type of the algorithm used for key derivation. |
| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT | 19 | Type of the algorithm used for key agreement. |
| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL | 20 | Public key alias used in key agreement. |
| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES | 21 | Private key alias used in key agreement. |
| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES | 22 | Public key used in key agreement. |
| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES | 23 | Key alias. |
| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT | 24 | Size of the derived key. |
| HUKS_TAG_IMPORT_KEY_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 25 | Type of the imported key. |
| HUKS_TAG_UNWRAP_ALGORITHM_SUITE9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 26 | Algorithm suite required for encrypted imports. |
| HUKS_TAG_ACTIVE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG | 201 | Reserved. |
| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG | 202 | Reserved. |
| HUKS_TAG_USAGE_EXPIRE_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG | 203 | Reserved. |
| HUKS_TAG_CREATION_DATETIME | HuksTagType.HUKS_TAG_TYPE_ULONG | 204 | Reserved. |
| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL | 301 | Reserved. |
| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT | 302 | Reserved. |
| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL | 303 | Reserved. |
| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT | 304 | User authentication type. For details, see HuksUserAuthType. This parameter must be set together with HuksAuthAccessType. You can set a maximum of two user authentication types at a time. For example, if HuksAuthAccessType is HKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL, you can set two of HKS_USER_AUTH_TYPE_FACE, HKS_USER_AUTH_TYPE_FINGERPRINT, and HKS_USER_AUTH_TYPE_FACE. |
| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT | 305 | Reserved. |
| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES | 306 | Reserved. |
| HUKS_TAG_KEY_AUTH_ACCESS_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 307 | Access control type. For details, see HuksAuthAccessType. This parameter must be set together with HuksUserAuthType. |
| HUKS_TAG_KEY_SECURE_SIGN_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 308 | Signature type of the key generated or imported. |
| HUKS_TAG_CHALLENGE_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 309 | Type of the challenge generated for a key. For details, see HuksChallengeType. |
| HUKS_TAG_CHALLENGE_POS9+ | HuksTagType.HUKS_TAG_TYPE_UINT | 310 | Position of the 8-byte valid value in a custom challenge. For details, see HuksChallengePosition. |
| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES | 501 | Challenge value used in the attestation. |
| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES | 502 | Application ID used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_BRAND | HuksTagType.HUKS_TAG_TYPE_BYTES | 503 | Brand of the device. |
| HUKS_TAG_ATTESTATION_ID_DEVICE | HuksTagType.HUKS_TAG_TYPE_BYTES | 504 | ID of the device. |
| HUKS_TAG_ATTESTATION_ID_PRODUCT | HuksTagType.HUKS_TAG_TYPE_BYTES | 505 | Product name of the device. |
| HUKS_TAG_ATTESTATION_ID_SERIAL | HuksTagType.HUKS_TAG_TYPE_BYTES | 506 | SN of the device. |
| HUKS_TAG_ATTESTATION_ID_IMEI | HuksTagType.HUKS_TAG_TYPE_BYTES | 507 | International mobile equipment identity (IMEI) of the device. |
| HUKS_TAG_ATTESTATION_ID_MEID | HuksTagType.HUKS_TAG_TYPE_BYTES | 508 | Mobile equipment identity (MEID) of the device. |
| HUKS_TAG_ATTESTATION_ID_MANUFACTURER | HuksTagType.HUKS_TAG_TYPE_BYTES | 509 | Manufacturer of the device. |
| HUKS_TAG_ATTESTATION_ID_MODEL | HuksTagType.HUKS_TAG_TYPE_BYTES | 510 | Device model. |
| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES | 511 | Key alias used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_SOCID | HuksTagType.HUKS_TAG_TYPE_BYTES | 512 | System-on-a-chip (SoCID) of the device. |
| HUKS_TAG_ATTESTATION_ID_UDID | HuksTagType.HUKS_TAG_TYPE_BYTES | 513 | Unique device identifier (UDID) of the device. |
| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES | 514 | Security level used in the attestation. |
| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES | 515 | Version information used in the attestation. |
| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL | 1001 | Whether to use the alias passed in during key generation. |
| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT | 1002 | Key storage mode. |
| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL | 1003 | Reserved. |
| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT | 1004 | Reserved. |
| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES | 1005 | Reserved. |
| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT | 1006 | Reserved. |
| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT | 1007 | Flag of the key. |
| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT | 1008 | Reserved. |
| HUKS_TAG_SECURE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL | 1009 | Reserved. |
| HUKS_TAG_SECURE_KEY_UUID | HuksTagType.HUKS_TAG_TYPE_BYTES | 1010 | Reserved. |
| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT | 1011 | Reserved. |
| HUKS_TAG_PROCESS_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES | 10001 | Process name. |
| HUKS_TAG_PACKAGE_NAME | HuksTagType.HUKS_TAG_TYPE_BYTES | 10002 | Reserved. |
| HUKS_TAG_ACCESS_TIME | HuksTagType.HUKS_TAG_TYPE_UINT | 10003 | Reserved. |
| HUKS_TAG_USES_TIME | HuksTagType.HUKS_TAG_TYPE_UINT | 10004 | Reserved. |
| HUKS_TAG_CRYPTO_CTX | HuksTagType.HUKS_TAG_TYPE_ULONG | 10005 | Reserved. |
| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES | 10006 | Reserved. |
| HUKS_TAG_KEY_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT | 10007 | Key version. |
| HUKS_TAG_PAYLOAD_LEN | HuksTagType.HUKS_TAG_TYPE_UINT | 10008 | Reserved. |
| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES | 10009 | Reserved. |
| HUKS_TAG_IS_KEY_HANDLE | HuksTagType.HUKS_TAG_TYPE_ULONG | 10010 | Reserved. |
| HUKS_TAG_OS_VERSION | HuksTagType.HUKS_TAG_TYPE_UINT | 10101 | OS version. |
| HUKS_TAG_OS_PATCHLEVEL | HuksTagType.HUKS_TAG_TYPE_UINT | 10102 | OS patch level. |
| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES | 20001 | Reserved. |
| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES | 20002 | Reserved. |
| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES | 20003 | Reserved. |
huks.generateKey(deprecated)
generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Generates a key. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.generateKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for generating the key. |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code defined in HuksResult is returned. |
Example
/* Generate an RSA key of 512 bits. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
let options = {
properties: properties
};
huks.generateKey(keyAlias, options, function (err, data){});
huks.generateKey(deprecated)
generateKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>
Generates a key. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.generateKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for generating the key. |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code is returned. |
Example
/* Generate an ECC key of 256 bits. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
let options = {
properties: properties
};
let result = huks.generateKey(keyAlias, options);
huks.deleteKey(deprecated)
deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Deletes a key. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.deleteKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias passed in when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
huks.deleteKey(keyAlias, emptyOptions, function (err, data) {});
huks.deleteKey(deprecated)
deleteKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>
Deletes a key. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.deleteKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias passed in when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
let result = huks.deleteKey(keyAlias, emptyOptions);
huks.importKey(deprecated)
importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Imports a key in plaintext. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.importKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for the import and key to import. |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code is returned. |
Example
/* Import an AES key of 256 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value:huks.HuksKeyPadding.HUKS_PADDING_PKCS7
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let options = {
properties: properties,
inData: plainTextSize32
};
huks.importKey(keyAlias, options, function (err, data){});
huks.importKey(deprecated)
importKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>
Imports a key in plaintext. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.importKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key. |
| options | HuksOptions | Yes | Tags required for the import and key to import. |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned; otherwise, an error code is returned. |
Example
/* Import an AES key of 128 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value:huks.HuksKeyPadding.HUKS_PADDING_PKCS7
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
};
let huksoptions = {
properties: properties,
inData: plainTextSize32
};
let result = huks.importKey(keyAlias, huksoptions);
huks.exportKey(deprecated)
exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Exports a key. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.exportKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned and outData contains the public key exported. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
huks.exportKey(keyAlias, emptyOptions, function (err, data){});
huks.exportKey(deprecated)
exportKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>
Exports a key. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.exportKeyItem9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned and outData contains the public key exported. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
let result = huks.exportKey(keyAlias, emptyOptions);
huks.getKeyProperties(deprecated)
getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Obtains key properties. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.getKeyItemProperties9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the result. If the operation is successful, errorCode is HUKS_SUCCESS; otherwise, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
huks.getKeyProperties(keyAlias, emptyOptions, function (err, data){});
huks.getKeyProperties(deprecated)
getKeyProperties(keyAlias: string, options: HuksOptions) : Promise<HuksResult>
Obtains key properties. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.getKeyItemProperties9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. If the operation is successful, errorCode is HUKS_SUCCESS and properties contains the parameters required for generating the key. If the operation fails, an error code is returned. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
let result = huks.getKeyProperties(keyAlias, emptyOptions);
huks.isKeyExist(deprecated)
isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback<boolean>) : void
Checks whether a key exists. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.isKeyItemExist9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key to check. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<boolean> | Yes | Callback invoked to return the result. The value TRUE means that the key exists; FALSE means the opposite. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
huks.isKeyExist(keyAlias, emptyOptions, function (err, data){});
huks.isKeyExist(deprecated)
isKeyExist(keyAlias: string, options: HuksOptions) : Promise<boolean>
Checks whether a key exists. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.isKeyItemExist9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the key to check. |
| options | HuksOptions | Yes | Empty object (leave this parameter empty). |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. The value TRUE means that the key exists; FALSE means the opposite. |
Example
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions = {
properties: []
};
let result = huks.isKeyExist(keyAlias, emptyOptions);
huks.init(deprecated)
init(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksHandle>) : void
Initializes the data for a key operation. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.initSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the target key. |
| options | HuksOptions | Yes | Parameter set used for the init operation. |
| callback | AsyncCallback<HuksHandle> | Yes | Callback invoked to return a session handle for subsequent operations. |
huks.init(deprecated)
init(keyAlias: string, options: HuksOptions) : Promise<HuksHandle>
Initializes the data for a key operation. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.initSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| keyAlias | string | Yes | Alias of the target key. |
| options | HuksOptions | Yes | Parameter set used for the init operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksHandle> | Promise used to return a session handle for subsequent operations. |
huks.update(deprecated)
update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.updateSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the update operation. |
| token | Uint8Array | No | Token of the update operation. |
| options | HuksOptions | Yes | Parameter set used for the update operation. |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the update operation result. |
huks.update(deprecated)
update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise<HuksResult>;
Updates the key operation by segment. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.updateSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the update operation. |
| token | Uint8Array | No | Token of the update operation. |
| options | HuksOptions | Yes | Parameter set used for the update operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the update operation result. |
huks.finish(deprecated)
finish(handle: number, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.finishSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the finish operation. |
| options | HuksOptions | Yes | Parameter set used for the finish operation. |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the finish operation result. |
huks.finish(deprecated)
finish(handle: number, options: HuksOptions) : Promise<HuksResult>
Completes the key operation and releases resources. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.
NOTE
This API is deprecated since API version 9. You are advised to use huks.finishSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the finish operation. |
| options | HuksOptions | Yes | Parameter set used for the finish operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the result. |
huks.abort(deprecated)
abort(handle: number, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void
Aborts the use of the key. This API uses an asynchronous callback to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.abortSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the abort operation. |
| options | HuksOptions | Yes | Parameter set used for the abort operation. |
| callback | AsyncCallback<HuksResult> | Yes | Callback invoked to return the abort operation result. |
Example
/* huks.init, huks.update, and huks.finish must be used together.
* If an error occurs in any of them, huks.abort must be called to terminate the use of the key.
*
* The following uses the callback of an RSA 1024 key as an example.
*/
let keyalias = "HuksDemoRSA";
let properties = new Array();
let options = {
properties: properties,
inData: new Uint8Array(0)
};
let handle;
let resultMessage = "";
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
huks.generateKey(keyalias, options);
}
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function huksInit() {
await huks.init(keyalias, options).then((data) => {
console.log(`test init data: ${JSON.stringify(data)}`);
handle = data.handle;
}).catch((err) => {
console.log("test init err information: " + JSON.stringify(err))
})
}
async function huksUpdate() {
options.inData = stringToUint8Array("huksHmacTest");
await huks.update(handle, options).then((data) => {
if (data.errorCode === 0) {
resultMessage += "update success!";
} else {
resultMessage += "update fail!";
}
});
console.log(resultMessage);
}
function huksFinish() {
options.inData = stringToUint8Array("HuksDemoHMAC");
huks.finish(handle, options).then((data) => {
if (data.errorCode === 0) {
resultMessage = "finish success!";
} else {
resultMessage = "finish fail errorCode: " + data.errorCode;
}
}).catch((err) => {
resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err)
});
console.log(resultMessage);
}
async function huksAbort() {
huks.abort(handle, options).then((data) => {
if (data.errorCode === 0) {
resultMessage = "abort success!";
} else {
resultMessage = "abort fail errorCode: " + data.errorCode;
}
}).catch((err) => {
resultMessage = "Failed to abort the use of the key. catch errorMessage:" + JSON.stringify(err)
});
console.log(resultMessage);
}
huks.abort(deprecated)
abort(handle: number, options: HuksOptions) : Promise<HuksResult>;
Aborts the use of the key. This API uses a promise to return the result.
NOTE
This API is deprecated since API version 9. You are advised to use huks.abortSession9+.
System capability: SystemCapability.Security.Huks
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| handle | number | Yes | Handle for the abort operation. |
| options | HuksOptions | Yes | Parameter set used for the abort operation. |
Return value
| Type | Description |
|---|---|
| Promise<HuksResult> | Promise used to return the abort operation result. |
Example
/* huks.init, huks.update, and huks.finish must be used together.
* If an error occurs in any of them, huks.abort must be called to terminate the use of the key.
*
* The following uses the promise of an RSA 1024-bit key as an example.
*/
let keyalias = "HuksDemoRSA";
let properties = new Array();
let options = {
properties: properties,
inData: new Uint8Array(0)
};
let handle;
let resultMessage = "";
function stringToUint8Array(str) {
let arr = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
huks.generateKey(keyalias, options, function (err, data) { });
}
async function huksInit() {
return new Promise((resolve, reject) => {
huks.init(keyalias, options, async function (err, data) {
if (data.errorCode === 0) {
resultMessage = "init success!"
handle = data.handle;
} else {
resultMessage = "init fail errorCode: " + data.errorCode
}
});
});
}
async function huksUpdate() {
options.inData = stringToUint8Array("huksHmacTest");
new Promise((resolve, reject) => {
huks.update(handle, options, function (err, data) {
if (data.errorCode === 0) {
resultMessage += "update success!";
} else {
resultMessage += "update fail!";
}
});
});
console.log(resultMessage);
}
async function huksFinish() {
options.inData = stringToUint8Array("0");
new Promise((resolve, reject) => {
huks.finish(handle, options, function (err, data) {
if (data.errorCode === 0) {
resultMessage = "finish success!";
} else {
resultMessage = "finish fail errorCode: " + data.errorCode;
}
});
});
}
function huksAbort() {
new Promise((resolve, reject) => {
huks.abort(handle, options, function (err, data) {
console.log(`Huks_Demo hmac huksAbort1 data ${JSON.stringify(data)}`);
console.log(`Huks_Demo hmac huksAbort1 err ${JSON.stringify(err)}`);
});
});
}
HuksHandle(deprecated)
Defines the HUKS handle structure.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| errorCode | number | Yes | Error code. |
| handle | number | Yes | Value of the handle. |
| token | Uint8Array | No | Challenge obtained after the init operation. |
HuksResult(deprecated)
Defines the HuksResult structure.
System capability: SystemCapability.Security.Huks
| Name | Type | Mandatory | Description |
|---|---|---|---|
| errorCode | number | Yes | Error code. |
| outData | Uint8Array | No | Output data. |
| properties | Array<HuksParam> | No | Property information. |
| certChains | Array<string> | No | Certificate chain information. |
HuksErrorCode(deprecated)
Enumerates the error codes.
System capability: SystemCapability.Security.Huks
| Name | Value | Description |
|---|---|---|
| HUKS_SUCCESS | 0 | Success. |
| HUKS_FAILURE | -1 | Failure. |
| HUKS_ERROR_BAD_STATE | -2 | Incorrect state. |
| HUKS_ERROR_INVALID_ARGUMENT | -3 | Invalid argument. |
| HUKS_ERROR_NOT_SUPPORTED | -4 | Not supported. |
| HUKS_ERROR_NO_PERMISSION | -5 | No permission. |
| HUKS_ERROR_INSUFFICIENT_DATA | -6 | Insufficient data. |
| HUKS_ERROR_BUFFER_TOO_SMALL | -7 | Insufficient buffer. |
| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 | Insufficient memory. |
| HUKS_ERROR_COMMUNICATION_FAILURE | -9 | Communication failure. |
| HUKS_ERROR_STORAGE_FAILURE | -10 | Insufficient storage space. |
| HUKS_ERROR_HARDWARE_FAILURE | -11 | Hardware fault. |
| HUKS_ERROR_ALREADY_EXISTS | -12 | The object already exists. |
| HUKS_ERROR_NOT_EXIST | -13 | The object does not exist. |
| HUKS_ERROR_NULL_POINTER | -14 | Null pointer. |
| HUKS_ERROR_FILE_SIZE_FAIL | -15 | Incorrect file size. |
| HUKS_ERROR_READ_FILE_FAIL | -16 | Failed to read the file. |
| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 | Invalid public key. |
| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 | Invalid private key. |
| HUKS_ERROR_INVALID_KEY_INFO | -19 | Invalid key information. |
| HUKS_ERROR_HASH_NOT_EQUAL | -20 | The hash values are not equal. |
| HUKS_ERROR_MALLOC_FAIL | -21 | MALLOC failed. |
| HUKS_ERROR_WRITE_FILE_FAIL | -22 | Failed to write the file. |
| HUKS_ERROR_REMOVE_FILE_FAIL | -23 | Failed to delete the file. |
| HUKS_ERROR_OPEN_FILE_FAIL | -24 | Failed to open the file. |
| HUKS_ERROR_CLOSE_FILE_FAIL | -25 | Failed to close the file. |
| HUKS_ERROR_MAKE_DIR_FAIL | -26 | Failed to create the directory. |
| HUKS_ERROR_INVALID_KEY_FILE | -27 | Invalid key file. |
| HUKS_ERROR_IPC_MSG_FAIL | -28 | Incorrect IPC information. |
| HUKS_ERROR_REQUEST_OVERFLOWS | -29 | Request overflows. |
| HUKS_ERROR_PARAM_NOT_EXIST | -30 | The parameter does not exist. |
| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 | CRYPTO ENGINE error. |
| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 | Communication timed out. |
| HUKS_ERROR_IPC_INIT_FAIL | -33 | IPC initialization failed. |
| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 | IPC DLOPEN failed. |
| HUKS_ERROR_EFUSE_READ_FAIL | -35 | Failed to read eFUSE. |
| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 | New root key material exists. |
| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 | Failed to update the root key material. |
| HUKS_ERROR_VERIFICATION_FAILED | -38 | Failed to verify the certificate chain. |
| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 | Failed to obtain the ALG. |
| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 | Failed to obtain the key size. |
| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 | Failed to obtain the padding algorithm. |
| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 | Failed to obtain the key purpose. |
| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 | Failed to obtain the digest algorithm. |
| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 | Failed to obtain the cipher mode. |
| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 | Failed to obtain the nonce. |
| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 | Failed to obtain the AAD. |
| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 | Failed to obtain the initialization vector (IV). |
| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 | Failed to obtain the AE flag. |
| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 | Failed to obtain the salt value. |
| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 | Failed to obtain the number of iterations. |
| HUKS_ERROR_INVALID_ALGORITHM | -112 | Invalid algorithm. |
| HUKS_ERROR_INVALID_KEY_SIZE | -113 | Invalid key size. |
| HUKS_ERROR_INVALID_PADDING | -114 | Invalid padding algorithm. |
| HUKS_ERROR_INVALID_PURPOSE | -115 | Invalid key purpose. |
| HUKS_ERROR_INVALID_MODE | -116 | Invalid cipher mode. |
| HUKS_ERROR_INVALID_DIGEST | -117 | Invalid digest algorithm. |
| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 | Invalid signature size. |
| HUKS_ERROR_INVALID_IV | -119 | Invalid IV. |
| HUKS_ERROR_INVALID_AAD | -120 | Invalid AAD. |
| HUKS_ERROR_INVALID_NONCE | -121 | Invalid nonce. |
| HUKS_ERROR_INVALID_AE_TAG | -122 | Invalid AE tag. |
| HUKS_ERROR_INVALID_SALT | -123 | Invalid salt value. |
| HUKS_ERROR_INVALID_ITERATION | -124 | Invalid iteration count. |
| HUKS_ERROR_INVALID_OPERATION | -125 | Invalid operation. |
| HUKS_ERROR_INTERNAL_ERROR | -999 | Internal error. |
| HUKS_ERROR_UNKNOWN_ERROR | -1000 | Unknown error. |