Key Generation Overview and Algorithm Specifications
You can use the HUKS APIs to generate a key randomly and store the key in HUKS.
-
Random generation: HUKS uses a cryptographically secure pseudorandom number generator (PRNG) to generate keys. The PRNG helps improve the randomness, unpredictability, and non-reproducibility of the keys, making the generated keys difficult to infer.
-
Secure storage: Except the public keys in asymmetric key pairs, the keys generated by HUKS can be used only in the secure storage area throughout their lifecycle (from generation to destruction). In addition, the generated key file cannot be directly accessed by any service except HUKS. Even the services that generate the keys can perform key operations and obtain the operation result only using the HUKS APIs.
Supported Algorithms
The following table lists the supported key generation specifications.
The key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported.
You are advised to use mandatory specifications in your development for compatibility purposes.
Algorithm | Supported Key Length (Bit) | API Level | Mandatory |
---|---|---|---|
AES | 128, 192, 256 | 8+ | Yes |
RSA | 512, 768, 1024 | 8+ | No |
RSA | 2048, 3072, 4096 | 8+ | Yes |
HMAC | An integer multiple of 8, ranging from 8 to 1024 (inclusive) | 8+ | Yes |
ECC | 224 | 8+ | No |
ECC | 256, 384, 521 | 8+ | Yes |
ED25519 | 256 | 8+ | Yes |
X25519 | 256 | 8+ | Yes |
DSA | An integer multiple of 8, ranging from 512 to 1024 (inclusive) | 8+ | No |
DH | 2048 | 8+ | Yes |
DH | 3072, 4096 | 8+ | No |
SM2 | 256 | 9+ | Yes |
SM4 | 128 | 9+ | Yes |