@ohos.security.huks (HUKS)

The HUKS module provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs.

NOTE

The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.

Modules to Import

import huks from '@ohos.security.huks'

HuksParam

Defines the param in the properties array of options used in the APIs.

System capability: SystemCapability.Security.Huks.Core

Name Type Mandatory Description
tag HuksTag Yes Tag.
value boolean|number|bigint|Uint8Array Yes Value of the tag.

HuksOptions

Defines the options used in the APIs.

System capability: SystemCapability.Security.Huks.Core

Name Type Mandatory Description
properties Array<HuksParam> No Properties used to hold the HuksParam array.
inData Uint8Array No Input data.

HuksSessionHandle9+

Defines the HUKS handle structure.

System capability: SystemCapability.Security.Huks.Core

Name Type Mandatory Description
handle number Yes Value of the handle.
challenge Uint8Array No Challenge obtained after the initSession operation.

HuksReturnResult9+

Defines the HuksResult struct.

System capability: SystemCapability.Security.Huks.Core

Name Type Mandatory Description
outData Uint8Array No Output data.
properties Array<HuksParam> No Property information.
certChains Array<string> No Certificate chain information.

huks.generateKeyItem9+

generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void

Generates a key. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.
callback AsyncCallback<void> Yes Callback invoked to return the result. If no error is captured, the key is successfully generated. In this case, the API does not return the key content because the key is always protected in a TEE. If an error is captured, an exception occurs in the generation process.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

import huks from '@ohos.security.huks';
/* Generate an ECC key of 256 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let keyAlias: string = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_ECC
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
    },
    {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    },
];
let options: huks.HuksOptions = {
    properties: properties
};
try {
    huks.generateKeyItem(keyAlias, options, (error, data) => {
        if (error) {
            console.error(`callback: generateKeyItem failed`);
        } else {
            console.info(`callback: generateKeyItem key success`);
        }
    });
} catch (error) {
    console.error(`callback: generateKeyItem input arg invalid`);
}

huks.generateKeyItem9+

generateKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>

Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

/* Generate an ECC key of 256 bits. */
import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_ECC
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
    },
    {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    },
];
let options: huks.HuksOptions = {
    properties: properties
};
try {
    huks.generateKeyItem(keyAlias, options)
        .then((data) => {
            console.info(`promise: generateKeyItem success`);
        })
        .catch((error: BusinessError) => {
            console.error(`promise: generateKeyItem failed`);
        });
} catch (error) {
    console.error(`promise: generateKeyItem input arg invalid`);
}

huks.deleteKeyItem9+

deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void

Deletes a key. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key to delete. It must be the key alias passed in when the key was generated.
options HuksOptions Yes Properties of the key to delete, for example, whether to delete all keys or a single key. To delete a single key, pass in an empty properties.
callback AsyncCallback<void> Yes Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000004 operating file failed.
12000005 IPC communication failed.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => {
        if (error) {
            console.error(`callback: deleteKeyItem failed`);
        } else {
            console.info(`callback: deleteKeyItem key success`);
        }
    });
} catch (error) {
    console.error(`callback: deleteKeyItem input arg invalid`);
}

huks.deleteKeyItem9+

deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>

Deletes a key. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias passed in when the key was generated.
options HuksOptions Yes Properties of the key to delete, for example, whether to delete all keys or a single key. To delete a single key, pass in an empty properties.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000004 operating file failed.
12000005 IPC communication failed.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.deleteKeyItem(keyAlias, emptyOptions)
        .then ((data) => {
            console.info(`promise: deleteKeyItem key success`);
        })
        .catch((error: BusinessError) => {
            console.error(`promise: deleteKeyItem failed`);
        });
} catch (error) {
    console.error(`promise: deleteKeyItem input arg invalid`);
}

huks.getSdkVersion

getSdkVersion(options: HuksOptions) : string

Obtains the SDK version of the current system.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
options HuksOptions Yes Empty object, which is used to hold the SDK version.

Return value

Type Description
string SDK version obtained.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let emptyOptions: huks.HuksOptions = {
    properties: []
};
let result = huks.getSdkVersion(emptyOptions);

huks.importKeyItem9+

importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void

Imports a key in plaintext. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.
callback AsyncCallback<void> Yes Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

import huks from '@ohos.security.huks';
/* Import an AES key of 256 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding |
    huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
    let arr = new Uint8Array(size);
    for (let i = 0; i < size; i++) {
        arr[i] = Math.floor(Math.random() * 10);
    }
    return arr;
};
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_AES
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
    },
    {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB
    }
];
let options: huks.HuksOptions = {
    properties: properties,
    inData: plainTextSize32
};
try {
    huks.importKeyItem(keyAlias, options, (error, data) => {
        if (error) {
            console.error(`callback: importKeyItem failed`);
        } else {
            console.info(`callback: importKeyItem success`);
        }
    });
} catch (error) {
    console.error(`callback: importKeyItem input arg invalid`);
}

huks.importKeyItem9+

importKeyItem(keyAlias: string, options: HuksOptions) : Promise<void>

Imports a key in plaintext. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* Import an AES key of 128 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding |
    huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
    let arr = new Uint8Array(size);
    for (let i = 0; i < size; i++) {
        arr[i] = Math.floor(Math.random() * 10);
    }
    return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_AES
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
    },
    {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB
    }
];
let huksoptions: huks.HuksOptions = {
    properties: properties,
    inData: plainTextSize32
};
try {
    huks.importKeyItem(keyAlias, huksoptions)
        .then((data) => {
            console.info(`promise: importKeyItem success`);
        })
        .catch((error: BusinessError) => {
            console.error(`promise: importKeyItem failed`);
        });
} catch (error) {
    console.error(`promise: importKeyItem input arg invalid`);
}

huks.attestKeyItem9+

attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void

Obtains the certificate used to verify a key. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key. The certificate to be obtained stores the key.
options HuksOptions Yes Parameters and data required for obtaining the certificate.
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
201 check permission failed.
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest |
    huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType |
    huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}

async function generateKeyThenattestKey(alias: string) {
    let aliasString = keyAliasString;
    let aliasUint8 = stringToUint8Array(aliasString);
    let generateProperties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_RSA
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
            value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_PSS
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
            value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_ECB
        }
    ];
    let generateOptions: huks.HuksOptions = {
        properties: generateProperties
    };
    let attestProperties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
            value: securityLevel
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
            value: challenge
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
            value: versionInfo
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
            value: aliasUint8
        }
    ];
    let attestOptions: huks.HuksOptions = {
        properties: attestProperties
    };
    try {
        huks.generateKeyItem(alias, generateOptions, (error, data) => {
            if (error) {
                console.error(`callback: generateKeyItem failed`);
            } else {
                console.info(`callback: generateKeyItem success`);
                try {
                    huks.attestKeyItem(aliasString, attestOptions, (error, data) => {
                        if (error) {
                            console.error(`callback: attestKeyItem failed`);
                        } else {
                            console.info(`callback: attestKeyItem success`);
                        }
                    });
                } catch (error) {
                    console.error(`callback: attestKeyItem input arg invalid`);
                }
            }
        });
    } catch (error) {
        console.error(`callback: generateKeyItem input arg invalid`);
    }
}

huks.attestKeyItem9+

attestKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>

Obtains the certificate used to verify a key. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key. The certificate to be obtained stores the key.
options HuksOptions Yes Parameters and data required for obtaining the certificate.

Return value

Type Description
Promise<HuksReturnResult> Promise used to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
201 check permission failed.
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest |
    huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType |
    huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}
async function generateKey(alias: string) {
    let properties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_RSA
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG,
            value: huks.HuksKeyStorageType.HUKS_STORAGE_PERSISTENT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_PSS
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
            value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_ECB
        }
    ];
    let options: huks.HuksOptions = {
        properties: properties
    };
    try {
        await huks.generateKeyItem(alias, options)
            .then((data) => {
                console.info(`promise: generateKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: generateKeyItem failed`);
            });
    } catch (error) {
        console.error(`promise: generateKeyItem input arg invalid`);
    }
}
async function attestKey() {
    let aliasString = keyAliasString;
    let aliasUint8 = stringToUint8Array(aliasString);
    let properties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
            value: securityLevel
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
            value: challenge
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
            value: versionInfo
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
            value: aliasUint8
        }
    ];
    let options: huks.HuksOptions = {
        properties: properties
    };
    await generateKey(aliasString);
    try {
        await huks.attestKeyItem(aliasString, options)
            .then((data) => {
                console.info(`promise: attestKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: attestKeyItem failed`);
            });
    } catch (error) {
        console.error(`promise: attestKeyItem input arg invalid`);
    }
}

huks.importWrappedKeyItem9+

importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback<void>) : void

Imports a wrapped key. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the wrapped key to import.
wrappingKeyAlias string Yes Alias of the data used to unwrap the key imported.
options HuksOptions Yes Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.
callback AsyncCallback<void> Yes Callback invoked to return the result. If the operation is successful, no err value is returned; otherwise, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksUnwrapSuite |
    huks.HuksCipherMode | huks.HuksImportKeyType = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let alias1 = "importAlias";
let alias2 = "wrappingKeyAlias";
async function TestGenFunc(alias: string, options: huks.HuksOptions) {
    try {
        await genKey(alias, options)
            .then((data) => {
                console.info(`callback: generateKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`callback: generateKeyItem failed`);
            });
    } catch (error) {
        console.error(`callback: generateKeyItem input arg invalid`);
    }
}
function genKey(alias: string, options: huks.HuksOptions) {
    return new Promise<void>((resolve, reject) => {
        try {
            huks.generateKeyItem(alias, options, (error, data) => {
                if (error) {
                    reject(error);
                } else {
                    resolve(data);
                }
            });
        } catch (error) {
            throw (new Error(error));
        }
    });
}
async function TestExportFunc(alias: string, options: huks.HuksOptions) {
    try {
        await exportKey(alias, options)
            .then((data) => {
                console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
            })
            .catch((error: BusinessError) => {
                console.error(`callback: exportKeyItem failed`);
            });
    } catch (error) {
        console.error(`callback: exportKeyItem input arg invalid`);
    }
}
function exportKey(alias: string, options: huks.HuksOptions) {
    return new Promise<huks.HuksReturnResult>((resolve, reject) => {
        try {
            huks.exportKeyItem(alias, options, (error, data) => {
                if (error) {
                    reject(error);
                } else {
                    resolve(data);
                }
            });
        } catch (error) {
            throw (new Error(error));
        }
    });
}
async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
    try {
        await importWrappedKey(alias, wrappingAlias, options)
            .then((data) => {
                console.info(`callback: importWrappedKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`callback: importWrappedKeyItem failed`);
            });
    } catch (error) {
        console.error(`callback: importWrappedKeyItem input arg invalid`);
    }
}
function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
    return new Promise<void>((resolve, reject) => {
        try {
            huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => {
                if (error) {
                    reject(error);
                } else {
                    resolve(data);
                }
            });
        } catch (error) {
            throw (new Error(error));
        }
    });
}
async function TestImportWrappedKeyFunc(
        alias: string,
        wrappingAlias: string,
        genOptions: huks.HuksOptions,
        importOptions: huks.HuksOptions
) {
    await TestGenFunc(wrappingAlias, genOptions);
    await TestExportFunc(wrappingAlias, genOptions);

    /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here.
     * For example, import **keyA**.
     * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**.
     * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**.
     * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**.
     * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**.
     * 5. Generate the **importOptions.inData** field in the following format:
     * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 +
     * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 +
     * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 +
     * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 +
     * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc
     */
    /* The key data imported vary with the sample code given below. The data structure is described in the preceding comments. */
    let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]);
    importOptions.inData = inputKey;
    await TestImportWrappedFunc(alias, wrappingAlias, importOptions);
}
function makeGenerateOptions() {
    let properties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_ECC
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
            value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR,
        }
    ];
    let options: huks.HuksOptions = {
        properties: properties
    };
    return options;
};
function makeImportOptions() {
    let properties: HuksProperties[] = [
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_AES
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_CBC
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
            value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
        }
    ];
    let options: huks.HuksOptions = {
        properties: properties
    };
    return options;
};
function huksImportWrappedKey() {
    let genOptions = makeGenerateOptions();
    let importOptions = makeImportOptions();
    TestImportWrappedKeyFunc(
        alias1,
        alias2,
        genOptions,
        importOptions
    );
}

huks.importWrappedKeyItem9+

importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise<void>

Imports a wrapped key. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the wrapped key to import.
wrappingKeyAlias string Yes Alias of the data used to unwrap the key imported.
options HuksOptions Yes Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000013 queried credential does not exist.
12000014 memory is insufficient.
12000015 call service failed.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* The process is similar as if a callback is used, except the following:*/
/* The key data imported vary with the sample code given below. The data structure is described in the preceding comments. */
async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
    try {
        await huks.importWrappedKeyItem(alias, wrappingAlias, options)
            .then ((data) => {
                console.info(`promise: importWrappedKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: importWrappedKeyItem failed`);
            });
    } catch (error) {
        console.error(`promise: importWrappedKeyItem input arg invalid`);
    }
}

huks.exportKeyItem9+

exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void

Exports a key. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the result. If the operation is successful, no err value is returned and outData contains the public key exported. If the operation fails, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => {
        if (error) {
            console.error(`callback: exportKeyItem failed`);
        } else {
            console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
        }
    });
} catch (error) {
    console.error(`callback: exportKeyItem input arg invalid`);
}

huks.exportKeyItem9+

exportKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>

Exports a key. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).

Return value

Type Description
Promise<HuksReturnResult> Promise used to return the result. If the operation is successful, no err value is returned and outData contains the public key exported. If the operation fails, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.exportKeyItem(keyAlias, emptyOptions)
        .then ((data) => {
            console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`);
        })
        .catch((error: BusinessError) => {
            console.error(`promise: exportKeyItem failed`);
        });
} catch (error) {
    console.error(`promise: exportKeyItem input arg invalid`);
}

huks.getKeyItemProperties9+

getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void

Obtains key properties. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the result. If the operation is successful, no err value is returned and properties contains the parameters required for generating the key. If the operation fails, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => {
        if (error) {
            console.error(`callback: getKeyItemProperties failed`);
        } else {
            console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
        }
    });
} catch (error) {
    console.error(`callback: getKeyItemProperties input arg invalid`);
}

huks.getKeyItemProperties9+

getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult>

Obtains key properties. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).

Return value

Type Description
Promise<HuksReturnResult> Promise used to return the result. If the operation is successful, no err value is returned and properties contains the parameters required for generating the key. If the operation fails, an error code is returned.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
try {
    huks.getKeyItemProperties(keyAlias, emptyOptions)
        .then ((data) => {
            console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
        })
        .catch((error: BusinessError) => {
            console.error(`promise: getKeyItemProperties failed`);
        });
} catch (error) {
    console.error(`promise: getKeyItemProperties input arg invalid`);
}

huks.isKeyItemExist9+

isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback<boolean>) : void

Checks whether a key exists. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key to check.
options HuksOptions Yes Properties of the key to check, for example, whether to check all keys or a single key. To check a single key, pass in an empty properties.
callback AsyncCallback<boolean> Yes Callback invoked to return the result. If the key exists, data is true. If the key does not exist, error is the error code.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import promptAction from '@ohos.promptAction';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => {
    if (data) {
        promptAction.showToast({
            message: "keyAlias: " + keyAlias +"is existed! ",
            duration: 2500,
        })
    } else {
        promptAction.showToast({
            message: "find key failed",
            duration: 2500,
        })
    }
});

huks.isKeyItemExist9+

isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise<boolean>

Checks whether a key exists. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key to check.
options HuksOptions Yes Properties of the key to check, for example, whether to check all keys or a single key. To check a single key, pass in an empty properties.

Return value

Type Description
Promise<boolean> Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
import promptAction from '@ohos.promptAction';

/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => {
    promptAction.showToast({
        message: "keyAlias: " + keyAlias +"is existed! ",
        duration: 500,
    })
}).catch((error: BusinessError)=>{
    promptAction.showToast({
        message: "find key failed",
        duration: 6500,
    })
})

huks.initSession9+

initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksSessionHandle>) : void

Initializes the data for a key operation. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key involved in the initSession operation.
options HuksOptions Yes Parameter set used for the initSession operation.
callback AsyncCallback<HuksSessionHandle> Yes Callback invoked to return a session handle for subsequent operations.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000010 the number of sessions has reached limit.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.initSession9+

initSession(keyAlias: string, options: HuksOptions) : Promise<HuksSessionHandle>

Initializes the data for a key operation. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key involved in the initSession operation.
options HuksOptions Yes Parameter set used for the initSession operation.

Return value

Type Description
Promise<HuksSessionHandle> Promise used to return a session handle for subsequent operations.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000010 the number of sessions has reached limit.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.updateSession9+

updateSession(handle: number, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void

Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
handle number Yes Handle for the updateSession operation.
options HuksOptions Yes Parameter set used for the updateSession operation.
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the updateSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.updateSession9+

updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback<HuksReturnResult>) : void

Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the updateSession operation.
options HuksOptions Yes Parameter set used for the updateSession operation.
token Uint8Array Yes Token of the updateSession operation.
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the updateSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.updateSession9+

updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise<HuksReturnResult>

Updates the key operation by segment. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the updateSession operation.
options HuksOptions Yes Parameter set used for the updateSession operation.
token Uint8Array No Token of the updateSession operation.

Return value

Type Description
Promise<HuksReturnResult> Promise used to return the updateSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.finishSession9+

finishSession(handle: number, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void

Finishes the key operation to release resources. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
handle number Yes Handle for the finishSession operation.
options HuksOptions Yes Parameter set used for the finishSession operation.
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the finishSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.finishSession9+

finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback<HuksReturnResult>) : void

Finishes the key operation to release resources. This API uses an asynchronous callback to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the finishSession operation.
options HuksOptions Yes Parameter set used for the finishSession operation.
token Uint8Array Yes Token of the finishSession operation.
callback AsyncCallback<HuksReturnResult> Yes Callback invoked to return the finishSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.finishSession9+

finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise<HuksReturnResult>

Finishes the key operation to release resources. This API uses a promise to return the result. huks.initSession, huks.updateSession, and huks.finishSession must be used together.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the finishSession operation.
options HuksOptions Yes Parameter set used for the finishSession operation.
token Uint8Array No Token of the finishSession operation.

Return value

Type Description
Promise<HuksReturnResult> Promise used to return the result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000001 algorithm mode is not supported.
12000002 algorithm param is missing.
12000003 algorithm param is invalid.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000007 this credential is already invalidated permanently.
12000008 verify authtoken failed.
12000009 authtoken is already timeout.
12000011 queried entity does not exist.
12000012 external error.
12000014 memory is insufficient.

huks.abortSession9+

abortSession(handle: number, options: HuksOptions, callback: AsyncCallback<void>) : void

Aborts a key operation. This API uses an asynchronous callback to return the result.

System capability: SystemCapability.Security.Huks.Core

Parameters

Name Type Mandatory Description
handle number Yes Handle for the abortSession operation.
options HuksOptions Yes Parameter set used for the abortSession operation.
callback AsyncCallback<void> Yes Callback invoked to return the abortSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
 * If an error occurs in any of huks.initSession, huks.updateSession,
 * and huks.finishSession operations,
 * huks.abortSession must be called to terminate the use of the key.
 *
 * The following uses the callback of an RSA1024 key as an example.
 */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest |
    huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}
function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}
let keyAlias = "HuksDemoRSA";
let properties: HuksProperties[] = []
let options: huks.HuksOptions = {
    properties: properties,
    inData: new Uint8Array(0)
};
let handle: number = 0;
async function generateKey() {
    properties[0] = {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_RSA
    };
    properties[1] = {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
    };
    properties[2] = {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
    };
    properties[3] = {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
    };
    properties[4] = {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    };
    properties[5] = {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB,
    }
    try {
        await huks.generateKeyItem(keyAlias, options, (error, data) => {
            if (error) {
                console.error(`callback: generateKeyItem failed`);
            } else {
                console.info(`callback: generateKeyItem success`);
            }
        });
    } catch (error) {
        console.error(`callback: generateKeyItem input arg invalid`);
    }
}
async function huksInit() {
    console.log('enter huksInit');
    try {
        huks.initSession(keyAlias, options, (error, data) => {
            if (error) {
                console.error(`callback: initSession failed`);
            } else {
                console.info(`callback: initSession success, data = ${JSON.stringify(data)}`);
                handle = data.handle;
            }
        });
    } catch (error) {
        console.error(`callback: initSession input arg invalid`);
    }
}
async function huksUpdate() {
    console.log('enter huksUpdate');
    options.inData = stringToUint8Array("huksHmacTest");
    try {
        huks.updateSession(handle, options, (error, data) => {
            if (error) {
                console.error(`callback: updateSession failed`);
            } else {
                console.info(`callback: updateSession success, data = ${JSON.stringify(data)}`);
            }
        });
    } catch (error) {
        console.error(`callback: updateSession input arg invalid`);
    }
}
async function huksFinish() {
    console.log('enter huksFinish');
    options.inData = new Uint8Array(0);
    try {
        huks.finishSession(handle, options, (error, data) => {
            if (error) {
                console.error(`callback: finishSession failed`);
            } else {
                console.info(`callback: finishSession success, data = ${JSON.stringify(data)}`);
            }
        });
    } catch (error) {
        console.error(`callback: finishSession input arg invalid`);
    }
}
async function huksAbort() {
    console.log('enter huksAbort');
    try {
        huks.abortSession(handle, options, (error, data) => {
            if (error) {
                console.error(`callback: abortSession failed`);
            } else {
                console.info(`callback: abortSession success`);
            }
        });
    } catch (error) {
        console.error(`callback: abortSession input arg invalid`);
    }
}

huks.abortSession9+

abortSession(handle: number, options: HuksOptions) : Promise<void>;

Aborts a key operation. This API uses a promise to return the result.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the abortSession operation.
options HuksOptions Yes Parameter set used for the abortSession operation.

Return value

Type Description
Promise<void> Promise used to return the abortSession operation result.

Error codes

For details about the error codes, see HUKS Error Codes.

ID Error Message
401 argument is invalid.
801 api is not supported.
12000004 operating file failed.
12000005 IPC communication failed.
12000006 error occured in crypto engine.
12000012 external error.
12000014 memory is insufficient.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
 * If an error occurs in any of huks.initSession, huks.updateSession,
 * and huks.finishSession operations,
 * huks.abortSession must be called to terminate the use of the key.
 *
 * The following uses the callback of an RSA1024 key as an example.
 */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksKeyGenerateType |
    huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}

function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}

let keyAlias = "HuksDemoRSA";
let properties: HuksProperties[] = []
let options: huks.HuksOptions = {
    properties: properties,
    inData: new Uint8Array(0)
};
let handle: number = 0;

async function generateKey() {
    properties[0] = {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_RSA
    };
    properties[1] = {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
    };
    properties[2] = {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
    };
    properties[3] = {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
    };
    properties[4] = {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    };
    properties[5] = {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB,
    }

    try {
        await huks.generateKeyItem(keyAlias, options)
            .then((data) => {
                console.info(`promise: generateKeyItem success`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: generateKeyItem failed`);
            });
    } catch (error) {
        console.error(`promise: generateKeyItem input arg invalid`);
    }
}

async function huksInit() {
    console.log('enter huksInit');
    try {
        await huks.initSession(keyAlias, options)
            .then((data) => {
                console.info(`promise: initSession success, data = ${JSON.stringify(data)}`);
                handle = data.handle;
            })
            .catch((error: BusinessError) => {
                console.error(`promise: initSession key failed`);
            });
    } catch (error) {
        console.error(`promise: initSession input arg invalid`);
    }
}

async function huksUpdate() {
    console.log('enter huksUpdate');
    options.inData = stringToUint8Array("huksHmacTest");
    try {
        await huks.updateSession(handle, options)
            .then((data) => {
                console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: updateSession failed`);
            });
    } catch (error) {
        console.error(`promise: updateSession input arg invalid`);
    }
}

async function huksFinish() {
    console.log('enter huksFinish');
    options.inData = new Uint8Array(0);
    try {
        await huks.finishSession(handle, options)
            .then((data) => {
                console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: finishSession failed`);
            });
    } catch (error) {
        console.error(`promise: finishSession input arg invalid`);
    }
}

async function huksAbort() {
    console.log('enter huksAbort');
    try {
        await huks.abortSession(handle, options)
            .then((data) => {
                console.info(`promise: abortSession success`);
            })
            .catch((error: BusinessError) => {
                console.error(`promise: abortSession failed`);
            });
    } catch (error) {
        console.error(`promise: abortSession input arg invalid`);
    }
}

HuksExceptionErrCode9+

Enumerates the error codes.

For details about the error codes, see KUKS Error Codes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_ERR_CODE_PERMISSION_FAIL 201 Permission verification failed.
HUKS_ERR_CODE_ILLEGAL_ARGUMENT 401 Invalid parameters are detected.
HUKS_ERR_CODE_NOT_SUPPORTED_API 801 The API is not supported.
HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED 12000001 The feature is not supported.
HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT 12000002 Key algorithm parameters are missing.
HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT 12000003 Invalid key algorithm parameters are detected.
HUKS_ERR_CODE_FILE_OPERATION_FAIL 12000004 The file operation failed.
HUKS_ERR_CODE_COMMUNICATION_FAIL 12000005 The communication failed.
HUKS_ERR_CODE_CRYPTO_FAIL 12000006 Failed to operate the algorithm library.
HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED 12000007 Failed to access the key because the key has expired.
HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED 12000008 Failed to access the key because the authentication has failed.
HUKS_ERR_CODE_KEY_AUTH_TIME_OUT 12000009 Key access timed out.
HUKS_ERR_CODE_SESSION_LIMIT 12000010 The number of key operation sessions has reached the limit.
HUKS_ERR_CODE_ITEM_NOT_EXIST 12000011 The target object does not exist.
HUKS_ERR_CODE_EXTERNAL_ERROR 12000012 An external error occurs.
HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST 12000013 The credential does not exist.
HUKS_ERR_CODE_INSUFFICIENT_MEMORY 12000014 The memory is insufficient.
HUKS_ERR_CODE_CALL_SERVICE_FAILED 12000015 Failed to call other system services.

HuksKeyPurpose

Enumerates the key purposes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_KEY_PURPOSE_ENCRYPT 1 Used to encrypt the plaintext.
System capability: SystemCapability.Security.Huks.Core
HUKS_KEY_PURPOSE_DECRYPT 2 Used to decrypt the cipher text.
System capability: SystemCapability.Security.Huks.Core
HUKS_KEY_PURPOSE_SIGN 4 Used for signing.
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_VERIFY 8 Used to verify the signature.
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_DERIVE 16 Used to derive a key.
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_WRAP 32 Used for an encrypted export.
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_UNWRAP 64 Used for an encrypted import.
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_MAC 128 Used to generate a message authentication code (MAC).
System capability: SystemCapability.Security.Huks.Extension
HUKS_KEY_PURPOSE_AGREE 256 Used for key agreement.
System capability: SystemCapability.Security.Huks.Extension

HuksKeyDigest

Enumerates the digest algorithms.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_DIGEST_NONE 0 No digest algorithm
HUKS_DIGEST_MD5 1 MD5
HUKS_DIGEST_SM39+ 2 SM3
HUKS_DIGEST_SHA1 10 SHA-1
HUKS_DIGEST_SHA224 11 SHA-224
HUKS_DIGEST_SHA256 12 SHA-256
HUKS_DIGEST_SHA384 13 SHA-384
HUKS_DIGEST_SHA512 14 SHA-512

HuksKeyPadding

Enumerates the padding algorithms.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_PADDING_NONE 0 No padding algorithm
System capability: SystemCapability.Security.Huks.Core
HUKS_PADDING_OAEP 1 Optimal Asymmetric Encryption Padding (OAEP)
System capability: SystemCapability.Security.Huks.Extension
HUKS_PADDING_PSS 2 Probabilistic Signature Scheme (PSS)
System capability: SystemCapability.Security.Huks.Extension
HUKS_PADDING_PKCS1_V1_5 3 Public Key Cryptography Standards (PKCS) #1 v1.5
System capability: SystemCapability.Security.Huks.Extension
HUKS_PADDING_PKCS5 4 PKCS #5
System capability: SystemCapability.Security.Huks.Extension
HUKS_PADDING_PKCS7 5 PKCS #7
System capability: SystemCapability.Security.Huks.Core

HuksCipherMode

Enumerates the cipher modes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_MODE_ECB 1 Electronic Code Block (ECB) mode
System capability: SystemCapability.Security.Huks.Core
HUKS_MODE_CBC 2 Cipher Block Chaining (CBC) mode
System capability: SystemCapability.Security.Huks.Core
HUKS_MODE_CTR 3 Counter (CTR) mode
System capability: SystemCapability.Security.Huks.Core
HUKS_MODE_OFB 4 Output Feedback (OFB) mode
System capability: SystemCapability.Security.Huks.Extension
HUKS_MODE_CCM 31 Counter with CBC-MAC (CCM) mode
System capability: SystemCapability.Security.Huks.Extension
HUKS_MODE_GCM 32 Galois/Counter (GCM) mode
System capability: SystemCapability.Security.Huks.Core

HuksKeySize

Enumerates the key sizes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_RSA_KEY_SIZE_512 512 Rivest-Shamir-Adleman (RSA) key of 512 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_RSA_KEY_SIZE_768 768 RSA key of 768 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_RSA_KEY_SIZE_1024 1024 RSA key of 1024 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_RSA_KEY_SIZE_2048 2048 RSA key of 2048 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_RSA_KEY_SIZE_3072 3072 RSA key of 3072 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_RSA_KEY_SIZE_4096 4096 RSA key of 4096 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_ECC_KEY_SIZE_224 224 Elliptic Curve Cryptography (ECC) key of 224 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_ECC_KEY_SIZE_256 256 ECC key of 256 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_ECC_KEY_SIZE_384 384 ECC key of 384 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_ECC_KEY_SIZE_521 521 ECC key of 521 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_AES_KEY_SIZE_128 128 Advanced Encryption Standard (AES) key of 128 bits
System capability: SystemCapability.Security.Huks.Core
HUKS_AES_KEY_SIZE_192 192 AES key of 192 bits
System capability: SystemCapability.Security.Huks.Core
HUKS_AES_KEY_SIZE_256 256 AES key of 256 bits
System capability: SystemCapability.Security.Huks.Core
HUKS_AES_KEY_SIZE_512 512 AES key of 512 bits
System capability: SystemCapability.Security.Huks.Core
HUKS_CURVE25519_KEY_SIZE_256 256 Curve25519 key of 256 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_DH_KEY_SIZE_2048 2048 Diffie-Hellman (DH) key of 2048 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_DH_KEY_SIZE_3072 3072 DH key of 3072 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_DH_KEY_SIZE_4096 4096 DH key of 4096 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_SM2_KEY_SIZE_2569+ 256 ShangMi2 (SM2) key of 256 bits
System capability: SystemCapability.Security.Huks.Extension
HUKS_SM4_KEY_SIZE_1289+ 128 ShangMi4 (SM4) key of 128 bits
System capability: SystemCapability.Security.Huks.Extension

HuksKeyAlg

Enumerates the key algorithms.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_ALG_RSA 1 RSA
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_ECC 2 ECC
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_DSA 3 DSA
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_AES 20 AES
System capability: SystemCapability.Security.Huks.Core
HUKS_ALG_HMAC 50 HMAC
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_HKDF 51 HKDF
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_PBKDF2 52 PBKDF2
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_ECDH 100 ECDH
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_X25519 101 X25519
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_ED25519 102 ED25519
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_DH 103 DH
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_SM29+ 150 SM2
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_SM39+ 151 SM3
System capability: SystemCapability.Security.Huks.Extension
HUKS_ALG_SM49+ 152 SM4
System capability: SystemCapability.Security.Huks.Extension

HuksKeyGenerateType

Enumerates the key generation types.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_KEY_GENERATE_TYPE_DEFAULT 0 Key generated by default.
HUKS_KEY_GENERATE_TYPE_DERIVE 1 Derived key.
HUKS_KEY_GENERATE_TYPE_AGREE 2 Key generated by agreement.

HuksKeyFlag

Enumerates the key generation modes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_KEY_FLAG_IMPORT_KEY 1 Import a key using an API.
HUKS_KEY_FLAG_GENERATE_KEY 2 Generate a key by using an API.
HUKS_KEY_FLAG_AGREE_KEY 3 Generate a key by using a key agreement API.
HUKS_KEY_FLAG_DERIVE_KEY 4 Derive a key by using an API.

HuksKeyStorageType

Enumerates the key storage modes.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_STORAGE_TEMP(deprecated) 0 The key is managed locally.
NOTE: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use HUKS_STORAGE_ONLY_USED_IN_HUKS or HUKS_STORAGE_KEY_EXPORT_ALLOWED.
System capability: SystemCapability.Security.Huks.Core
HUKS_STORAGE_PERSISTENT(deprecated) 1 The key is managed by the HUKS service.
NOTE: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use HUKS_STORAGE_ONLY_USED_IN_HUKS or HUKS_STORAGE_KEY_EXPORT_ALLOWED.
System capability: SystemCapability.Security.Huks.Core
HUKS_STORAGE_ONLY_USED_IN_HUKS10+ 2 The key derived from the master key is stored in the HUKS and managed by the HUKS.
System capability: SystemCapability.Security.Huks.Extension
HUKS_STORAGE_KEY_EXPORT_ALLOWED10+ 3 The key derived from the master key is exported to the service, and not managed by the HUKS.
System capability: SystemCapability.Security.Huks.Extension

HuksSendType

Enumerates the tag transfer modes.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_SEND_TYPE_ASYNC 0 The tag is sent asynchronously.
HUKS_SEND_TYPE_SYNC 1 The tag is sent synchronously.

HuksUnwrapSuite9+

Enumerates the algorithm suites used for importing a wrapped key.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING 1 Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.
HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 2 Use ECDH for key agreement and then use AES-256 GCM to encrypt the key.

HuksImportKeyType9+

Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_KEY_TYPE_PUBLIC_KEY 0 Public key
HUKS_KEY_TYPE_PRIVATE_KEY 1 Private key
HUKS_KEY_TYPE_KEY_PAIR 2 Public and private key pair

HuksRsaPssSaltLenType10+

Enumerates the salt_len types to set when PSS padding is used in RSA signing or signature verification.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_RSA_PSS_SALT_LEN_DIGEST10+ 0 salt_len is set to the digest length.
HUKS_RSA_PSS_SALT_LEN_MAX10+ 1 salt_len is set to the maximum length.

HuksUserAuthType9+

Enumerates the user authentication types.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_USER_AUTH_TYPE_FINGERPRINT 1 << 0 Fingerprint authentication.
HUKS_USER_AUTH_TYPE_FACE 1 << 1 Facial authentication.
HUKS_USER_AUTH_TYPE_PIN 1 << 2 PIN authentication.

HuksAuthAccessType9+

Enumerates the access control types.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD 1 << 0 The key becomes invalid after the password is cleared.
HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL 1 << 1 The key becomes invalid after a new biometric feature is added.

HuksChallengeType9+

Enumerates the types of the challenges generated when a key is used.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_CHALLENGE_TYPE_NORMAL 0 Normal challenge, which is of 32 bytes by default.
HUKS_CHALLENGE_TYPE_CUSTOM 1 Custom challenge, which supports only one authentication for multiple keys.
HUKS_CHALLENGE_TYPE_NONE 2 Challenge is not required.

HuksChallengePosition9+

Enumerates the positions of the 8-byte valid value in a custom challenge generated.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_CHALLENGE_POS_0 0 Bytes 0 to 7.
HUKS_CHALLENGE_POS_1 1 Bytes 8 to 15.
HUKS_CHALLENGE_POS_2 2 Bytes 16 to 23.
HUKS_CHALLENGE_POS_3 3 Bytes 24 to 31.

HuksSecureSignType9+

Defines the signature type of the key generated or imported.

System capability: SystemCapability.Security.Huks.Extension

Name Value Description
HUKS_SECURE_SIGN_WITH_AUTHINFO 1 The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.

HuksTagType

Enumerates the tag data types.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_TAG_TYPE_INVALID 0 << 28 Invalid tag type.
HUKS_TAG_TYPE_INT 1 << 28 Number of the int type.
HUKS_TAG_TYPE_UINT 2 << 28 Number of the uint type.
HUKS_TAG_TYPE_ULONG 3 << 28 BigInt.
HUKS_TAG_TYPE_BOOL 4 << 28 Boolean.
HUKS_TAG_TYPE_BYTES 5 << 28 Uint8Array.

HuksTag

Enumerates the tags used to invoke parameters.

System capability: SystemCapability.Security.Huks.Core

Name Value Description
HUKS_TAG_INVALID(deprecated) HuksTagType.HUKS_TAG_TYPE_INVALID | 0 Invalid tag. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_ALGORITHM HuksTagType.HUKS_TAG_TYPE_UINT | 1 Algorithm.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_PURPOSE HuksTagType.HUKS_TAG_TYPE_UINT | 2 Purpose of the key.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_KEY_SIZE HuksTagType.HUKS_TAG_TYPE_UINT | 3 Key size.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_DIGEST HuksTagType.HUKS_TAG_TYPE_UINT | 4 Digest algorithm.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_PADDING HuksTagType.HUKS_TAG_TYPE_UINT | 5 Padding algorithm.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_BLOCK_MODE HuksTagType.HUKS_TAG_TYPE_UINT | 6 Cipher mode.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_KEY_TYPE HuksTagType.HUKS_TAG_TYPE_UINT | 7 Key type.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_ASSOCIATED_DATA HuksTagType.HUKS_TAG_TYPE_BYTES | 8 Associated authentication data.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_NONCE HuksTagType.HUKS_TAG_TYPE_BYTES | 9 Field for key encryption and decryption.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_IV HuksTagType.HUKS_TAG_TYPE_BYTES | 10 IV.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_INFO HuksTagType.HUKS_TAG_TYPE_BYTES | 11 Information generated during key derivation.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_SALT HuksTagType.HUKS_TAG_TYPE_BYTES | 12 Salt value used for key derivation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_PWD(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 13 Password used for key derivation. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_ITERATION HuksTagType.HUKS_TAG_TYPE_UINT | 14 Number of iterations for key derivation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_GENERATE_TYPE HuksTagType.HUKS_TAG_TYPE_UINT | 15 Key generation type.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_DERIVE_MAIN_KEY(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 16 Main key for key derivation. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_DERIVE_FACTOR(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 17 Factor for key derivation. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_DERIVE_ALG(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 18 Type of the algorithm used for key derivation. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AGREE_ALG HuksTagType.HUKS_TAG_TYPE_UINT | 19 Type of the algorithm used for key agreement.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS HuksTagType.HUKS_TAG_TYPE_BOOL | 20 Public key alias used in key agreement.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS HuksTagType.HUKS_TAG_TYPE_BYTES | 21 Private key alias used in key agreement.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AGREE_PUBLIC_KEY HuksTagType.HUKS_TAG_TYPE_BYTES | 22 Public key used in key agreement.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_ALIAS HuksTagType.HUKS_TAG_TYPE_BYTES | 23 Key alias.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_DERIVE_KEY_SIZE HuksTagType.HUKS_TAG_TYPE_UINT | 24 Size of the derived key.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_IMPORT_KEY_TYPE9+ HuksTagType.HUKS_TAG_TYPE_UINT | 25 Type of the imported key.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_UNWRAP_ALGORITHM_SUITE9+ HuksTagType.HUKS_TAG_TYPE_UINT | 26 Algorithm suite required for encrypted imports.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG10+ HuksTagType.HUKS_TAG_TYPE_UINT |29 Storage type of the derived key or agreed key.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_RSA_PSS_SALT_LEN_TYPE10+ HuksTagType.HUKS_TAG_TYPE_UINT |30 Type of the rsa_pss_salt_length.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ACTIVE_DATETIME(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 201 Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ORIGINATION_EXPIRE_DATETIME(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 202 Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_USAGE_EXPIRE_DATETIME(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 203 Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_CREATION_DATETIME(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 204 Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_ALL_USERS HuksTagType.HUKS_TAG_TYPE_BOOL | 301 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_USER_ID HuksTagType.HUKS_TAG_TYPE_UINT | 302 ID of the user to which the key belongs.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_NO_AUTH_REQUIRED HuksTagType.HUKS_TAG_TYPE_BOOL | 303 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_USER_AUTH_TYPE HuksTagType.HUKS_TAG_TYPE_UINT | 304 User authentication type. For details, see HuksUserAuthType. This parameter must be set together with HuksAuthAccessType. You can set a maximum of two user authentication types at a time. For example, if HuksAuthAccessType is HUKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL, you can set this parameter to HUKS_USER_AUTH_TYPE_FACE, HUKS_USER_AUTH_TYPE_FINGERPRINT, or HUKS_USER_AUTH_TYPE_FACE | HUKS_USER_AUTH_TYPE_FINGERPRINT.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AUTH_TIMEOUT HuksTagType.HUKS_TAG_TYPE_UINT | 305 Timeout period of an authentication token.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AUTH_TOKEN HuksTagType.HUKS_TAG_TYPE_BYTES | 306 Used to pass in the authentication token.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_AUTH_ACCESS_TYPE9+ HuksTagType.HUKS_TAG_TYPE_UINT | 307 Access control type. For details, see HuksAuthAccessType. This parameter must be set together with HuksUserAuthType.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_SECURE_SIGN_TYPE9+ HuksTagType.HUKS_TAG_TYPE_UINT | 308 Signature type of the key generated or imported.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_CHALLENGE_TYPE9+ HuksTagType.HUKS_TAG_TYPE_UINT | 309 Type of the challenge generated for a key. For details, see HuksChallengeType.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_CHALLENGE_POS9+ HuksTagType.HUKS_TAG_TYPE_UINT | 310 Position of the 8-byte valid value in a custom challenge. For details, see HuksChallengePosition.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_AUTH_PURPOSE10+ HuksTagType.HUKS_TAG_TYPE_UINT |311 Key authentication purpose.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_CHALLENGE HuksTagType.HUKS_TAG_TYPE_BYTES | 501 Challenge value used in the attestation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_APPLICATION_ID HuksTagType.HUKS_TAG_TYPE_BYTES | 502 Application ID used in the attestation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_BRAND(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 503 Brand of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_DEVICE(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 504 ID of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_PRODUCT(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 505 Product name of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_SERIAL(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 506 SN of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_IMEI(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 507 International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_MEID(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 508 Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_MANUFACTURER(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 509 Manufacturer of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_MODEL(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 510 Device model. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_ALIAS HuksTagType.HUKS_TAG_TYPE_BYTES | 511 Key alias used in the attestation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_SOCID(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 512 System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_UDID(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 513 Unique device identifier (UDID) of the device. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO HuksTagType.HUKS_TAG_TYPE_BYTES | 514 Security level used in the attestation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ATTESTATION_ID_VERSION_INFO HuksTagType.HUKS_TAG_TYPE_BYTES | 515 Version information used in the attestation.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_IS_KEY_ALIAS HuksTagType.HUKS_TAG_TYPE_BOOL | 1001 Whether to use the alias passed in during key generation.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_KEY_STORAGE_FLAG HuksTagType.HUKS_TAG_TYPE_UINT | 1002 Key storage mode.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_IS_ALLOWED_WRAP HuksTagType.HUKS_TAG_TYPE_BOOL | 1003 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_WRAP_TYPE HuksTagType.HUKS_TAG_TYPE_UINT | 1004 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_AUTH_ID HuksTagType.HUKS_TAG_TYPE_BYTES | 1005 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_ROLE HuksTagType.HUKS_TAG_TYPE_UINT | 1006 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_FLAG HuksTagType.HUKS_TAG_TYPE_UINT | 1007 Flag of the key.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_IS_ASYNCHRONIZED HuksTagType.HUKS_TAG_TYPE_UINT | 1008 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_SECURE_KEY_ALIAS(deprecated) HuksTagType.HUKS_TAG_TYPE_BOOL | 1009 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_SECURE_KEY_UUID(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 1010 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY_DOMAIN HuksTagType.HUKS_TAG_TYPE_UINT | 1011 Reserved.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_PROCESS_NAME(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 10001 Process name. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_PACKAGE_NAME(deprecated) HuksTagType.HUKS_TAG_TYPE_BYTES | 10002 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ACCESS_TIME(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10003 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_USES_TIME(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10004 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_CRYPTO_CTX(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 10005 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_KEY HuksTagType.HUKS_TAG_TYPE_BYTES | 10006 Reserved.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_KEY_VERSION(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10007 Key version. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_PAYLOAD_LEN(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10008 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_AE_TAG HuksTagType.HUKS_TAG_TYPE_BYTES | 10009 Used to pass in the AEAD in GCM mode.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_IS_KEY_HANDLE(deprecated) HuksTagType.HUKS_TAG_TYPE_ULONG | 10010 Reserved filed, which is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_OS_VERSION(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10101 OS version. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_OS_PATCHLEVEL(deprecated) HuksTagType.HUKS_TAG_TYPE_UINT | 10102 OS patch level. It is deprecated since API version 9.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_SYMMETRIC_KEY_DATA HuksTagType.HUKS_TAG_TYPE_BYTES | 20001 Reserved.
System capability: SystemCapability.Security.Huks.Core
HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA HuksTagType.HUKS_TAG_TYPE_BYTES | 20002 Reserved.
System capability: SystemCapability.Security.Huks.Extension
HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA HuksTagType.HUKS_TAG_TYPE_BYTES | 20003 Reserved.
System capability: SystemCapability.Security.Huks.Extension

huks.generateKey(deprecated)

generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Generates a key. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.generateKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for generating the key.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code defined in HuksResult is returned.

Example

import huks from '@ohos.security.huks';
/* Generate an RSA key of 512 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_RSA
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
    },
    {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    }
];
let options: huks.HuksOptions = {
    properties: properties
};
huks.generateKey(keyAlias, options, (err, data) => {
});

huks.generateKey(deprecated)

generateKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>

Generates a key. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.generateKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for generating the key.

Return value

Type Description
Promise<HuksResult> Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Generate an ECC key of 256 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC
}

let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_ECC
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
    },
    {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    }
];
let options: huks.HuksOptions = {
    properties: properties
};
let result = huks.generateKey(keyAlias, options);

huks.deleteKey(deprecated)

deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Deletes a key. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.deleteKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias passed in when the key was generated.
options HuksOptions Yes Properties of the key to delete, for example, whether to delete all keys or a single key. To delete a single key, pass in an empty properties.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.deleteKey(keyAlias, emptyOptions, (err, data) => {
});

huks.deleteKey(deprecated)

deleteKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>

Deletes a key. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.deleteKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias passed in when the key was generated.
options HuksOptions Yes Properties of the key to delete, for example, whether to delete all keys or a single key. To delete a single key, pass in an empty properties.

Return value

Type Description
Promise<HuksResult> Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
let result = huks.deleteKey(keyAlias, emptyOptions);

huks.importKey(deprecated)

importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Imports a key in plaintext. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.importKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for the import and key to import.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Import an AES key of 256 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
    let arr = new Uint8Array(size);
    for (let i = 0; i < size; i++) {
        arr[i] = Math.floor(Math.random() * 10);
    }
    return arr;
};
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_AES
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value:
        huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
    },
    {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB
    }
];
let options: huks.HuksOptions = {
    properties: properties,
    inData: plainTextSize32
};
huks.importKey(keyAlias, options, (err, data) => {
});

huks.importKey(deprecated)

importKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>

Imports a key in plaintext. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.importKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key.
options HuksOptions Yes Tags required for the import and key to import.

Return value

Type Description
Promise<HuksResult> Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Import an AES key of 128 bits. */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
    let arr = new Uint8Array(size);
    for (let i = 0; i < size; i++) {
        arr[i] = Math.floor(Math.random() * 10);
    }
    return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties: HuksProperties[] = [
    {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_AES
    },
    {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
    },
    {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
    },
    {
        tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
        value: huks.HuksCipherMode.HUKS_MODE_ECB
    }
];
let huksoptions: huks.HuksOptions = {
    properties: properties,
    inData: plainTextSize32
};
let result = huks.importKey(keyAlias, huksoptions);

huks.exportKey(deprecated)

exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Exports a key. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.exportKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).
callback AsyncCallback<HuksResult> Yes Callback invoked to return the result. If the operation is successful, HUKS_SUCCESS is returned and outData contains the public key exported. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.exportKey(keyAlias, emptyOptions, (err, data) => {
});

huks.exportKey(deprecated)

exportKey(keyAlias: string, options: HuksOptions) : Promise<HuksResult>

Exports a key. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.exportKeyItem9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).

Return value

Type Description
Promise<HuksResult> Promise used to return the result. If the operation is successful, HUKS_SUCCESS is returned and outData contains the public key exported. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
let result = huks.exportKey(keyAlias, emptyOptions);

huks.getKeyProperties(deprecated)

getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Obtains key properties. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.getKeyItemProperties9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).
callback AsyncCallback<HuksResult> Yes Callback invoked to return the result. If the operation is successful, errorCode is HUKS_SUCCESS; otherwise, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => {
});

huks.getKeyProperties(deprecated)

getKeyProperties(keyAlias: string, options: HuksOptions) : Promise<HuksResult>

Obtains key properties. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.getKeyItemProperties9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Key alias, which must be the same as the alias used when the key was generated.
options HuksOptions Yes Empty object (leave this parameter empty).

Return value

Type Description
Promise<HuksResult> Promise used to return the result. If the operation is successful, errorCode is HUKS_SUCCESS and properties contains the parameters required for generating the key. If the operation fails, an error code is returned.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
let result = huks.getKeyProperties(keyAlias, emptyOptions);

huks.isKeyExist(deprecated)

isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback<boolean>) : void

Checks whether a key exists. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.isKeyItemExist9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key to check.
options HuksOptions Yes Properties of the key to check, for example, whether to check all keys or a single key. To check a single key, pass in an empty properties.
callback AsyncCallback<boolean> Yes Callback invoked to return the result. The value true means the key exists; the value false means the opposite.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
huks.isKeyExist(keyAlias, emptyOptions, (err, data) => {
});

huks.isKeyExist(deprecated)

isKeyExist(keyAlias: string, options: HuksOptions) : Promise<boolean>

Checks whether a key exists. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.isKeyItemExist9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the key to check.
options HuksOptions Yes Properties of the key to check, for example, whether to check all keys or a single key. To check a single key, pass in an empty properties.

Return value

Type Description
Promise<boolean> Promise used to return the result. The value true means the key exists; the value false means the opposite.

Example

import huks from '@ohos.security.huks';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
    properties: []
};
let result = huks.isKeyExist(keyAlias, emptyOptions);

huks.init(deprecated)

init(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksHandle>) : void

Initializes the data for a key operation. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.initSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the target key.
options HuksOptions Yes Parameter set used for the init operation.
callback AsyncCallback<HuksHandle> Yes Callback invoked to return a session handle for subsequent operations.

huks.init(deprecated)

init(keyAlias: string, options: HuksOptions) : Promise<HuksHandle>

Initializes the data for a key operation. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.initSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
keyAlias string Yes Alias of the target key.
options HuksOptions Yes Parameter set used for the init operation.

Return value

Type Description
Promise<HuksHandle> Promise used to return a session handle for subsequent operations.

huks.update(deprecated)

update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Updates the key operation by segment. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.updateSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the update operation.
token Uint8Array No Token of the update operation.
options HuksOptions Yes Parameter set used for the update operation.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the update operation result.

huks.update(deprecated)

update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise<HuksResult>;

Updates the key operation by segment. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.updateSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the update operation.
token Uint8Array No Token of the update operation.
options HuksOptions Yes Parameter set used for the update operation.

Return value

Type Description
Promise<HuksResult> Promise used to return the update operation result.

huks.finish(deprecated)

finish(handle: number, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Finishes the key operation to release resources. This API uses an asynchronous callback to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.finishSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the finish operation.
options HuksOptions Yes Parameter set used for the finish operation.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the finish operation result.

huks.finish(deprecated)

finish(handle: number, options: HuksOptions) : Promise<HuksResult>

Finishes the key operation to release resources. This API uses a promise to return the result. huks.init, huks.update, and huks.finish must be used together.

NOTE

This API is deprecated since API version 9. You are advised to use huks.finishSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the finish operation.
options HuksOptions Yes Parameter set used for the finish operation.

Return value

Type Description
Promise<HuksResult> Promise used to return the result.

huks.abort(deprecated)

abort(handle: number, options: HuksOptions, callback: AsyncCallback<HuksResult>) : void

Aborts the use of the key. This API uses an asynchronous callback to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.abortSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the abort operation.
options HuksOptions Yes Parameter set used for the abort operation.
callback AsyncCallback<HuksResult> Yes Callback invoked to return the abort operation result.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* huks.init, huks.update, and huks.finish must be used together.
 * If an error occurs in any of them, huks.abort must be called to terminate the use of the key.
 *
 * The following uses the callback of an RSA 1024 key as an example.
 */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let keyalias = "HuksDemoRSA";
let properties: HuksProperties[] = [];
let options: huks.HuksOptions = {
    properties: properties,
    inData: new Uint8Array(0)
};
let handle: number = 0;
let resultMessage = "";
async function generateKey() {
    properties[0] = {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_RSA
    };
    properties[1] = {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
    };
    properties[2] = {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
    };
    properties[3] = {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
    };
    properties[4] = {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    };
    huks.generateKey(keyalias, options);
}
function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}
async function huksInit() {
    await huks.init(keyalias, options).then((data) => {
        console.log(`test init data: ${JSON.stringify(data)}`);
        handle = data.handle;
    }).catch((err: BusinessError) => {
        console.log("test init err information: " + JSON.stringify(err))
    })
}
async function huksUpdate() {
    options.inData = stringToUint8Array("huksHmacTest");
    await huks.update(handle, options.inData, options).then((data) => {
        if (data.errorCode === 0) {
            resultMessage += "update success!";
        } else {
            resultMessage += "update fail!";
        }
    });
    console.log(resultMessage);
}
function huksFinish() {
    options.inData = stringToUint8Array("HuksDemoHMAC");
    huks.finish(handle, options).then((data) => {
        if (data.errorCode === 0) {
            resultMessage = "finish success!";
        } else {
            resultMessage = "finish fail errorCode: " + data.errorCode;
        }
    }).catch((err: BusinessError) => {
        resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err)
    });
    console.log(resultMessage);
}
async function huksAbort() {
    new Promise<huks.HuksResult>((resolve, reject) => {
        huks.abort(handle, options, (err, data) => {
            console.log(`Huks_Demo hmac huksAbort1 data ${JSON.stringify(data)}`);
            console.log(`Huks_Demo hmac huksAbort1 err ${JSON.stringify(err)}`);
        });
    });
}

huks.abort(deprecated)

abort(handle: number, options: HuksOptions) : Promise<HuksResult>;

Aborts the use of the key. This API uses a promise to return the result.

NOTE

This API is deprecated since API version 9. You are advised to use huks.abortSession9+.

System capability: SystemCapability.Security.Huks.Extension

Parameters

Name Type Mandatory Description
handle number Yes Handle for the abort operation.
options HuksOptions Yes Parameter set used for the abort operation.

Return value

Type Description
Promise<HuksResult> Promise used to return the abort operation result.

Example

import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/* huks.init, huks.update, and huks.finish must be used together.
 * If an error occurs in any of them, huks.abort must be called to terminate the use of the key.
 *
 * The following uses the promise of an RSA 1024-bit key as an example.
 */
class HuksProperties {
    tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM
    value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose |
    huks.HuksKeyPadding | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC
}
let keyalias = "HuksDemoRSA";
let properties: HuksProperties[] = [];
let options: huks.HuksOptions = {
    properties: properties,
    inData: new Uint8Array(0)
};
let handle: number = 0;
let resultMessage = "";

function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    let tmpUint8Array = new Uint8Array(arr);
    return tmpUint8Array;
}

async function generateKey() {
    properties[0] = {
        tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
        value: huks.HuksKeyAlg.HUKS_ALG_RSA
    };
    properties[1] = {
        tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
        value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_1024
    };
    properties[2] = {
        tag: huks.HuksTag.HUKS_TAG_PURPOSE,
        value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
    };
    properties[3] = {
        tag: huks.HuksTag.HUKS_TAG_PADDING,
        value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
    };
    properties[4] = {
        tag: huks.HuksTag.HUKS_TAG_DIGEST,
        value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
    };
    huks.generateKey(keyalias, options, (err, data) => {
    });
}

async function huksInit() {
    return new Promise<huks.HuksHandle>((resolve, reject) => {
        huks.init(keyalias, options, async (err, data) => {
            if (data.errorCode === 0) {
                resultMessage = "init success!"
                handle = data.handle;
            } else {
                resultMessage = "init fail errorCode: " + data.errorCode
            }
        });
    });
}

async function huksUpdate() {
    options.inData = stringToUint8Array("huksHmacTest");
    new Promise<huks.HuksResult>((resolve, reject) => {
        huks.update(handle, options.inData, options, (err, data) => {
            if (data.errorCode === 0) {
                resultMessage += "update success!";
            } else {
                resultMessage += "update fail!";
            }
        });
    });
    console.log(resultMessage);

}

async function huksFinish() {
    options.inData = stringToUint8Array("0");
    new Promise<huks.HuksResult>((resolve, reject) => {
        huks.finish(handle, options, (err, data) => {
            if (data.errorCode === 0) {
                resultMessage = "finish success!";
            } else {
                resultMessage = "finish fail errorCode: " + data.errorCode;
            }
        });
    });
}

function huksAbort() {
    huks.abort(handle, options).then((data) => {
        if (data.errorCode === 0) {
            resultMessage = "abort success!";
        } else {
            resultMessage = "abort fail errorCode: " + data.errorCode;
        }
    }).catch((err: BusinessError) => {
        resultMessage = "Failed to abort the use of the key. catch errorMessage:" + JSON.stringify(err)
    });
    console.log(resultMessage);
}

HuksHandle(deprecated)

Defines the HUKS handle structure.

System capability: SystemCapability.Security.Huks.Extension

NOTE

This API is deprecated since API version 9. You are advised to use HuksSessionHandle9+.

Name Type Mandatory Description
errorCode number Yes Error code.
handle number Yes Value of the handle.
token Uint8Array No Challenge obtained after the init operation.

HuksResult(deprecated)

Defines the HuksResult struct.

System capability: SystemCapability.Security.Huks.Extension

NOTE

Name Type Mandatory Description
errorCode number Yes Error code.
outData Uint8Array No Output data.
properties Array<HuksParam> No Property information.
certChains Array<string> No Certificate chain information.

HuksErrorCode(deprecated)

Enumerates the error codes.

System capability: SystemCapability.Security.Huks.Extension

NOTE

This API is deprecated since API version 9. You are advised to use HuksExceptionErrCode9+.

Name Value Description
HUKS_SUCCESS 0 Success.
HUKS_FAILURE -1 Failure.
HUKS_ERROR_BAD_STATE -2 Incorrect state.
HUKS_ERROR_INVALID_ARGUMENT -3 Invalid argument.
HUKS_ERROR_NOT_SUPPORTED -4 Not supported.
HUKS_ERROR_NO_PERMISSION -5 No permission.
HUKS_ERROR_INSUFFICIENT_DATA -6 Insufficient data.
HUKS_ERROR_BUFFER_TOO_SMALL -7 Insufficient buffer.
HUKS_ERROR_INSUFFICIENT_MEMORY -8 Insufficient memory.
HUKS_ERROR_COMMUNICATION_FAILURE -9 Communication failure.
HUKS_ERROR_STORAGE_FAILURE -10 Insufficient storage space.
HUKS_ERROR_HARDWARE_FAILURE -11 Hardware fault.
HUKS_ERROR_ALREADY_EXISTS -12 The object already exists.
HUKS_ERROR_NOT_EXIST -13 The object does not exist.
HUKS_ERROR_NULL_POINTER -14 Null pointer.
HUKS_ERROR_FILE_SIZE_FAIL -15 Incorrect file size.
HUKS_ERROR_READ_FILE_FAIL -16 Failed to read the file.
HUKS_ERROR_INVALID_PUBLIC_KEY -17 Invalid public key.
HUKS_ERROR_INVALID_PRIVATE_KEY -18 Invalid private key.
HUKS_ERROR_INVALID_KEY_INFO -19 Invalid key information.
HUKS_ERROR_HASH_NOT_EQUAL -20 The hash values are not equal.
HUKS_ERROR_MALLOC_FAIL -21 MALLOC failed.
HUKS_ERROR_WRITE_FILE_FAIL -22 Failed to write the file.
HUKS_ERROR_REMOVE_FILE_FAIL -23 Failed to delete the file.
HUKS_ERROR_OPEN_FILE_FAIL -24 Failed to open the file.
HUKS_ERROR_CLOSE_FILE_FAIL -25 Failed to close the file.
HUKS_ERROR_MAKE_DIR_FAIL -26 Failed to create the directory.
HUKS_ERROR_INVALID_KEY_FILE -27 Invalid key file.
HUKS_ERROR_IPC_MSG_FAIL -28 Incorrect IPC information.
HUKS_ERROR_REQUEST_OVERFLOWS -29 Request overflows.
HUKS_ERROR_PARAM_NOT_EXIST -30 The parameter does not exist.
HUKS_ERROR_CRYPTO_ENGINE_ERROR -31 CRYPTO ENGINE error.
HUKS_ERROR_COMMUNICATION_TIMEOUT -32 Communication timed out.
HUKS_ERROR_IPC_INIT_FAIL -33 IPC initialization failed.
HUKS_ERROR_IPC_DLOPEN_FAIL -34 IPC DLOPEN failed.
HUKS_ERROR_EFUSE_READ_FAIL -35 Failed to read eFUSE.
HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST -36 New root key material exists.
HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL -37 Failed to update the root key material.
HUKS_ERROR_VERIFICATION_FAILED -38 Failed to verify the certificate chain.
HUKS_ERROR_CHECK_GET_ALG_FAIL -100 Failed to obtain the ALG.
HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL -101 Failed to obtain the key size.
HUKS_ERROR_CHECK_GET_PADDING_FAIL -102 Failed to obtain the padding algorithm.
HUKS_ERROR_CHECK_GET_PURPOSE_FAIL -103 Failed to obtain the key purpose.
HUKS_ERROR_CHECK_GET_DIGEST_FAIL -104 Failed to obtain the digest algorithm.
HUKS_ERROR_CHECK_GET_MODE_FAIL -105 Failed to obtain the cipher mode.
HUKS_ERROR_CHECK_GET_NONCE_FAIL -106 Failed to obtain the nonce.
HUKS_ERROR_CHECK_GET_AAD_FAIL -107 Failed to obtain the AAD.
HUKS_ERROR_CHECK_GET_IV_FAIL -108 Failed to obtain the initialization vector (IV).
HUKS_ERROR_CHECK_GET_AE_TAG_FAIL -109 Failed to obtain the AE flag.
HUKS_ERROR_CHECK_GET_SALT_FAIL -110 Failed to obtain the salt value.
HUKS_ERROR_CHECK_GET_ITERATION_FAIL -111 Failed to obtain the number of iterations.
HUKS_ERROR_INVALID_ALGORITHM -112 Invalid algorithm.
HUKS_ERROR_INVALID_KEY_SIZE -113 Invalid key size.
HUKS_ERROR_INVALID_PADDING -114 Invalid padding algorithm.
HUKS_ERROR_INVALID_PURPOSE -115 Invalid key purpose.
HUKS_ERROR_INVALID_MODE -116 Invalid cipher mode.
HUKS_ERROR_INVALID_DIGEST -117 Invalid digest algorithm.
HUKS_ERROR_INVALID_SIGNATURE_SIZE -118 Invalid signature size.
HUKS_ERROR_INVALID_IV -119 Invalid IV.
HUKS_ERROR_INVALID_AAD -120 Invalid AAD.
HUKS_ERROR_INVALID_NONCE -121 Invalid nonce.
HUKS_ERROR_INVALID_AE_TAG -122 Invalid AE tag.
HUKS_ERROR_INVALID_SALT -123 Invalid salt value.
HUKS_ERROR_INVALID_ITERATION -124 Invalid iteration count.
HUKS_ERROR_INVALID_OPERATION -125 Invalid operation.
HUKS_ERROR_INTERNAL_ERROR -999 Internal error.
HUKS_ERROR_UNKNOWN_ERROR -1000 Unknown error.