18e920a95Sopenharmony_ci# Code Signature
28e920a95Sopenharmony_ci
38e920a95Sopenharmony_ci## Introduction
48e920a95Sopenharmony_ci
58e920a95Sopenharmony_ciThe code signature component implements the code signing mechanism of OpenHarmony, which provides validity check and integrity protection for apps in runtime, eliminating execution of malicious code on devices and malicious tampering of app code by attackers.
68e920a95Sopenharmony_ci
78e920a95Sopenharmony_ciArchitecture of the code signature component
88e920a95Sopenharmony_ci
98e920a95Sopenharmony_ci![](figures/codesign_en.png)
108e920a95Sopenharmony_ci
118e920a95Sopenharmony_ciThe code signature component provides the following functions:
128e920a95Sopenharmony_ci
138e920a95Sopenharmony_ci- Trusted certificate management: imports the device certificate and local code signing certificate and validates the certificate chain and its trusted source.
148e920a95Sopenharmony_ci- Code signing enabling: provides APIs in user mode to enable code signing of apps or code files during installation.
158e920a95Sopenharmony_ci- Local code signing: runs the signing service on the device and provides interfaces to sign local code (e.g. native code generated by the AOT).
168e920a95Sopenharmony_ci- Code attribute setting: provides APIs for setting the code owner ID and initializing the XPM region.
178e920a95Sopenharmony_ci
188e920a95Sopenharmony_ci## Directory Structure
198e920a95Sopenharmony_ci
208e920a95Sopenharmony_ci```
218e920a95Sopenharmony_ci/base/security/code_signature
228e920a95Sopenharmony_ci├── interfaces                   # Interface layer
238e920a95Sopenharmony_ci│   └── innerkits                #
248e920a95Sopenharmony_ci│       ├── code_sign_attr_utils # APIs for setting code signing attributes
258e920a95Sopenharmony_ci│       ├── code_sign_utils      # APIs for enabling code signing
268e920a95Sopenharmony_ci│       ├── common               # Common basic capacities
278e920a95Sopenharmony_ci│       └── local_code_sign      # APIs for local code signing
288e920a95Sopenharmony_ci├── services                     # Service layer
298e920a95Sopenharmony_ci│    ├── key_enable              # Certificate initialization
308e920a95Sopenharmony_ci│    └── local_code_sign         # Local code signing service
318e920a95Sopenharmony_ci├── test                         # Test cases
328e920a95Sopenharmony_ci│    ├── fuzztest                # Fuzz test cases
338e920a95Sopenharmony_ci│    └── unittest                # Unit test cases
348e920a95Sopenharmony_ci└── utils                        # Common basic capabilities
358e920a95Sopenharmony_ci```
368e920a95Sopenharmony_ci
378e920a95Sopenharmony_ci## Usage
388e920a95Sopenharmony_ci### Available APIs
398e920a95Sopenharmony_ci
408e920a95Sopenharmony_ci| **API**| **Description**|
418e920a95Sopenharmony_ci| --- | --- |
428e920a95Sopenharmony_ci| int32_t EnforceCodeSignForApp(const EntryMap &entryPath, const std::string &signatureFile); | Enforces code signing for HAPs.|
438e920a95Sopenharmony_ci| int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type); | Enforces code signing for HAPs.|
448e920a95Sopenharmony_ci| int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | Enforces code signing for files.|
458e920a95Sopenharmony_ci| int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type); | Enforces code signing for HAPs with the owner ID.|
468e920a95Sopenharmony_ci| int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); | Parses the owner ID from the signature.|
478e920a95Sopenharmony_ci| int32_t EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer); | Trusts a developer certificate.|
488e920a95Sopenharmony_ci| int32_t RemoveKeyInProfile(const std::string &bundleName); | Revokes a trusted developer certificate.|
498e920a95Sopenharmony_ci| int32_t InitLocalCertificate(ByteBuffer &cert); | Initializes a local code signing certificate.|
508e920a95Sopenharmony_ci| int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature); | Signs the local code.|
518e920a95Sopenharmony_ci| int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature); | Signs the local code with the owner ID.|
528e920a95Sopenharmony_ci| int InitXpm(int enableJitFort, uint32_t idType, const char *ownerId); | Initializes XPM related resources(XPM region, JitFort, OwnerId).|
538e920a95Sopenharmony_ci| int SetXpmOwnerId(uint32_t idType, const char *ownerId); | Sets an owner ID.|
548e920a95Sopenharmony_ci
558e920a95Sopenharmony_ci### Usage Guidelines
568e920a95Sopenharmony_ci
578e920a95Sopenharmony_ci[hapsigner User Guide](https://gitee.com/openharmony/developtools_hapsigner/blob/master/README.md)
588e920a95Sopenharmony_ci
598e920a95Sopenharmony_ci## Repositories Involved
608e920a95Sopenharmony_ci
618e920a95Sopenharmony_ci**[developtools\_hapsigner](https://gitee.com/openharmony/developtools_hapsigner/blob/master/README.md)**
628e920a95Sopenharmony_ci
638e920a95Sopenharmony_ci**[kernel_linux_common_modules](https://gitee.com/openharmony/kernel_linux_common_modules)**
648e920a95Sopenharmony_ci
658e920a95Sopenharmony_ci**[third\_party\_fsverity-utils](https://gitee.com/openharmony/third_party_fsverity-utils/blob/master/README.md)**
66