1e41f4b71Sopenharmony_ci# @ohos.security.huks (HUKS) (System API) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciThe **huks** module provides keystore capabilities with the user who performs the key operation specified. 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci> **NOTE** 6e41f4b71Sopenharmony_ci> - The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. 7e41f4b71Sopenharmony_ci> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.security.huks](js-apis-huks.md). 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci## Modules to Import 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci```ts 12e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit' 13e41f4b71Sopenharmony_ci``` 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ci## huks.generateKeyItemAsUser 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_cigenerateKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<void> 18e41f4b71Sopenharmony_ci 19e41f4b71Sopenharmony_ciGenerates a key for the specified user. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 20e41f4b71Sopenharmony_ci 21e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 22e41f4b71Sopenharmony_ci 23e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ci**Parameters** 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 28e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ------------------------ | 29e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 30e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key to generate. | 31e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory. | 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci**Error codes** 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ci| ID | Error Message | 38e41f4b71Sopenharmony_ci| -------- | ------------- | 39e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 40e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 41e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 42e41f4b71Sopenharmony_ci| 801 | api is not supported. | 43e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 44e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 45e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 46e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 47e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 48e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 49e41f4b71Sopenharmony_ci| 12000012 | external error. | 50e41f4b71Sopenharmony_ci| 12000013 | queried credential does not exist. | 51e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 52e41f4b71Sopenharmony_ci| 12000015 | call service failed. | 53e41f4b71Sopenharmony_ci 54e41f4b71Sopenharmony_ci**Example** 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ci- Prerequisites: 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci The caller must be a system application running under user 0 to user 99 (inclusive) and must have the ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS permission. For details, see [singleton](../../../device-dev/subsystems/subsys-app-privilege-config-guide.md#device-specific-application-privileges). 59e41f4b71Sopenharmony_ci 60e41f4b71Sopenharmony_ci```ts 61e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 62e41f4b71Sopenharmony_ci 63e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 64e41f4b71Sopenharmony_ciconst userId = 100; 65e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 66e41f4b71Sopenharmony_ci 67e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 68e41f4b71Sopenharmony_ci return [{ 69e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 70e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 71e41f4b71Sopenharmony_ci }, { 72e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 73e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 74e41f4b71Sopenharmony_ci }, { 75e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 76e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 77e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 78e41f4b71Sopenharmony_ci }, { 79e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 80e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 81e41f4b71Sopenharmony_ci }, { 82e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 83e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 84e41f4b71Sopenharmony_ci }, { 85e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 86e41f4b71Sopenharmony_ci value: userIdStorageLevel, 87e41f4b71Sopenharmony_ci }] 88e41f4b71Sopenharmony_ci} 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 91e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 92e41f4b71Sopenharmony_ci properties: genProperties 93e41f4b71Sopenharmony_ci } 94e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 95e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 96e41f4b71Sopenharmony_ci }).catch((err: Error) => { 97e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error: "+ JSON.stringify(err)) 98e41f4b71Sopenharmony_ci }) 99e41f4b71Sopenharmony_ci} 100e41f4b71Sopenharmony_ci 101e41f4b71Sopenharmony_ci 102e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 103e41f4b71Sopenharmony_ci console.info('begin huks as user test') 104e41f4b71Sopenharmony_ci GenerateKey(aesKeyAlias, GetAesGenerateProperties()) 105e41f4b71Sopenharmony_ci} 106e41f4b71Sopenharmony_ci``` 107e41f4b71Sopenharmony_ci 108e41f4b71Sopenharmony_ci## huks.deleteKeyItemAsUser 109e41f4b71Sopenharmony_ci 110e41f4b71Sopenharmony_cideleteKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<void> 111e41f4b71Sopenharmony_ci 112e41f4b71Sopenharmony_ciDeletes a key for the specified user. This API uses a promise to return the result. 113e41f4b71Sopenharmony_ci 114e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 115e41f4b71Sopenharmony_ci 116e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 117e41f4b71Sopenharmony_ci 118e41f4b71Sopenharmony_ci**Parameters** 119e41f4b71Sopenharmony_ci 120e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 121e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ----------------------------------- | 122e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 123e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 124e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for deleting the key. For example, you can pass in [HuksAuthStorageLevel](js-apis-huks.md#huksauthstoragelevel11) to specify the storage security level of the key to delete. If **HuksAuthStorageLevel** is left empty, **HUKS_AUTH_STORAGE_LEVEL_DE** is used by default. | 125e41f4b71Sopenharmony_ci 126e41f4b71Sopenharmony_ci**Error codes** 127e41f4b71Sopenharmony_ci 128e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 129e41f4b71Sopenharmony_ci 130e41f4b71Sopenharmony_ci| ID | Error Message | 131e41f4b71Sopenharmony_ci| -------- | ------------- | 132e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 133e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 134e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 135e41f4b71Sopenharmony_ci| 801 | api is not supported. | 136e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 137e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 138e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 139e41f4b71Sopenharmony_ci| 12000012 | external error. | 140e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 141e41f4b71Sopenharmony_ci 142e41f4b71Sopenharmony_ci**Example** 143e41f4b71Sopenharmony_ci 144e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 145e41f4b71Sopenharmony_ci 146e41f4b71Sopenharmony_ci```ts 147e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 148e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 149e41f4b71Sopenharmony_ci 150e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 151e41f4b71Sopenharmony_ciconst userId = 100; 152e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 153e41f4b71Sopenharmony_ci 154e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 155e41f4b71Sopenharmony_ci return [{ 156e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 157e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 158e41f4b71Sopenharmony_ci }, { 159e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 160e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 161e41f4b71Sopenharmony_ci }, { 162e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 163e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 164e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 165e41f4b71Sopenharmony_ci }, { 166e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 167e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 168e41f4b71Sopenharmony_ci }, { 169e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 170e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 171e41f4b71Sopenharmony_ci }, { 172e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 173e41f4b71Sopenharmony_ci value: userIdStorageLevel, 174e41f4b71Sopenharmony_ci }] 175e41f4b71Sopenharmony_ci} 176e41f4b71Sopenharmony_ci 177e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 178e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 179e41f4b71Sopenharmony_ci properties: genProperties 180e41f4b71Sopenharmony_ci } 181e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 182e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 183e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 184e41f4b71Sopenharmony_ci }) 185e41f4b71Sopenharmony_ci} 186e41f4b71Sopenharmony_ci 187e41f4b71Sopenharmony_ciasync function DeleteKey(keyAlias: string) { 188e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 189e41f4b71Sopenharmony_ci properties: [{ 190e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 191e41f4b71Sopenharmony_ci value: userIdStorageLevel, 192e41f4b71Sopenharmony_ci }] 193e41f4b71Sopenharmony_ci } 194e41f4b71Sopenharmony_ci await huks.deleteKeyItemAsUser(userId, keyAlias, options).then((data) => { 195e41f4b71Sopenharmony_ci console.info("Deleted the key with alias of: " + keyAlias + ".") 196e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 197e41f4b71Sopenharmony_ci console.error("Failed to delete the key. Error code: " + err.code + " Error message: " + err.message) 198e41f4b71Sopenharmony_ci }) 199e41f4b71Sopenharmony_ci} 200e41f4b71Sopenharmony_ci 201e41f4b71Sopenharmony_ciasync function TestHuksDelete() { 202e41f4b71Sopenharmony_ci await GenerateKey(aesKeyAlias, GetAesGenerateProperties()) 203e41f4b71Sopenharmony_ci await DeleteKey(aesKeyAlias) 204e41f4b71Sopenharmony_ci} 205e41f4b71Sopenharmony_ci 206e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 207e41f4b71Sopenharmony_ci console.info('begin huks as user test') 208e41f4b71Sopenharmony_ci TestHuksDelete() 209e41f4b71Sopenharmony_ci} 210e41f4b71Sopenharmony_ci``` 211e41f4b71Sopenharmony_ci 212e41f4b71Sopenharmony_ci## huks.importKeyItemAsUser 213e41f4b71Sopenharmony_ci 214e41f4b71Sopenharmony_ciimportKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<void> 215e41f4b71Sopenharmony_ci 216e41f4b71Sopenharmony_ciImports a plaintext key for the specified user. This API uses a promise to return the result. 217e41f4b71Sopenharmony_ci 218e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 219e41f4b71Sopenharmony_ci 220e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 221e41f4b71Sopenharmony_ci 222e41f4b71Sopenharmony_ci**Parameters** 223e41f4b71Sopenharmony_ci 224e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 225e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ----------------------------------- | 226e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 227e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key to import. | 228e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for importing the key. The algorithm, key purpose, and key length are mandatory. | 229e41f4b71Sopenharmony_ci 230e41f4b71Sopenharmony_ci**Error codes** 231e41f4b71Sopenharmony_ci 232e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 233e41f4b71Sopenharmony_ci 234e41f4b71Sopenharmony_ci| ID | Error Message | 235e41f4b71Sopenharmony_ci| -------- | ------------- | 236e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 237e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 238e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 239e41f4b71Sopenharmony_ci| 801 | api is not supported. | 240e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 241e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 242e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 243e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 244e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 245e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 246e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 247e41f4b71Sopenharmony_ci| 12000012 | external error. | 248e41f4b71Sopenharmony_ci| 12000013 | queried credential does not exist. | 249e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 250e41f4b71Sopenharmony_ci| 12000015 | call service failed. | 251e41f4b71Sopenharmony_ci 252e41f4b71Sopenharmony_ci**Example** 253e41f4b71Sopenharmony_ci 254e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 255e41f4b71Sopenharmony_ci 256e41f4b71Sopenharmony_ci```ts 257e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 258e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 259e41f4b71Sopenharmony_ci 260e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 261e41f4b71Sopenharmony_ciconst userId = 100; 262e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 263e41f4b71Sopenharmony_ciconst plainAesKey128 = new Uint8Array([ 264e41f4b71Sopenharmony_ci 0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca 265e41f4b71Sopenharmony_ci]); 266e41f4b71Sopenharmony_ci 267e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 268e41f4b71Sopenharmony_ci return [{ 269e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 270e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 271e41f4b71Sopenharmony_ci }, { 272e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 273e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 274e41f4b71Sopenharmony_ci }, { 275e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 276e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 277e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 278e41f4b71Sopenharmony_ci }, { 279e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 280e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 281e41f4b71Sopenharmony_ci }, { 282e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 283e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 284e41f4b71Sopenharmony_ci }, { 285e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 286e41f4b71Sopenharmony_ci value: userIdStorageLevel, 287e41f4b71Sopenharmony_ci }] 288e41f4b71Sopenharmony_ci} 289e41f4b71Sopenharmony_ci 290e41f4b71Sopenharmony_ciasync function ImportPlainKey(keyAlias: string, importProperties: Array<huks.HuksParam>, plainKey: Uint8Array) { 291e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 292e41f4b71Sopenharmony_ci properties: importProperties, 293e41f4b71Sopenharmony_ci inData: plainKey 294e41f4b71Sopenharmony_ci } 295e41f4b71Sopenharmony_ci await huks.importKeyItemAsUser(userId, keyAlias, options).then((data) => { 296e41f4b71Sopenharmony_ci console.info("Imported the key with the alias of: " + keyAlias + ".") 297e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 298e41f4b71Sopenharmony_ci console.error("Failed to import the key. Error code: " + err.code + " Error message: " + err.message) 299e41f4b71Sopenharmony_ci }) 300e41f4b71Sopenharmony_ci} 301e41f4b71Sopenharmony_ci 302e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 303e41f4b71Sopenharmony_ci console.info('begin huks as user test') 304e41f4b71Sopenharmony_ci ImportPlainKey(aesKeyAlias, GetAesGenerateProperties(), plainAesKey128) 305e41f4b71Sopenharmony_ci} 306e41f4b71Sopenharmony_ci``` 307e41f4b71Sopenharmony_ci 308e41f4b71Sopenharmony_ci 309e41f4b71Sopenharmony_ci## huks.attestKeyItemAsUser 310e41f4b71Sopenharmony_ci 311e41f4b71Sopenharmony_ciattestKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<HuksReturnResult> 312e41f4b71Sopenharmony_ci 313e41f4b71Sopenharmony_ciAttests a key for the specified user. This API uses a promise to return the result. 314e41f4b71Sopenharmony_ci 315e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ATTEST_KEY and ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 316e41f4b71Sopenharmony_ci 317e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 318e41f4b71Sopenharmony_ci 319e41f4b71Sopenharmony_ci**Parameters** 320e41f4b71Sopenharmony_ci 321e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 322e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ------------------------------------ | 323e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 324e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 325e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for attesting the key. | 326e41f4b71Sopenharmony_ci 327e41f4b71Sopenharmony_ci**Return value** 328e41f4b71Sopenharmony_ci 329e41f4b71Sopenharmony_ci| Type | Description | 330e41f4b71Sopenharmony_ci| ---------------------------------------------- | --------------------------------------------- | 331e41f4b71Sopenharmony_ci| Promise<[HuksReturnResult](js-apis-huks.md#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained. | 332e41f4b71Sopenharmony_ci 333e41f4b71Sopenharmony_ci**Error codes** 334e41f4b71Sopenharmony_ci 335e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 336e41f4b71Sopenharmony_ci 337e41f4b71Sopenharmony_ci| ID | Error Message | 338e41f4b71Sopenharmony_ci| -------- | ------------- | 339e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 340e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 341e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 342e41f4b71Sopenharmony_ci| 801 | api is not supported. | 343e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 344e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 345e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 346e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 347e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 348e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 349e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 350e41f4b71Sopenharmony_ci| 12000012 | external error. | 351e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 352e41f4b71Sopenharmony_ci 353e41f4b71Sopenharmony_ci**Example** 354e41f4b71Sopenharmony_ci 355e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 356e41f4b71Sopenharmony_ci 357e41f4b71Sopenharmony_ci```ts 358e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 359e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 360e41f4b71Sopenharmony_ci 361e41f4b71Sopenharmony_cifunction StringToUint8Array(str: string) { 362e41f4b71Sopenharmony_ci let arr: number[] = []; 363e41f4b71Sopenharmony_ci for (let i = 0, j = str.length; i < j; ++i) { 364e41f4b71Sopenharmony_ci arr.push(str.charCodeAt(i)); 365e41f4b71Sopenharmony_ci } 366e41f4b71Sopenharmony_ci return new Uint8Array(arr); 367e41f4b71Sopenharmony_ci} 368e41f4b71Sopenharmony_ci 369e41f4b71Sopenharmony_ciconst rsaKeyAlias = 'test_rsaKeyAlias'; 370e41f4b71Sopenharmony_ciconst userId = 100; 371e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 372e41f4b71Sopenharmony_ci 373e41f4b71Sopenharmony_ciconst securityLevel = StringToUint8Array('sec_level'); 374e41f4b71Sopenharmony_ciconst challenge = StringToUint8Array('challenge_data'); 375e41f4b71Sopenharmony_ciconst versionInfo = StringToUint8Array('version_info'); 376e41f4b71Sopenharmony_ci 377e41f4b71Sopenharmony_cifunction GetRSA4096GenerateProperties(): Array<huks.HuksParam> { 378e41f4b71Sopenharmony_ci return [{ 379e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 380e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_RSA 381e41f4b71Sopenharmony_ci }, { 382e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 383e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_4096 384e41f4b71Sopenharmony_ci }, { 385e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 386e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 387e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 388e41f4b71Sopenharmony_ci }, { 389e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 390e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 391e41f4b71Sopenharmony_ci }, { 392e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 393e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 394e41f4b71Sopenharmony_ci }, { 395e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 396e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_ECB 397e41f4b71Sopenharmony_ci }, { 398e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 399e41f4b71Sopenharmony_ci value: userIdStorageLevel, 400e41f4b71Sopenharmony_ci }] 401e41f4b71Sopenharmony_ci} 402e41f4b71Sopenharmony_ci 403e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 404e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 405e41f4b71Sopenharmony_ci properties: genProperties 406e41f4b71Sopenharmony_ci } 407e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 408e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 409e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 410e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 411e41f4b71Sopenharmony_ci }) 412e41f4b71Sopenharmony_ci} 413e41f4b71Sopenharmony_ci 414e41f4b71Sopenharmony_cifunction GetAttestKeyProperties(keyAlias: string): Array<huks.HuksParam> { 415e41f4b71Sopenharmony_ci return new Array<huks.HuksParam>({ 416e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 417e41f4b71Sopenharmony_ci value: securityLevel 418e41f4b71Sopenharmony_ci }, { 419e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 420e41f4b71Sopenharmony_ci value: challenge 421e41f4b71Sopenharmony_ci }, { 422e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 423e41f4b71Sopenharmony_ci value: versionInfo 424e41f4b71Sopenharmony_ci }, { 425e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 426e41f4b71Sopenharmony_ci value: StringToUint8Array(keyAlias) 427e41f4b71Sopenharmony_ci }, { 428e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 429e41f4b71Sopenharmony_ci value: userIdStorageLevel, 430e41f4b71Sopenharmony_ci }) 431e41f4b71Sopenharmony_ci} 432e41f4b71Sopenharmony_ci 433e41f4b71Sopenharmony_ciasync function LetKeyAttest(keyAlias: string, keyOptions: Array<huks.HuksParam>) { 434e41f4b71Sopenharmony_ci let attestOptions: huks.HuksOptions = { 435e41f4b71Sopenharmony_ci properties: keyOptions, 436e41f4b71Sopenharmony_ci } 437e41f4b71Sopenharmony_ci console.info ('start attestation') 438e41f4b71Sopenharmony_ci await huks.attestKeyItemAsUser(userId, keyAlias, attestOptions).then((data) => { 439e41f4b71Sopenharmony_ci console.info('attestation ok!') 440e41f4b71Sopenharmony_ci console.debug(`The obtained certificate chain is ${JSON.stringify(data)}`) // Debugging information. The certificate chain does not need to be printed during the service function development. 441e41f4b71Sopenharmony_ci for (let i = 0; data?.certChains?.length && i < data?.certChains?.length; ++i) { 442e41f4b71Sopenharmony_ci console.debug(`Certificate ${i} is ${data.certChains[i]}`) // Debugging information. The certificate chain does not need to be printed during the service function development. 443e41f4b71Sopenharmony_ci } 444e41f4b71Sopenharmony_ci console.info ("attest successful") 445e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 446e41f4b71Sopenharmony_ci console.error("Attestation failed. Error code: " + err.code +" Error message: "+ err.message) 447e41f4b71Sopenharmony_ci }) 448e41f4b71Sopenharmony_ci} 449e41f4b71Sopenharmony_ci 450e41f4b71Sopenharmony_ciasync function TestHuksAttest() { 451e41f4b71Sopenharmony_ci await GenerateKey(rsaKeyAlias, GetRSA4096GenerateProperties()) 452e41f4b71Sopenharmony_ci await LetKeyAttest(rsaKeyAlias, GetAttestKeyProperties(rsaKeyAlias)) 453e41f4b71Sopenharmony_ci} 454e41f4b71Sopenharmony_ci 455e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 456e41f4b71Sopenharmony_ci console.info('begin huks as user test') 457e41f4b71Sopenharmony_ci TestHuksAttest() 458e41f4b71Sopenharmony_ci} 459e41f4b71Sopenharmony_ci``` 460e41f4b71Sopenharmony_ci 461e41f4b71Sopenharmony_ci## huks.anonAttestKeyItemAsUser 462e41f4b71Sopenharmony_ci 463e41f4b71Sopenharmony_cianonAttestKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<HuksReturnResult> 464e41f4b71Sopenharmony_ci 465e41f4b71Sopenharmony_ciPerforms anonymous key attestation. This API uses a promise to return the result. 466e41f4b71Sopenharmony_ci 467e41f4b71Sopenharmony_ciThis operation requires Internet access and takes time. 468e41f4b71Sopenharmony_ci 469e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 470e41f4b71Sopenharmony_ci 471e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 472e41f4b71Sopenharmony_ci 473e41f4b71Sopenharmony_ci**Parameters** 474e41f4b71Sopenharmony_ci 475e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 476e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ------------------------------------ | 477e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 478e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 479e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for attesting the key. | 480e41f4b71Sopenharmony_ci 481e41f4b71Sopenharmony_ci**Return value** 482e41f4b71Sopenharmony_ci 483e41f4b71Sopenharmony_ci| Type | Description | 484e41f4b71Sopenharmony_ci| ---------------------------------------------- | --------------------------------------------- | 485e41f4b71Sopenharmony_ci| Promise<[HuksReturnResult](js-apis-huks.md#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained. | 486e41f4b71Sopenharmony_ci 487e41f4b71Sopenharmony_ci**Error codes** 488e41f4b71Sopenharmony_ci 489e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 490e41f4b71Sopenharmony_ci 491e41f4b71Sopenharmony_ci| ID | Error Message | 492e41f4b71Sopenharmony_ci| -------- | ------------- | 493e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 494e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 495e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 496e41f4b71Sopenharmony_ci| 801 | api is not supported. | 497e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 498e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 499e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 500e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 501e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 502e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 503e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 504e41f4b71Sopenharmony_ci| 12000012 | external error. | 505e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 506e41f4b71Sopenharmony_ci 507e41f4b71Sopenharmony_ci**Example** 508e41f4b71Sopenharmony_ci 509e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 510e41f4b71Sopenharmony_ci 511e41f4b71Sopenharmony_ci```ts 512e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 513e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 514e41f4b71Sopenharmony_ci 515e41f4b71Sopenharmony_cifunction StringToUint8Array(str: string) { 516e41f4b71Sopenharmony_ci let arr: number[] = []; 517e41f4b71Sopenharmony_ci for (let i = 0, j = str.length; i < j; ++i) { 518e41f4b71Sopenharmony_ci arr.push(str.charCodeAt(i)); 519e41f4b71Sopenharmony_ci } 520e41f4b71Sopenharmony_ci return new Uint8Array(arr); 521e41f4b71Sopenharmony_ci} 522e41f4b71Sopenharmony_ci 523e41f4b71Sopenharmony_ciconst rsaKeyAlias = 'test_rsaKeyAlias'; 524e41f4b71Sopenharmony_ciconst userId = 100; 525e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 526e41f4b71Sopenharmony_ci 527e41f4b71Sopenharmony_ciconst securityLevel = StringToUint8Array('sec_level'); 528e41f4b71Sopenharmony_ciconst challenge = StringToUint8Array('challenge_data'); 529e41f4b71Sopenharmony_ciconst versionInfo = StringToUint8Array('version_info'); 530e41f4b71Sopenharmony_ci 531e41f4b71Sopenharmony_cifunction GetRSA4096GenerateProperties(): Array<huks.HuksParam> { 532e41f4b71Sopenharmony_ci return [{ 533e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 534e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_RSA 535e41f4b71Sopenharmony_ci }, { 536e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 537e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_4096 538e41f4b71Sopenharmony_ci }, { 539e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 540e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 541e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 542e41f4b71Sopenharmony_ci }, { 543e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 544e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 545e41f4b71Sopenharmony_ci }, { 546e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 547e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 548e41f4b71Sopenharmony_ci }, { 549e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 550e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_ECB 551e41f4b71Sopenharmony_ci }, { 552e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 553e41f4b71Sopenharmony_ci value: userIdStorageLevel, 554e41f4b71Sopenharmony_ci }] 555e41f4b71Sopenharmony_ci} 556e41f4b71Sopenharmony_ci 557e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 558e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 559e41f4b71Sopenharmony_ci properties: genProperties 560e41f4b71Sopenharmony_ci } 561e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 562e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 563e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 564e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 565e41f4b71Sopenharmony_ci }) 566e41f4b71Sopenharmony_ci} 567e41f4b71Sopenharmony_ci 568e41f4b71Sopenharmony_cifunction GetAttestKeyProperties(keyAlias: string): Array<huks.HuksParam> { 569e41f4b71Sopenharmony_ci return new Array<huks.HuksParam>({ 570e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 571e41f4b71Sopenharmony_ci value: securityLevel 572e41f4b71Sopenharmony_ci }, { 573e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 574e41f4b71Sopenharmony_ci value: challenge 575e41f4b71Sopenharmony_ci }, { 576e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 577e41f4b71Sopenharmony_ci value: versionInfo 578e41f4b71Sopenharmony_ci }, { 579e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 580e41f4b71Sopenharmony_ci value: StringToUint8Array(keyAlias) 581e41f4b71Sopenharmony_ci }, { 582e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 583e41f4b71Sopenharmony_ci value: userIdStorageLevel, 584e41f4b71Sopenharmony_ci }) 585e41f4b71Sopenharmony_ci} 586e41f4b71Sopenharmony_ci 587e41f4b71Sopenharmony_ciasync function LetKeyAnonAttest(keyAlias: string, keyOptions: Array<huks.HuksParam>) { 588e41f4b71Sopenharmony_ci let attestOptions: huks.HuksOptions = { 589e41f4b71Sopenharmony_ci properties: keyOptions, 590e41f4b71Sopenharmony_ci } 591e41f4b71Sopenharmony_ci console.info('Start anonymous attestation') 592e41f4b71Sopenharmony_ci await huks.anonAttestKeyItemAsUser(userId, keyAlias, attestOptions).then((data) => { 593e41f4b71Sopenharmony_ci console.info('Anonymous attestation ok!') 594e41f4b71Sopenharmony_ci console.debug(`The obtained certificate chain is ${JSON.stringify(data)}`) 595e41f4b71Sopenharmony_ci for (let i = 0; data?.certChains?.length && i < data?.certChains?.length; ++i) { 596e41f4b71Sopenharmony_ci console.info(`Certificate ${i} is ${data.certChains[i]}`) 597e41f4b71Sopenharmony_ci } 598e41f4b71Sopenharmony_ci console.info ("Anonymous attest successful") 599e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 600e41f4b71Sopenharmony_ci console.error("Anonymous attestation failed. Error code: "+ err.code +" Error message: "+ err.message) 601e41f4b71Sopenharmony_ci }) 602e41f4b71Sopenharmony_ci} 603e41f4b71Sopenharmony_ci 604e41f4b71Sopenharmony_ci 605e41f4b71Sopenharmony_ciasync function TestHuksAnonAttest() { 606e41f4b71Sopenharmony_ci await GenerateKey(rsaKeyAlias, GetRSA4096GenerateProperties()) 607e41f4b71Sopenharmony_ci await LetKeyAnonAttest(rsaKeyAlias, GetAttestKeyProperties(rsaKeyAlias)) 608e41f4b71Sopenharmony_ci} 609e41f4b71Sopenharmony_ci 610e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 611e41f4b71Sopenharmony_ci console.info('begin huks as user test') 612e41f4b71Sopenharmony_ci TestHuksAnonAttest() 613e41f4b71Sopenharmony_ci} 614e41f4b71Sopenharmony_ci``` 615e41f4b71Sopenharmony_ci 616e41f4b71Sopenharmony_ci## huks.importWrappedKeyItemAsUser 617e41f4b71Sopenharmony_ci 618e41f4b71Sopenharmony_ciimportWrappedKeyItemAsUser(userId: number, keyAlias: string, wrappingKeyAlias: string, huksOptions: HuksOptions) : Promise\<void> 619e41f4b71Sopenharmony_ci 620e41f4b71Sopenharmony_ciImports a wrapped (encrypted) key for the specified user. This API uses a promise to return the result. 621e41f4b71Sopenharmony_ci 622e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 623e41f4b71Sopenharmony_ci 624e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 625e41f4b71Sopenharmony_ci 626e41f4b71Sopenharmony_ci**Parameters** 627e41f4b71Sopenharmony_ci 628e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 629e41f4b71Sopenharmony_ci| ---------------- | --------------------------- | ---- | --------------------------------------------- | 630e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 631e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the wrapped key to import. | 632e41f4b71Sopenharmony_ci| wrappingKeyAlias | string | Yes | Alias of the key used to decrypt the wrapped key. | 633e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for importing the wrapped key. The algorithm, key purpose, and key length are mandatory. | 634e41f4b71Sopenharmony_ci 635e41f4b71Sopenharmony_ci**Error codes** 636e41f4b71Sopenharmony_ci 637e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 638e41f4b71Sopenharmony_ci 639e41f4b71Sopenharmony_ci| ID | Error Message | 640e41f4b71Sopenharmony_ci| -------- | ------------- | 641e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 642e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 643e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 644e41f4b71Sopenharmony_ci| 801 | api is not supported. | 645e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 646e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 647e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 648e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 649e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 650e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 651e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 652e41f4b71Sopenharmony_ci| 12000012 | external error. | 653e41f4b71Sopenharmony_ci| 12000013 | queried credential does not exist. | 654e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 655e41f4b71Sopenharmony_ci| 12000015 | call service failed. | 656e41f4b71Sopenharmony_ci 657e41f4b71Sopenharmony_ci**Example** 658e41f4b71Sopenharmony_ci 659e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 660e41f4b71Sopenharmony_ci- The values of the following cryptography-related variables (such as **initializationVector**, **associatedData**, and **nonce**) are for reference only and cannot be directly used in the service logic. You need to set them based on actual situation. 661e41f4b71Sopenharmony_ci 662e41f4b71Sopenharmony_ci```ts 663e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 664e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 665e41f4b71Sopenharmony_ci 666e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 667e41f4b71Sopenharmony_ciconst initializationVector = '0000000000000000'; 668e41f4b71Sopenharmony_ciconst associatedData = "abababababababab"; 669e41f4b71Sopenharmony_ciconst nonce = "hahahahahaha"; 670e41f4b71Sopenharmony_ciconst tagSize = 16; 671e41f4b71Sopenharmony_ciconst unsignedInt32Bytes = 4; 672e41f4b71Sopenharmony_ciconst importedAes192PlainKey = "The aes192 key to import"; 673e41f4b71Sopenharmony_ciconst callerAes256Kek = "The is kek to encrypt aes192 key"; 674e41f4b71Sopenharmony_ciconst callerKeyAlias = "test_caller_key_ecdh_aes192"; 675e41f4b71Sopenharmony_ciconst callerKekAliasAes256 = "test_caller_kek_ecdh_aes256"; 676e41f4b71Sopenharmony_ciconst callerAgreeKeyAliasAes256 = "test_caller_agree_key_ecdh_aes256"; 677e41f4b71Sopenharmony_ciconst importedKeyAliasAes192 = "test_import_key_ecdh_aes192"; 678e41f4b71Sopenharmony_ciconst mask = [0x000000FF, 0x0000FF00, 0x00FF0000, 0xFF000000]; 679e41f4b71Sopenharmony_ci 680e41f4b71Sopenharmony_ci 681e41f4b71Sopenharmony_cifunction StringToUint8Array(str: string) { 682e41f4b71Sopenharmony_ci let arr: number[] = []; 683e41f4b71Sopenharmony_ci for (let i = 0, j = str.length; i < j; ++i) { 684e41f4b71Sopenharmony_ci arr.push(str.charCodeAt(i)); 685e41f4b71Sopenharmony_ci } 686e41f4b71Sopenharmony_ci return new Uint8Array(arr); 687e41f4b71Sopenharmony_ci} 688e41f4b71Sopenharmony_ci 689e41f4b71Sopenharmony_cifunction SubUint8ArrayOf(arrayBuf: Uint8Array, start: number, end: number) { 690e41f4b71Sopenharmony_ci let arr: Array<number> = []; 691e41f4b71Sopenharmony_ci for (let i = start; i < end && i < arrayBuf.length; ++i) { 692e41f4b71Sopenharmony_ci arr.push(arrayBuf[i]); 693e41f4b71Sopenharmony_ci } 694e41f4b71Sopenharmony_ci return new Uint8Array(arr); 695e41f4b71Sopenharmony_ci} 696e41f4b71Sopenharmony_ci 697e41f4b71Sopenharmony_cifunction AssignLength(length: number, arrayBuf: Uint8Array, startIndex: number) { 698e41f4b71Sopenharmony_ci let index = startIndex; 699e41f4b71Sopenharmony_ci for (let i = 0; i < 4; i++) { 700e41f4b71Sopenharmony_ci arrayBuf[index++] = (length & mask[i]) >> (i * 8); 701e41f4b71Sopenharmony_ci } 702e41f4b71Sopenharmony_ci return 4; 703e41f4b71Sopenharmony_ci} 704e41f4b71Sopenharmony_ci 705e41f4b71Sopenharmony_cifunction AssignData(data: Uint8Array, arrayBuf: Uint8Array, startIndex: number) { 706e41f4b71Sopenharmony_ci let index = startIndex; 707e41f4b71Sopenharmony_ci for (let i = 0; i < data.length; i++) { 708e41f4b71Sopenharmony_ci arrayBuf[index++] = data[i]; 709e41f4b71Sopenharmony_ci } 710e41f4b71Sopenharmony_ci return data.length; 711e41f4b71Sopenharmony_ci} 712e41f4b71Sopenharmony_ci 713e41f4b71Sopenharmony_ciconst genWrappingKeyParams: huks.HuksOptions = { 714e41f4b71Sopenharmony_ci properties: [ 715e41f4b71Sopenharmony_ci { 716e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 717e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_ECC 718e41f4b71Sopenharmony_ci }, 719e41f4b71Sopenharmony_ci { 720e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 721e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 722e41f4b71Sopenharmony_ci }, 723e41f4b71Sopenharmony_ci { 724e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 725e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256 726e41f4b71Sopenharmony_ci }, 727e41f4b71Sopenharmony_ci { 728e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 729e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_NONE 730e41f4b71Sopenharmony_ci }, 731e41f4b71Sopenharmony_ci { 732e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 733e41f4b71Sopenharmony_ci value: userIdStorageLevel, 734e41f4b71Sopenharmony_ci } 735e41f4b71Sopenharmony_ci ] 736e41f4b71Sopenharmony_ci} 737e41f4b71Sopenharmony_ci 738e41f4b71Sopenharmony_ciconst genCallerEcdhParams: huks.HuksOptions = { 739e41f4b71Sopenharmony_ci properties: [ 740e41f4b71Sopenharmony_ci { 741e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 742e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_ECC 743e41f4b71Sopenharmony_ci }, 744e41f4b71Sopenharmony_ci { 745e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 746e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE 747e41f4b71Sopenharmony_ci }, 748e41f4b71Sopenharmony_ci { 749e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 750e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256 751e41f4b71Sopenharmony_ci }, 752e41f4b71Sopenharmony_ci { 753e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 754e41f4b71Sopenharmony_ci value: userIdStorageLevel, 755e41f4b71Sopenharmony_ci } 756e41f4b71Sopenharmony_ci ] 757e41f4b71Sopenharmony_ci} 758e41f4b71Sopenharmony_ci 759e41f4b71Sopenharmony_ciconst importParamsCallerKek: huks.HuksOptions = { 760e41f4b71Sopenharmony_ci properties: [ 761e41f4b71Sopenharmony_ci { 762e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 763e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 764e41f4b71Sopenharmony_ci }, 765e41f4b71Sopenharmony_ci { 766e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 767e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 768e41f4b71Sopenharmony_ci }, 769e41f4b71Sopenharmony_ci { 770e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 771e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 772e41f4b71Sopenharmony_ci }, 773e41f4b71Sopenharmony_ci { 774e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 775e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_NONE 776e41f4b71Sopenharmony_ci }, 777e41f4b71Sopenharmony_ci { 778e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 779e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_GCM 780e41f4b71Sopenharmony_ci }, 781e41f4b71Sopenharmony_ci { 782e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 783e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_NONE 784e41f4b71Sopenharmony_ci }, 785e41f4b71Sopenharmony_ci { 786e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_IV, 787e41f4b71Sopenharmony_ci value: StringToUint8Array(initializationVector) 788e41f4b71Sopenharmony_ci }, 789e41f4b71Sopenharmony_ci { 790e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 791e41f4b71Sopenharmony_ci value: userIdStorageLevel, 792e41f4b71Sopenharmony_ci } 793e41f4b71Sopenharmony_ci ], 794e41f4b71Sopenharmony_ci inData: StringToUint8Array(callerAes256Kek) 795e41f4b71Sopenharmony_ci} 796e41f4b71Sopenharmony_ci 797e41f4b71Sopenharmony_ciconst importParamsAgreeKey: huks.HuksOptions = { 798e41f4b71Sopenharmony_ci properties: [ 799e41f4b71Sopenharmony_ci { 800e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 801e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 802e41f4b71Sopenharmony_ci }, 803e41f4b71Sopenharmony_ci { 804e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 805e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 806e41f4b71Sopenharmony_ci }, 807e41f4b71Sopenharmony_ci { 808e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 809e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 810e41f4b71Sopenharmony_ci }, 811e41f4b71Sopenharmony_ci { 812e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 813e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_NONE 814e41f4b71Sopenharmony_ci }, 815e41f4b71Sopenharmony_ci { 816e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 817e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_GCM 818e41f4b71Sopenharmony_ci }, 819e41f4b71Sopenharmony_ci { 820e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 821e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_NONE 822e41f4b71Sopenharmony_ci }, 823e41f4b71Sopenharmony_ci { 824e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_IV, 825e41f4b71Sopenharmony_ci value: StringToUint8Array(initializationVector) 826e41f4b71Sopenharmony_ci }, 827e41f4b71Sopenharmony_ci { 828e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 829e41f4b71Sopenharmony_ci value: userIdStorageLevel, 830e41f4b71Sopenharmony_ci } 831e41f4b71Sopenharmony_ci ] 832e41f4b71Sopenharmony_ci} 833e41f4b71Sopenharmony_ci 834e41f4b71Sopenharmony_ciconst callerAgreeParams: huks.HuksOptions = { 835e41f4b71Sopenharmony_ci properties: [ 836e41f4b71Sopenharmony_ci { 837e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 838e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_ECDH 839e41f4b71Sopenharmony_ci }, 840e41f4b71Sopenharmony_ci { 841e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 842e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE 843e41f4b71Sopenharmony_ci }, 844e41f4b71Sopenharmony_ci { 845e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 846e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256 847e41f4b71Sopenharmony_ci }, 848e41f4b71Sopenharmony_ci { 849e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 850e41f4b71Sopenharmony_ci value: userIdStorageLevel, 851e41f4b71Sopenharmony_ci } 852e41f4b71Sopenharmony_ci ] 853e41f4b71Sopenharmony_ci} 854e41f4b71Sopenharmony_ci 855e41f4b71Sopenharmony_ciconst encryptKeyCommonParams: huks.HuksOptions = { 856e41f4b71Sopenharmony_ci properties: [ 857e41f4b71Sopenharmony_ci { 858e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 859e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 860e41f4b71Sopenharmony_ci }, 861e41f4b71Sopenharmony_ci { 862e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 863e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 864e41f4b71Sopenharmony_ci }, 865e41f4b71Sopenharmony_ci { 866e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 867e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 868e41f4b71Sopenharmony_ci }, 869e41f4b71Sopenharmony_ci { 870e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 871e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_NONE 872e41f4b71Sopenharmony_ci }, 873e41f4b71Sopenharmony_ci { 874e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 875e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_GCM 876e41f4b71Sopenharmony_ci }, 877e41f4b71Sopenharmony_ci { 878e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_NONCE, 879e41f4b71Sopenharmony_ci value: StringToUint8Array(nonce) 880e41f4b71Sopenharmony_ci }, 881e41f4b71Sopenharmony_ci { 882e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA, 883e41f4b71Sopenharmony_ci value: StringToUint8Array(associatedData) 884e41f4b71Sopenharmony_ci }, 885e41f4b71Sopenharmony_ci { 886e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 887e41f4b71Sopenharmony_ci value: userIdStorageLevel, 888e41f4b71Sopenharmony_ci } 889e41f4b71Sopenharmony_ci ] 890e41f4b71Sopenharmony_ci} 891e41f4b71Sopenharmony_ci 892e41f4b71Sopenharmony_ciconst importWrappedAes192Params: huks.HuksOptions = { 893e41f4b71Sopenharmony_ci properties: [ 894e41f4b71Sopenharmony_ci { 895e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 896e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 897e41f4b71Sopenharmony_ci }, 898e41f4b71Sopenharmony_ci { 899e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 900e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 901e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 902e41f4b71Sopenharmony_ci }, 903e41f4b71Sopenharmony_ci { 904e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 905e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_192 906e41f4b71Sopenharmony_ci }, 907e41f4b71Sopenharmony_ci { 908e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 909e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_NONE 910e41f4b71Sopenharmony_ci }, 911e41f4b71Sopenharmony_ci { 912e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 913e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 914e41f4b71Sopenharmony_ci }, 915e41f4b71Sopenharmony_ci { 916e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 917e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_NONE 918e41f4b71Sopenharmony_ci }, 919e41f4b71Sopenharmony_ci { 920e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 921e41f4b71Sopenharmony_ci value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 922e41f4b71Sopenharmony_ci }, 923e41f4b71Sopenharmony_ci { 924e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_IV, 925e41f4b71Sopenharmony_ci value: StringToUint8Array(initializationVector) 926e41f4b71Sopenharmony_ci }, 927e41f4b71Sopenharmony_ci { 928e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 929e41f4b71Sopenharmony_ci value: userIdStorageLevel, 930e41f4b71Sopenharmony_ci } 931e41f4b71Sopenharmony_ci ] 932e41f4b71Sopenharmony_ci} 933e41f4b71Sopenharmony_ci 934e41f4b71Sopenharmony_ciasync function PublicImportKeyItemFunc( 935e41f4b71Sopenharmony_ci userId: number, 936e41f4b71Sopenharmony_ci keyAlias: string, huksOptions: huks.HuksOptions) { 937e41f4b71Sopenharmony_ci console.info(`enter promise importKeyItemAsUser`); 938e41f4b71Sopenharmony_ci try { 939e41f4b71Sopenharmony_ci await huks.importKeyItemAsUser(userId, keyAlias, huksOptions) 940e41f4b71Sopenharmony_ci .then(data => { 941e41f4b71Sopenharmony_ci console.info(`promise: importKeyItemAsUser success, data = ${JSON.stringify(data)}`); 942e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 943e41f4b71Sopenharmony_ci console.error(`promise: importKeyItemAsUser failed, code: ${err.code}, msg: ${err.message}`); 944e41f4b71Sopenharmony_ci }) 945e41f4b71Sopenharmony_ci } catch (err) { 946e41f4b71Sopenharmony_ci console.error(`promise: importKeyItemAsUser input arg invalid, code: ${err.code}, msg: ${err.message}`); 947e41f4b71Sopenharmony_ci } 948e41f4b71Sopenharmony_ci} 949e41f4b71Sopenharmony_ci 950e41f4b71Sopenharmony_ciasync function PublicDeleteKeyItemFunc( 951e41f4b71Sopenharmony_ci userId: number, 952e41f4b71Sopenharmony_ci keyAlias: string, huksOptions: huks.HuksOptions) { 953e41f4b71Sopenharmony_ci console.info(`enter promise deleteKeyItemAsUser`); 954e41f4b71Sopenharmony_ci try { 955e41f4b71Sopenharmony_ci await huks.deleteKeyItemAsUser(userId, keyAlias, huksOptions) 956e41f4b71Sopenharmony_ci .then(data => { 957e41f4b71Sopenharmony_ci console.info(`promise: deleteKeyItemAsUser key success, data = ${JSON.stringify(data)}`); 958e41f4b71Sopenharmony_ci }) 959e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 960e41f4b71Sopenharmony_ci console.error(`promise: deleteKeyItemAsUser failed, code: ${err.code}, msg: ${err.message}`); 961e41f4b71Sopenharmony_ci }) 962e41f4b71Sopenharmony_ci } catch (err) { 963e41f4b71Sopenharmony_ci console.error(`promise: deleteKeyItemAsUser input arg invalid, code: ${err.code}, msg: ${err.message}`); 964e41f4b71Sopenharmony_ci } 965e41f4b71Sopenharmony_ci} 966e41f4b71Sopenharmony_ci 967e41f4b71Sopenharmony_ciasync function PublicImportWrappedKeyFunc( 968e41f4b71Sopenharmony_ci userId: number, 969e41f4b71Sopenharmony_ci keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) { 970e41f4b71Sopenharmony_ci console.info(`enter callback importWrappedKeyItemAsUser`); 971e41f4b71Sopenharmony_ci console.info(`publicImportWrappedKeyFunc huksOptions = ${JSON.stringify(huksOptions)}`); 972e41f4b71Sopenharmony_ci try { 973e41f4b71Sopenharmony_ci await huks.importWrappedKeyItemAsUser(userId, keyAlias, wrappingKeyAlias, huksOptions) 974e41f4b71Sopenharmony_ci .then((data) => { 975e41f4b71Sopenharmony_ci console.info(`callback: importWrappedKeyItemAsUser success, data = ${JSON.stringify(data)}`); 976e41f4b71Sopenharmony_ci console.info (`importWrappedKeyItemAsUser successful. data = ${JSON.stringify(data)}`) 977e41f4b71Sopenharmony_ci }) 978e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 979e41f4b71Sopenharmony_ci console.error(`callback: importWrappedKeyItemAsUser failed, code: ${err.code}, msg: ${err.message}`); 980e41f4b71Sopenharmony_ci }); 981e41f4b71Sopenharmony_ci } catch (error) { 982e41f4b71Sopenharmony_ci console.error(`callback: importWrappedKeyItemAsUser input arg invalid, code: ${error.code}, msg: ${error.message}`); 983e41f4b71Sopenharmony_ci } 984e41f4b71Sopenharmony_ci} 985e41f4b71Sopenharmony_ci 986e41f4b71Sopenharmony_ciasync function PublicInitFunc( 987e41f4b71Sopenharmony_ci userId: number, 988e41f4b71Sopenharmony_ci srcKeyAlias: string, huksOptions: huks.HuksOptions) { 989e41f4b71Sopenharmony_ci let handle: number = 0; 990e41f4b71Sopenharmony_ci console.info(`enter promise doInit`); 991e41f4b71Sopenharmony_ci try { 992e41f4b71Sopenharmony_ci await huks.initSessionAsUser(userId, srcKeyAlias, huksOptions) 993e41f4b71Sopenharmony_ci .then((data) => { 994e41f4b71Sopenharmony_ci console.info(`promise: initSessionAsUser success, data = ${JSON.stringify(data)}`); 995e41f4b71Sopenharmony_ci handle = data.handle; 996e41f4b71Sopenharmony_ci }) 997e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 998e41f4b71Sopenharmony_ci console.error(`promise: initSessionAsUser key failed, code: ${err.code}, msg: ${err.message}`); 999e41f4b71Sopenharmony_ci }); 1000e41f4b71Sopenharmony_ci } catch (error) { 1001e41f4b71Sopenharmony_ci console.error(`promise: doInit input arg invalid, code: ${error.code}, msg: ${error.message}`); 1002e41f4b71Sopenharmony_ci } 1003e41f4b71Sopenharmony_ci return handle; 1004e41f4b71Sopenharmony_ci} 1005e41f4b71Sopenharmony_ci 1006e41f4b71Sopenharmony_ciasync function PublicUpdateSessionFunction(handle: number, huksOptions: huks.HuksOptions) { 1007e41f4b71Sopenharmony_ci if (huksOptions?.inData?.length == undefined) { 1008e41f4b71Sopenharmony_ci return []; 1009e41f4b71Sopenharmony_ci } 1010e41f4b71Sopenharmony_ci const maxUpdateSize = 64; 1011e41f4b71Sopenharmony_ci const inData = huksOptions.inData; 1012e41f4b71Sopenharmony_ci const lastInDataPosition = inData.length - 1; 1013e41f4b71Sopenharmony_ci let inDataSegSize = maxUpdateSize; 1014e41f4b71Sopenharmony_ci let inDataSegPosition = 0; 1015e41f4b71Sopenharmony_ci let isFinished = false; 1016e41f4b71Sopenharmony_ci let outData: Array<number> = []; 1017e41f4b71Sopenharmony_ci 1018e41f4b71Sopenharmony_ci while (inDataSegPosition <= lastInDataPosition) { 1019e41f4b71Sopenharmony_ci if (inDataSegPosition + maxUpdateSize > lastInDataPosition) { 1020e41f4b71Sopenharmony_ci isFinished = true; 1021e41f4b71Sopenharmony_ci inDataSegSize = lastInDataPosition - inDataSegPosition + 1; 1022e41f4b71Sopenharmony_ci console.info(`enter promise doUpdate`); 1023e41f4b71Sopenharmony_ci break; 1024e41f4b71Sopenharmony_ci } 1025e41f4b71Sopenharmony_ci huksOptions.inData = new Uint8Array( 1026e41f4b71Sopenharmony_ci Array.from(inData).slice(inDataSegPosition, inDataSegPosition + inDataSegSize) 1027e41f4b71Sopenharmony_ci ); 1028e41f4b71Sopenharmony_ci console.info(`enter promise doUpdate`); 1029e41f4b71Sopenharmony_ci try { 1030e41f4b71Sopenharmony_ci await huks.updateSession(handle, huksOptions) 1031e41f4b71Sopenharmony_ci .then((data) => { 1032e41f4b71Sopenharmony_ci console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`); 1033e41f4b71Sopenharmony_ci if (data.outData == undefined) { 1034e41f4b71Sopenharmony_ci console.error('data.outData is undefined'); 1035e41f4b71Sopenharmony_ci return; 1036e41f4b71Sopenharmony_ci } 1037e41f4b71Sopenharmony_ci outData = outData.concat(Array.from(data.outData)); 1038e41f4b71Sopenharmony_ci }) 1039e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1040e41f4b71Sopenharmony_ci console.error(`promise: doUpdate failed, code: ${err.code}, msg: ${err.message}`); 1041e41f4b71Sopenharmony_ci }); 1042e41f4b71Sopenharmony_ci } catch (error) { 1043e41f4b71Sopenharmony_ci console.error(`promise: doUpdate input arg invalid, code: ${error.code}, msg: ${error.message}`); 1044e41f4b71Sopenharmony_ci } 1045e41f4b71Sopenharmony_ci if ((!isFinished) && (inDataSegPosition + maxUpdateSize > lastInDataPosition)) { 1046e41f4b71Sopenharmony_ci console.error(`update size invalid isFinished = ${isFinished}`); 1047e41f4b71Sopenharmony_ci console.error(`inDataSegPosition = ${inDataSegPosition}`); 1048e41f4b71Sopenharmony_ci console.error(`lastInDataPosition = ${lastInDataPosition}`); 1049e41f4b71Sopenharmony_ci return []; 1050e41f4b71Sopenharmony_ci } 1051e41f4b71Sopenharmony_ci inDataSegPosition += maxUpdateSize; 1052e41f4b71Sopenharmony_ci } 1053e41f4b71Sopenharmony_ci return outData; 1054e41f4b71Sopenharmony_ci} 1055e41f4b71Sopenharmony_ci 1056e41f4b71Sopenharmony_ciasync function PublicFinishSession(handle: number, huksOptions: huks.HuksOptions, inData: Array<number>) { 1057e41f4b71Sopenharmony_ci let outData: Array<number> = []; 1058e41f4b71Sopenharmony_ci console.info(`enter promise doFinish`); 1059e41f4b71Sopenharmony_ci try { 1060e41f4b71Sopenharmony_ci await huks.finishSession(handle, huksOptions) 1061e41f4b71Sopenharmony_ci .then((data) => { 1062e41f4b71Sopenharmony_ci console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`); 1063e41f4b71Sopenharmony_ci if (data.outData == undefined) { 1064e41f4b71Sopenharmony_ci console.error('data.outData is undefined'); 1065e41f4b71Sopenharmony_ci return; 1066e41f4b71Sopenharmony_ci } 1067e41f4b71Sopenharmony_ci outData = inData.concat(Array.from(data.outData)); 1068e41f4b71Sopenharmony_ci }) 1069e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1070e41f4b71Sopenharmony_ci console.error(`promise: doFinish key failed, code: ${err.code}, msg: ${err.message}`); 1071e41f4b71Sopenharmony_ci }); 1072e41f4b71Sopenharmony_ci } catch (error) { 1073e41f4b71Sopenharmony_ci console.error(`promise: doFinish input arg invalid, code: ${error.code}, msg: ${error.message}`); 1074e41f4b71Sopenharmony_ci } 1075e41f4b71Sopenharmony_ci return new Uint8Array(outData); 1076e41f4b71Sopenharmony_ci} 1077e41f4b71Sopenharmony_ci 1078e41f4b71Sopenharmony_ciasync function CipherFunction( 1079e41f4b71Sopenharmony_ci userId: number, 1080e41f4b71Sopenharmony_ci keyAlias: string, huksOptions: huks.HuksOptions) { 1081e41f4b71Sopenharmony_ci const handle = await PublicInitFunc(userId, keyAlias, huksOptions); 1082e41f4b71Sopenharmony_ci const tmpData = await PublicUpdateSessionFunction(handle, huksOptions); 1083e41f4b71Sopenharmony_ci const outData = await PublicFinishSession(handle, huksOptions, tmpData); 1084e41f4b71Sopenharmony_ci return outData; 1085e41f4b71Sopenharmony_ci} 1086e41f4b71Sopenharmony_ci 1087e41f4b71Sopenharmony_ciasync function AgreeFunction( 1088e41f4b71Sopenharmony_ci userId: number, 1089e41f4b71Sopenharmony_ci keyAlias: string, huksOptions: huks.HuksOptions, huksPublicKey: Uint8Array) { 1090e41f4b71Sopenharmony_ci const handle = await PublicInitFunc(userId, keyAlias, huksOptions); 1091e41f4b71Sopenharmony_ci let outSharedKey: Uint8Array = new Uint8Array; 1092e41f4b71Sopenharmony_ci huksOptions.inData = huksPublicKey; 1093e41f4b71Sopenharmony_ci console.info(`enter promise doUpdate`); 1094e41f4b71Sopenharmony_ci try { 1095e41f4b71Sopenharmony_ci await huks.updateSession(handle, huksOptions) 1096e41f4b71Sopenharmony_ci .then((data) => { 1097e41f4b71Sopenharmony_ci console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`); 1098e41f4b71Sopenharmony_ci }) 1099e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1100e41f4b71Sopenharmony_ci console.error(`promise: doUpdate failed, code: ${err.code}, msg: ${err.message}`); 1101e41f4b71Sopenharmony_ci }); 1102e41f4b71Sopenharmony_ci } catch (error) { 1103e41f4b71Sopenharmony_ci console.error(`promise: doUpdate input arg invalid, code: ${error.code}, msg: ${error.message}`); 1104e41f4b71Sopenharmony_ci } 1105e41f4b71Sopenharmony_ci console.info(`enter promise doInit`); 1106e41f4b71Sopenharmony_ci try { 1107e41f4b71Sopenharmony_ci await huks.finishSession(handle, huksOptions) 1108e41f4b71Sopenharmony_ci .then((data) => { 1109e41f4b71Sopenharmony_ci console.info(`promise: doInit success, data = ${JSON.stringify(data)}`); 1110e41f4b71Sopenharmony_ci if (data.outData == undefined) { 1111e41f4b71Sopenharmony_ci console.error('data.outData is undefined'); 1112e41f4b71Sopenharmony_ci return; 1113e41f4b71Sopenharmony_ci } 1114e41f4b71Sopenharmony_ci outSharedKey = data.outData; 1115e41f4b71Sopenharmony_ci }) 1116e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1117e41f4b71Sopenharmony_ci console.error(`promise: doInit key failed, code: ${err.code}, msg: ${err.message}`); 1118e41f4b71Sopenharmony_ci }); 1119e41f4b71Sopenharmony_ci } catch (error) { 1120e41f4b71Sopenharmony_ci console.error(`promise: doInit input arg invalid, code: ${error.code}, msg: ${error.message}`); 1121e41f4b71Sopenharmony_ci } 1122e41f4b71Sopenharmony_ci return outSharedKey; 1123e41f4b71Sopenharmony_ci} 1124e41f4b71Sopenharmony_ci 1125e41f4b71Sopenharmony_ciasync function ImportKekAndAgreeSharedSecret( 1126e41f4b71Sopenharmony_ci userId: number, 1127e41f4b71Sopenharmony_ci callerKekAlias: string, importKekParams: huks.HuksOptions, 1128e41f4b71Sopenharmony_ci callerKeyAlias: string, huksPublicKey: Uint8Array, agreeParams: huks.HuksOptions) { 1129e41f4b71Sopenharmony_ci await PublicImportKeyItemFunc(userId, callerKekAlias, importKekParams); 1130e41f4b71Sopenharmony_ci 1131e41f4b71Sopenharmony_ci importParamsAgreeKey.inData = await AgreeFunction(userId, callerKeyAlias, agreeParams, huksPublicKey); 1132e41f4b71Sopenharmony_ci 1133e41f4b71Sopenharmony_ci await PublicImportKeyItemFunc(userId, callerAgreeKeyAliasAes256, importParamsAgreeKey); 1134e41f4b71Sopenharmony_ci} 1135e41f4b71Sopenharmony_ci 1136e41f4b71Sopenharmony_ciasync function GenerateAndExportPublicKey( 1137e41f4b71Sopenharmony_ci userId: number, 1138e41f4b71Sopenharmony_ci keyAlias: string, huksOptions: huks.HuksOptions): Promise<Uint8Array> { 1139e41f4b71Sopenharmony_ci try { 1140e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, huksOptions) 1141e41f4b71Sopenharmony_ci .then(data => { 1142e41f4b71Sopenharmony_ci console.info(`promise: generateKeyItemAsUser success, data = ${JSON.stringify(data)}`); 1143e41f4b71Sopenharmony_ci }) 1144e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1145e41f4b71Sopenharmony_ci console.error(`callback: generateKeyItemAsUser failed, code: ${err.code}, msg: ${err.message}`); 1146e41f4b71Sopenharmony_ci }) 1147e41f4b71Sopenharmony_ci } catch (err) { 1148e41f4b71Sopenharmony_ci console.error(`callback: generateKeyItemAsUser invalid, code: ${err.code}, msg: ${err.message}`); 1149e41f4b71Sopenharmony_ci } 1150e41f4b71Sopenharmony_ci 1151e41f4b71Sopenharmony_ci 1152e41f4b71Sopenharmony_ci let result = new Uint8Array([]) 1153e41f4b71Sopenharmony_ci try { 1154e41f4b71Sopenharmony_ci await huks.exportKeyItemAsUser(userId, keyAlias, huksOptions) 1155e41f4b71Sopenharmony_ci .then((data) => { 1156e41f4b71Sopenharmony_ci console.info(`promise: exportKeyItemAsUser success, data = ${JSON.stringify(data)}`); 1157e41f4b71Sopenharmony_ci if (data.outData == undefined) { 1158e41f4b71Sopenharmony_ci console.error('data.outData is undefined'); 1159e41f4b71Sopenharmony_ci return; 1160e41f4b71Sopenharmony_ci } 1161e41f4b71Sopenharmony_ci result = data.outData; 1162e41f4b71Sopenharmony_ci }) 1163e41f4b71Sopenharmony_ci .catch((err: BusinessError) => { 1164e41f4b71Sopenharmony_ci console.error(`promise: exportKeyItemAsUser failed, code: ${err.code}, msg: ${err.message}`); 1165e41f4b71Sopenharmony_ci }); 1166e41f4b71Sopenharmony_ci } catch (e) { 1167e41f4b71Sopenharmony_ci console.error(`promise: generate pubKey failed, code: ${e.code}, msg: ${e.message}`); 1168e41f4b71Sopenharmony_ci } 1169e41f4b71Sopenharmony_ci return result 1170e41f4b71Sopenharmony_ci} 1171e41f4b71Sopenharmony_ci 1172e41f4b71Sopenharmony_ciinterface KeyEncAndKekEnc { 1173e41f4b71Sopenharmony_ci outPlainKeyEncData: Uint8Array, 1174e41f4b71Sopenharmony_ci outKekEncData: Uint8Array, 1175e41f4b71Sopenharmony_ci outKekEncTag: Uint8Array, 1176e41f4b71Sopenharmony_ci outAgreeKeyEncTag: Uint8Array, 1177e41f4b71Sopenharmony_ci} 1178e41f4b71Sopenharmony_ci 1179e41f4b71Sopenharmony_ciasync function EncryptImportedPlainKeyAndKek( 1180e41f4b71Sopenharmony_ci userId: number, 1181e41f4b71Sopenharmony_ci keyAlias: string): Promise<KeyEncAndKekEnc> { 1182e41f4b71Sopenharmony_ci encryptKeyCommonParams.inData = StringToUint8Array(keyAlias) 1183e41f4b71Sopenharmony_ci const plainKeyEncData = await CipherFunction(userId, callerKekAliasAes256, encryptKeyCommonParams); 1184e41f4b71Sopenharmony_ci const result: KeyEncAndKekEnc = { 1185e41f4b71Sopenharmony_ci outPlainKeyEncData: new Uint8Array([]), 1186e41f4b71Sopenharmony_ci outKekEncData: new Uint8Array([]), 1187e41f4b71Sopenharmony_ci outKekEncTag: new Uint8Array([]), 1188e41f4b71Sopenharmony_ci outAgreeKeyEncTag: new Uint8Array([]), 1189e41f4b71Sopenharmony_ci } 1190e41f4b71Sopenharmony_ci result.outKekEncTag = SubUint8ArrayOf(plainKeyEncData, plainKeyEncData.length - tagSize, plainKeyEncData.length) 1191e41f4b71Sopenharmony_ci result.outPlainKeyEncData = SubUint8ArrayOf(plainKeyEncData, 0, plainKeyEncData.length - tagSize) 1192e41f4b71Sopenharmony_ci 1193e41f4b71Sopenharmony_ci encryptKeyCommonParams.inData = StringToUint8Array(callerAes256Kek) 1194e41f4b71Sopenharmony_ci const kekEncData = await CipherFunction(userId, callerAgreeKeyAliasAes256, encryptKeyCommonParams) 1195e41f4b71Sopenharmony_ci result.outAgreeKeyEncTag = SubUint8ArrayOf(kekEncData, kekEncData.length - tagSize, kekEncData.length) 1196e41f4b71Sopenharmony_ci result.outKekEncData = SubUint8ArrayOf(kekEncData, 0, kekEncData.length - tagSize) 1197e41f4b71Sopenharmony_ci 1198e41f4b71Sopenharmony_ci return result 1199e41f4b71Sopenharmony_ci} 1200e41f4b71Sopenharmony_ci 1201e41f4b71Sopenharmony_ciasync function BuildWrappedDataAndImportWrappedKey(plainKey: string, huksPubKey: Uint8Array, callerSelfPublicKey: Uint8Array, encData: KeyEncAndKekEnc) { 1202e41f4b71Sopenharmony_ci const plainKeySizeBuff = new Uint8Array(4); 1203e41f4b71Sopenharmony_ci AssignLength(plainKey.length, plainKeySizeBuff, 0); 1204e41f4b71Sopenharmony_ci 1205e41f4b71Sopenharmony_ci const wrappedData = new Uint8Array( 1206e41f4b71Sopenharmony_ci unsignedInt32Bytes + huksPubKey.length + 1207e41f4b71Sopenharmony_ci unsignedInt32Bytes + associatedData.length + 1208e41f4b71Sopenharmony_ci unsignedInt32Bytes + nonce.length + 1209e41f4b71Sopenharmony_ci unsignedInt32Bytes + tagSize + 1210e41f4b71Sopenharmony_ci unsignedInt32Bytes + encData.outKekEncData.length + 1211e41f4b71Sopenharmony_ci unsignedInt32Bytes + associatedData.length + 1212e41f4b71Sopenharmony_ci unsignedInt32Bytes + nonce.length + 1213e41f4b71Sopenharmony_ci unsignedInt32Bytes + tagSize + 1214e41f4b71Sopenharmony_ci unsignedInt32Bytes + plainKeySizeBuff.length + 1215e41f4b71Sopenharmony_ci unsignedInt32Bytes + encData.outPlainKeyEncData.length 1216e41f4b71Sopenharmony_ci ); 1217e41f4b71Sopenharmony_ci let index = 0; 1218e41f4b71Sopenharmony_ci const associatedDataArray = StringToUint8Array(associatedData); 1219e41f4b71Sopenharmony_ci const nonceArray = StringToUint8Array(nonce); 1220e41f4b71Sopenharmony_ci 1221e41f4b71Sopenharmony_ci index += AssignLength(callerSelfPublicKey.length, wrappedData, index); // 4 1222e41f4b71Sopenharmony_ci index += AssignData(callerSelfPublicKey, wrappedData, index); // 91 1223e41f4b71Sopenharmony_ci index += AssignLength(associatedDataArray.length, wrappedData, index); // 4 1224e41f4b71Sopenharmony_ci index += AssignData(associatedDataArray, wrappedData, index); // 16 1225e41f4b71Sopenharmony_ci index += AssignLength(nonceArray.length, wrappedData, index); // 4 1226e41f4b71Sopenharmony_ci index += AssignData(nonceArray, wrappedData, index); // 12 1227e41f4b71Sopenharmony_ci index += AssignLength(encData.outAgreeKeyEncTag.length, wrappedData, index); // 4 1228e41f4b71Sopenharmony_ci index += AssignData(encData.outAgreeKeyEncTag, wrappedData, index); // 16 1229e41f4b71Sopenharmony_ci index += AssignLength(encData.outKekEncData.length, wrappedData, index); // 4 1230e41f4b71Sopenharmony_ci index += AssignData(encData.outKekEncData, wrappedData, index); // 32 1231e41f4b71Sopenharmony_ci index += AssignLength(associatedDataArray.length, wrappedData, index); // 4 1232e41f4b71Sopenharmony_ci index += AssignData(associatedDataArray, wrappedData, index); // 16 1233e41f4b71Sopenharmony_ci index += AssignLength(nonceArray.length, wrappedData, index); // 4 1234e41f4b71Sopenharmony_ci index += AssignData(nonceArray, wrappedData, index); // 12 1235e41f4b71Sopenharmony_ci index += AssignLength(encData.outKekEncTag.length, wrappedData, index); // 4 1236e41f4b71Sopenharmony_ci index += AssignData(encData.outKekEncTag, wrappedData, index); // 16 1237e41f4b71Sopenharmony_ci index += AssignLength(plainKeySizeBuff.length, wrappedData, index); // 4 1238e41f4b71Sopenharmony_ci index += AssignData(plainKeySizeBuff, wrappedData, index); // 4 1239e41f4b71Sopenharmony_ci index += AssignLength(encData.outPlainKeyEncData.length, wrappedData, index); // 4 1240e41f4b71Sopenharmony_ci index += AssignData(encData.outPlainKeyEncData, wrappedData, index); // 24 1241e41f4b71Sopenharmony_ci 1242e41f4b71Sopenharmony_ci return wrappedData; 1243e41f4b71Sopenharmony_ci} 1244e41f4b71Sopenharmony_ci 1245e41f4b71Sopenharmony_ciexport async function HuksSecurityImportTest(userId: number) { 1246e41f4b71Sopenharmony_ci const srcKeyAliasWrap = 'HUKS_Basic_Capability_Import_0200'; 1247e41f4b71Sopenharmony_ci const huksPubKey: Uint8Array = await GenerateAndExportPublicKey(userId, srcKeyAliasWrap, genWrappingKeyParams); 1248e41f4b71Sopenharmony_ci const callerSelfPublicKey: Uint8Array = await GenerateAndExportPublicKey(userId, callerKeyAlias, genCallerEcdhParams); 1249e41f4b71Sopenharmony_ci 1250e41f4b71Sopenharmony_ci await ImportKekAndAgreeSharedSecret( 1251e41f4b71Sopenharmony_ci userId, 1252e41f4b71Sopenharmony_ci callerKekAliasAes256, importParamsCallerKek, callerKeyAlias, huksPubKey, callerAgreeParams); 1253e41f4b71Sopenharmony_ci const encData: KeyEncAndKekEnc = await EncryptImportedPlainKeyAndKek(userId, importedAes192PlainKey); 1254e41f4b71Sopenharmony_ci const wrappedData = await BuildWrappedDataAndImportWrappedKey(importedAes192PlainKey, huksPubKey, callerSelfPublicKey, encData); 1255e41f4b71Sopenharmony_ci importWrappedAes192Params.inData = wrappedData; 1256e41f4b71Sopenharmony_ci await PublicImportWrappedKeyFunc(userId, 1257e41f4b71Sopenharmony_ci importedKeyAliasAes192, srcKeyAliasWrap, importWrappedAes192Params); 1258e41f4b71Sopenharmony_ci await PublicDeleteKeyItemFunc(userId, srcKeyAliasWrap, genWrappingKeyParams); 1259e41f4b71Sopenharmony_ci await PublicDeleteKeyItemFunc(userId, callerKeyAlias, genCallerEcdhParams); 1260e41f4b71Sopenharmony_ci await PublicDeleteKeyItemFunc(userId, importedKeyAliasAes192, importWrappedAes192Params); 1261e41f4b71Sopenharmony_ci await PublicDeleteKeyItemFunc(userId, callerKekAliasAes256, callerAgreeParams); 1262e41f4b71Sopenharmony_ci} 1263e41f4b71Sopenharmony_ci 1264e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 1265e41f4b71Sopenharmony_ci console.info('begin huks as user test') 1266e41f4b71Sopenharmony_ci 1267e41f4b71Sopenharmony_ci const userId = 100; 1268e41f4b71Sopenharmony_ci HuksSecurityImportTest(userId) 1269e41f4b71Sopenharmony_ci} 1270e41f4b71Sopenharmony_ci``` 1271e41f4b71Sopenharmony_ci 1272e41f4b71Sopenharmony_ci## huks.exportKeyItemAsUser 1273e41f4b71Sopenharmony_ci 1274e41f4b71Sopenharmony_ciexportKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<HuksReturnResult> 1275e41f4b71Sopenharmony_ci 1276e41f4b71Sopenharmony_ciExports the public key for the specified user. This API uses a promise to return the result. 1277e41f4b71Sopenharmony_ci 1278e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 1279e41f4b71Sopenharmony_ci 1280e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 1281e41f4b71Sopenharmony_ci 1282e41f4b71Sopenharmony_ci**Parameters** 1283e41f4b71Sopenharmony_ci 1284e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 1285e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | -------------------------------------------- | 1286e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 1287e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1288e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Empty object (leave this parameter empty). | 1289e41f4b71Sopenharmony_ci 1290e41f4b71Sopenharmony_ci**Return value** 1291e41f4b71Sopenharmony_ci 1292e41f4b71Sopenharmony_ci| Type | Description | 1293e41f4b71Sopenharmony_ci| ---------------------------------------------- | ------------------------------------------------------------ | 1294e41f4b71Sopenharmony_ci| Promise<[HuksReturnResult](js-apis-huks.md#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the public key exported. | 1295e41f4b71Sopenharmony_ci 1296e41f4b71Sopenharmony_ci**Error codes** 1297e41f4b71Sopenharmony_ci 1298e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1299e41f4b71Sopenharmony_ci 1300e41f4b71Sopenharmony_ci| ID | Error Message | 1301e41f4b71Sopenharmony_ci| -------- | ------------- | 1302e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 1303e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 1304e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1305e41f4b71Sopenharmony_ci| 801 | api is not supported. | 1306e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 1307e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 1308e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 1309e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 1310e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 1311e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 1312e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 1313e41f4b71Sopenharmony_ci| 12000012 | external error. | 1314e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 1315e41f4b71Sopenharmony_ci 1316e41f4b71Sopenharmony_ci**Example** 1317e41f4b71Sopenharmony_ci 1318e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 1319e41f4b71Sopenharmony_ci 1320e41f4b71Sopenharmony_ci```ts 1321e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 1322e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 1323e41f4b71Sopenharmony_ci 1324e41f4b71Sopenharmony_ciconst rsaKeyAlias = 'test_rsaKeyAlias'; 1325e41f4b71Sopenharmony_ciconst userId = 100; 1326e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 1327e41f4b71Sopenharmony_ci 1328e41f4b71Sopenharmony_cifunction GetRSA4096GenerateProperties(): Array<huks.HuksParam> { 1329e41f4b71Sopenharmony_ci return [{ 1330e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1331e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_RSA 1332e41f4b71Sopenharmony_ci }, { 1333e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1334e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_4096 1335e41f4b71Sopenharmony_ci }, { 1336e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1337e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 1338e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1339e41f4b71Sopenharmony_ci }, { 1340e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_DIGEST, 1341e41f4b71Sopenharmony_ci value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1342e41f4b71Sopenharmony_ci }, { 1343e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1344e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 1345e41f4b71Sopenharmony_ci }, { 1346e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1347e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_ECB 1348e41f4b71Sopenharmony_ci }, { 1349e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1350e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1351e41f4b71Sopenharmony_ci }] 1352e41f4b71Sopenharmony_ci} 1353e41f4b71Sopenharmony_ci 1354e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 1355e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1356e41f4b71Sopenharmony_ci properties: genProperties 1357e41f4b71Sopenharmony_ci } 1358e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 1359e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 1360e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1361e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 1362e41f4b71Sopenharmony_ci }) 1363e41f4b71Sopenharmony_ci} 1364e41f4b71Sopenharmony_ci 1365e41f4b71Sopenharmony_ciasync function ExportPublicKey(keyAlias: string) { 1366e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1367e41f4b71Sopenharmony_ci properties: [{ 1368e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1369e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1370e41f4b71Sopenharmony_ci }] 1371e41f4b71Sopenharmony_ci } 1372e41f4b71Sopenharmony_ci await huks.exportKeyItemAsUser(userId, keyAlias, options).then((data) => { 1373e41f4b71Sopenharmony_ci console.info("Exported the public key with the alias of: " + keyAlias + ". The data length is" + data?.outData?.length) 1374e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1375e41f4b71Sopenharmony_ci console.error("Failed to export the key. Error code: " + err.code + " Error message: " + err.message) 1376e41f4b71Sopenharmony_ci }) 1377e41f4b71Sopenharmony_ci} 1378e41f4b71Sopenharmony_ci 1379e41f4b71Sopenharmony_ciasync function ExportHuksTest() { 1380e41f4b71Sopenharmony_ci await GenerateKey(rsaKeyAlias, GetRSA4096GenerateProperties()) 1381e41f4b71Sopenharmony_ci await ExportPublicKey(rsaKeyAlias) 1382e41f4b71Sopenharmony_ci} 1383e41f4b71Sopenharmony_ci 1384e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 1385e41f4b71Sopenharmony_ci console.info('begin huks as user test') 1386e41f4b71Sopenharmony_ci ExportHuksTest() 1387e41f4b71Sopenharmony_ci} 1388e41f4b71Sopenharmony_ci``` 1389e41f4b71Sopenharmony_ci 1390e41f4b71Sopenharmony_ci## huks.getKeyItemPropertiesAsUser 1391e41f4b71Sopenharmony_ci 1392e41f4b71Sopenharmony_cigetKeyItemPropertiesAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<HuksReturnResult> 1393e41f4b71Sopenharmony_ci 1394e41f4b71Sopenharmony_ciObtains key properties for the specified user. This API uses a promise to return the result. 1395e41f4b71Sopenharmony_ci 1396e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 1397e41f4b71Sopenharmony_ci 1398e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 1399e41f4b71Sopenharmony_ci 1400e41f4b71Sopenharmony_ci**Parameters** 1401e41f4b71Sopenharmony_ci 1402e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 1403e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | -------------------------------------------- | 1404e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 1405e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1406e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Empty object (leave this parameter empty). | 1407e41f4b71Sopenharmony_ci 1408e41f4b71Sopenharmony_ci**Return value** 1409e41f4b71Sopenharmony_ci 1410e41f4b71Sopenharmony_ci| Type | Description | 1411e41f4b71Sopenharmony_ci| ----------------------------------------------- | ------------------------------------------------------------ | 1412e41f4b71Sopenharmony_ci| Promise\<[HuksReturnResult](js-apis-huks.md#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **properties** in **HuksReturnResult** holds the parameters required for generating the key. 1413e41f4b71Sopenharmony_ci 1414e41f4b71Sopenharmony_ci**Error codes** 1415e41f4b71Sopenharmony_ci 1416e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1417e41f4b71Sopenharmony_ci 1418e41f4b71Sopenharmony_ci| ID | Error Message | 1419e41f4b71Sopenharmony_ci| -------- | ------------- | 1420e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 1421e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 1422e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1423e41f4b71Sopenharmony_ci| 801 | api is not supported. | 1424e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 1425e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 1426e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 1427e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 1428e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 1429e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 1430e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 1431e41f4b71Sopenharmony_ci| 12000012 | external error. | 1432e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 1433e41f4b71Sopenharmony_ci 1434e41f4b71Sopenharmony_ci**Example** 1435e41f4b71Sopenharmony_ci 1436e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 1437e41f4b71Sopenharmony_ci 1438e41f4b71Sopenharmony_ci```ts 1439e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 1440e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 1441e41f4b71Sopenharmony_ci 1442e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 1443e41f4b71Sopenharmony_ciconst userId = 100; 1444e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 1445e41f4b71Sopenharmony_ci 1446e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 1447e41f4b71Sopenharmony_ci return [{ 1448e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1449e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 1450e41f4b71Sopenharmony_ci }, { 1451e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1452e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 1453e41f4b71Sopenharmony_ci }, { 1454e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1455e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 1456e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1457e41f4b71Sopenharmony_ci }, { 1458e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1459e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 1460e41f4b71Sopenharmony_ci }, { 1461e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1462e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 1463e41f4b71Sopenharmony_ci }, { 1464e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1465e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1466e41f4b71Sopenharmony_ci }] 1467e41f4b71Sopenharmony_ci} 1468e41f4b71Sopenharmony_ci 1469e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 1470e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1471e41f4b71Sopenharmony_ci properties: genProperties 1472e41f4b71Sopenharmony_ci } 1473e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 1474e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 1475e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1476e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 1477e41f4b71Sopenharmony_ci }) 1478e41f4b71Sopenharmony_ci} 1479e41f4b71Sopenharmony_ci 1480e41f4b71Sopenharmony_ciasync function GetKeyProperties(keyAlias: string) { 1481e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1482e41f4b71Sopenharmony_ci properties: [{ 1483e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1484e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1485e41f4b71Sopenharmony_ci }] 1486e41f4b71Sopenharmony_ci } 1487e41f4b71Sopenharmony_ci await huks.getKeyItemPropertiesAsUser(userId, keyAlias, options).then((data) => { 1488e41f4b71Sopenharmony_ci console.info("Obtained key properties: " + JSON.stringify(data)) 1489e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1490e41f4b71Sopenharmony_ci console.error("Failed to obtain key properties. Error code: " + err.code + " Error message: " + err.message) 1491e41f4b71Sopenharmony_ci }) 1492e41f4b71Sopenharmony_ci} 1493e41f4b71Sopenharmony_ci 1494e41f4b71Sopenharmony_ciasync function TestHuksGet() { 1495e41f4b71Sopenharmony_ci await GenerateKey(aesKeyAlias, GetAesGenerateProperties()) 1496e41f4b71Sopenharmony_ci await GetKeyProperties(aesKeyAlias) 1497e41f4b71Sopenharmony_ci} 1498e41f4b71Sopenharmony_ci 1499e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 1500e41f4b71Sopenharmony_ci console.info('begin huks as user test') 1501e41f4b71Sopenharmony_ci TestHuksGet() 1502e41f4b71Sopenharmony_ci} 1503e41f4b71Sopenharmony_ci``` 1504e41f4b71Sopenharmony_ci 1505e41f4b71Sopenharmony_ci## huks.hasKeyItemAsUser 1506e41f4b71Sopenharmony_ci 1507e41f4b71Sopenharmony_cihasKeyItemAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<boolean> 1508e41f4b71Sopenharmony_ci 1509e41f4b71Sopenharmony_ciChecks whether a key exists for the specified user. This API uses a promise to return the result. 1510e41f4b71Sopenharmony_ci 1511e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 1512e41f4b71Sopenharmony_ci 1513e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 1514e41f4b71Sopenharmony_ci 1515e41f4b71Sopenharmony_ci**Parameters** 1516e41f4b71Sopenharmony_ci 1517e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 1518e41f4b71Sopenharmony_ci| -------- | --------------------------- | ---- | ------------------------ | 1519e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 1520e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key to check. | 1521e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](js-apis-huks.md#huksauthstoragelevel11) to specify the storage security level of the key to check. If **HuksAuthStorageLevel** is left empty, **HUKS_AUTH_STORAGE_LEVEL_DE** is used by default. | 1522e41f4b71Sopenharmony_ci 1523e41f4b71Sopenharmony_ci**Return value** 1524e41f4b71Sopenharmony_ci 1525e41f4b71Sopenharmony_ci| Type | Description | 1526e41f4b71Sopenharmony_ci| ----------------- | --------------------------------------- | 1527e41f4b71Sopenharmony_ci| Promise\<boolean> | Promise used to return the result. If the key exists, **true** is returned. Otherwise, **false** is returned. | 1528e41f4b71Sopenharmony_ci 1529e41f4b71Sopenharmony_ci**Error codes** 1530e41f4b71Sopenharmony_ci 1531e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1532e41f4b71Sopenharmony_ci 1533e41f4b71Sopenharmony_ci| ID | Error Message | 1534e41f4b71Sopenharmony_ci| -------- | ------------- | 1535e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 1536e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 1537e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1538e41f4b71Sopenharmony_ci| 801 | api is not supported. | 1539e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 1540e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 1541e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 1542e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 1543e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 1544e41f4b71Sopenharmony_ci| 12000012 | external error. | 1545e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 1546e41f4b71Sopenharmony_ci 1547e41f4b71Sopenharmony_ci**Example** 1548e41f4b71Sopenharmony_ci 1549e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 1550e41f4b71Sopenharmony_ci 1551e41f4b71Sopenharmony_ci```ts 1552e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 1553e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 1554e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 1555e41f4b71Sopenharmony_ciconst userId = 100; 1556e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 1557e41f4b71Sopenharmony_ci 1558e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 1559e41f4b71Sopenharmony_ci return [{ 1560e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1561e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 1562e41f4b71Sopenharmony_ci }, { 1563e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1564e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 1565e41f4b71Sopenharmony_ci }, { 1566e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1567e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 1568e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1569e41f4b71Sopenharmony_ci }, { 1570e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1571e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 1572e41f4b71Sopenharmony_ci }, { 1573e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1574e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 1575e41f4b71Sopenharmony_ci }, { 1576e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1577e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1578e41f4b71Sopenharmony_ci }] 1579e41f4b71Sopenharmony_ci} 1580e41f4b71Sopenharmony_ci 1581e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 1582e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1583e41f4b71Sopenharmony_ci properties: genProperties 1584e41f4b71Sopenharmony_ci } 1585e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 1586e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 1587e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1588e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 1589e41f4b71Sopenharmony_ci }) 1590e41f4b71Sopenharmony_ci} 1591e41f4b71Sopenharmony_ci 1592e41f4b71Sopenharmony_ciasync function HasKey(keyAlias: string) { 1593e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1594e41f4b71Sopenharmony_ci properties: [{ 1595e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1596e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1597e41f4b71Sopenharmony_ci }] 1598e41f4b71Sopenharmony_ci } 1599e41f4b71Sopenharmony_ci await huks.hasKeyItemAsUser(userId, keyAlias, options).then((data) => { 1600e41f4b71Sopenharmony_ci console.info("Check result of the key with the alias of "+ keyAlias +" " + JSON.stringify(data)) 1601e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1602e41f4b71Sopenharmony_ci console.error("Failed to delete the key. Error code: " + err.code + " Error message: " + err.message) 1603e41f4b71Sopenharmony_ci }) 1604e41f4b71Sopenharmony_ci} 1605e41f4b71Sopenharmony_ci 1606e41f4b71Sopenharmony_ciasync function TestHuksHasKey() { 1607e41f4b71Sopenharmony_ci await GenerateKey(aesKeyAlias, GetAesGenerateProperties()) 1608e41f4b71Sopenharmony_ci await HasKey(aesKeyAlias) 1609e41f4b71Sopenharmony_ci} 1610e41f4b71Sopenharmony_ci 1611e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 1612e41f4b71Sopenharmony_ci console.info('begin huks as user test') 1613e41f4b71Sopenharmony_ci TestHuksHasKey() 1614e41f4b71Sopenharmony_ci} 1615e41f4b71Sopenharmony_ci``` 1616e41f4b71Sopenharmony_ci 1617e41f4b71Sopenharmony_ci## huks.initSessionAsUser 1618e41f4b71Sopenharmony_ci 1619e41f4b71Sopenharmony_ciinitSessionAsUser(userId: number, keyAlias: string, huksOptions: HuksOptions) : Promise\<HuksSessionHandle> 1620e41f4b71Sopenharmony_ci 1621e41f4b71Sopenharmony_ciInitialize a key session for the specified user. This API uses a promise to return the result. **huks.initSessionAsUser**, **huks.updateSession**, and **huks.finishSession** must be used together. 1622e41f4b71Sopenharmony_ci 1623e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS 1624e41f4b71Sopenharmony_ci 1625e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Security.Huks.Extension 1626e41f4b71Sopenharmony_ci 1627e41f4b71Sopenharmony_ci**Parameters** 1628e41f4b71Sopenharmony_ci 1629e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 1630e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1631e41f4b71Sopenharmony_ci| userId | number | Yes | User ID. | 1632e41f4b71Sopenharmony_ci| keyAlias | string | Yes | Alias of the key for the **initSessionAsUser** operation. | 1633e41f4b71Sopenharmony_ci| options | [HuksOptions](js-apis-huks.md#huksoptions) | Yes | Parameters for **initSessionAsUser**. | 1634e41f4b71Sopenharmony_ci 1635e41f4b71Sopenharmony_ci**Return value** 1636e41f4b71Sopenharmony_ci 1637e41f4b71Sopenharmony_ci| Type | Description | 1638e41f4b71Sopenharmony_ci| ----------------------------------- | -------------------------------------------------- | 1639e41f4b71Sopenharmony_ci| Promise\<[HuksSessionHandle](js-apis-huks.md#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations. | 1640e41f4b71Sopenharmony_ci 1641e41f4b71Sopenharmony_ci**Error codes** 1642e41f4b71Sopenharmony_ci 1643e41f4b71Sopenharmony_ciFor details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1644e41f4b71Sopenharmony_ci 1645e41f4b71Sopenharmony_ci| ID | Error Message | 1646e41f4b71Sopenharmony_ci| -------- | ------------- | 1647e41f4b71Sopenharmony_ci| 201 | the application permission is not sufficient, which may be caused by lack of cross-account permission, or the system has not been unlocked by user, or the user does not exist. | 1648e41f4b71Sopenharmony_ci| 202 | non-system applications are not allowed to use system APIs. | 1649e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1650e41f4b71Sopenharmony_ci| 801 | api is not supported. | 1651e41f4b71Sopenharmony_ci| 12000001 | algorithm mode is not supported. | 1652e41f4b71Sopenharmony_ci| 12000002 | algorithm param is missing. | 1653e41f4b71Sopenharmony_ci| 12000003 | algorithm param is invalid. | 1654e41f4b71Sopenharmony_ci| 12000004 | operating file failed. | 1655e41f4b71Sopenharmony_ci| 12000005 | IPC communication failed. | 1656e41f4b71Sopenharmony_ci| 12000006 | error occurred in crypto engine. | 1657e41f4b71Sopenharmony_ci| 12000010 | the number of sessions has reached limit. | 1658e41f4b71Sopenharmony_ci| 12000011 | queried entity does not exist. | 1659e41f4b71Sopenharmony_ci| 12000012 | external error. | 1660e41f4b71Sopenharmony_ci| 12000014 | memory is insufficient. | 1661e41f4b71Sopenharmony_ci 1662e41f4b71Sopenharmony_ci**Example** 1663e41f4b71Sopenharmony_ci 1664e41f4b71Sopenharmony_ci- Prerequisites: see **Example** of [generateKeyItemAsUser](#huksgeneratekeyitemasuser). 1665e41f4b71Sopenharmony_ci- The values of the following cryptography-related variables (such as **initializationVector**) are for reference only and cannot be directly used in the service logic. You need to set them based on actual situation. 1666e41f4b71Sopenharmony_ci 1667e41f4b71Sopenharmony_ci```ts 1668e41f4b71Sopenharmony_ciimport { huks } from '@kit.UniversalKeystoreKit'; 1669e41f4b71Sopenharmony_ciimport { BusinessError } from "@kit.BasicServicesKit" 1670e41f4b71Sopenharmony_ci 1671e41f4b71Sopenharmony_ciconst aesKeyAlias = 'test_aesKeyAlias'; 1672e41f4b71Sopenharmony_ciconst userId = 100; 1673e41f4b71Sopenharmony_ciconst userIdStorageLevel = huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_CE; 1674e41f4b71Sopenharmony_ciconst initializationVector = '001122334455'; 1675e41f4b71Sopenharmony_ciconst plainText = '123456789'; 1676e41f4b71Sopenharmony_ci 1677e41f4b71Sopenharmony_cifunction StringToUint8Array(str: string) { 1678e41f4b71Sopenharmony_ci let arr: number[] = []; 1679e41f4b71Sopenharmony_ci for (let i = 0, j = str.length; i < j; ++i) { 1680e41f4b71Sopenharmony_ci arr.push(str.charCodeAt(i)); 1681e41f4b71Sopenharmony_ci } 1682e41f4b71Sopenharmony_ci return new Uint8Array(arr); 1683e41f4b71Sopenharmony_ci} 1684e41f4b71Sopenharmony_ci 1685e41f4b71Sopenharmony_cifunction Uint8ArrayToString(fileData: Uint8Array) { 1686e41f4b71Sopenharmony_ci let dataString = ''; 1687e41f4b71Sopenharmony_ci for (let i = 0; i < fileData.length; i++) { 1688e41f4b71Sopenharmony_ci dataString += String.fromCharCode(fileData[i]); 1689e41f4b71Sopenharmony_ci } 1690e41f4b71Sopenharmony_ci return dataString; 1691e41f4b71Sopenharmony_ci} 1692e41f4b71Sopenharmony_ci 1693e41f4b71Sopenharmony_cifunction GetAesGenerateProperties(): Array<huks.HuksParam> { 1694e41f4b71Sopenharmony_ci return [{ 1695e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1696e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 1697e41f4b71Sopenharmony_ci }, { 1698e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1699e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 1700e41f4b71Sopenharmony_ci }, { 1701e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1702e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 1703e41f4b71Sopenharmony_ci huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1704e41f4b71Sopenharmony_ci }, { 1705e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1706e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 1707e41f4b71Sopenharmony_ci }, { 1708e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1709e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 1710e41f4b71Sopenharmony_ci }, { 1711e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1712e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1713e41f4b71Sopenharmony_ci }] 1714e41f4b71Sopenharmony_ci} 1715e41f4b71Sopenharmony_ci 1716e41f4b71Sopenharmony_cifunction GetAesEncryptProperties(): Array<huks.HuksParam> { 1717e41f4b71Sopenharmony_ci return [{ 1718e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1719e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 1720e41f4b71Sopenharmony_ci }, { 1721e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1722e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 1723e41f4b71Sopenharmony_ci }, { 1724e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1725e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 1726e41f4b71Sopenharmony_ci }, { 1727e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1728e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 1729e41f4b71Sopenharmony_ci }, { 1730e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1731e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 1732e41f4b71Sopenharmony_ci }, { 1733e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_IV, 1734e41f4b71Sopenharmony_ci value: StringToUint8Array(initializationVector) 1735e41f4b71Sopenharmony_ci }, { 1736e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1737e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1738e41f4b71Sopenharmony_ci }] 1739e41f4b71Sopenharmony_ci} 1740e41f4b71Sopenharmony_ci 1741e41f4b71Sopenharmony_cifunction GetAesDecryptProperties(): Array<huks.HuksParam> { 1742e41f4b71Sopenharmony_ci return [{ 1743e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1744e41f4b71Sopenharmony_ci value: huks.HuksKeyAlg.HUKS_ALG_AES 1745e41f4b71Sopenharmony_ci }, { 1746e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1747e41f4b71Sopenharmony_ci value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1748e41f4b71Sopenharmony_ci }, { 1749e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1750e41f4b71Sopenharmony_ci value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1751e41f4b71Sopenharmony_ci }, { 1752e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_PADDING, 1753e41f4b71Sopenharmony_ci value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 1754e41f4b71Sopenharmony_ci }, { 1755e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1756e41f4b71Sopenharmony_ci value: huks.HuksCipherMode.HUKS_MODE_CBC 1757e41f4b71Sopenharmony_ci }, { 1758e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_IV, 1759e41f4b71Sopenharmony_ci value: StringToUint8Array(initializationVector) 1760e41f4b71Sopenharmony_ci }, { 1761e41f4b71Sopenharmony_ci tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 1762e41f4b71Sopenharmony_ci value: userIdStorageLevel, 1763e41f4b71Sopenharmony_ci }] 1764e41f4b71Sopenharmony_ci} 1765e41f4b71Sopenharmony_ci 1766e41f4b71Sopenharmony_ciasync function GenerateKey(keyAlias: string, genProperties: Array<huks.HuksParam>) { 1767e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1768e41f4b71Sopenharmony_ci properties: genProperties 1769e41f4b71Sopenharmony_ci } 1770e41f4b71Sopenharmony_ci await huks.generateKeyItemAsUser(userId, keyAlias, options).then((data) => { 1771e41f4b71Sopenharmony_ci console.info("Generated a key with alias of: " + keyAlias + "") 1772e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1773e41f4b71Sopenharmony_ci console.error("Failed to generate the key. Error code: " + err.code + " Error message: " + err.message) 1774e41f4b71Sopenharmony_ci }) 1775e41f4b71Sopenharmony_ci} 1776e41f4b71Sopenharmony_ci 1777e41f4b71Sopenharmony_ciasync function EncryptData(keyAlias: string, encryptProperties: Array<huks.HuksParam>): Promise<Uint8Array> { 1778e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1779e41f4b71Sopenharmony_ci properties: encryptProperties, 1780e41f4b71Sopenharmony_ci inData: StringToUint8Array(plainText) 1781e41f4b71Sopenharmony_ci } 1782e41f4b71Sopenharmony_ci let handle: number = 0; 1783e41f4b71Sopenharmony_ci let cipherData: Uint8Array = new Uint8Array([]); 1784e41f4b71Sopenharmony_ci await huks.initSessionAsUser(userId, keyAlias, options).then((data) => { 1785e41f4b71Sopenharmony_ci handle = data.handle; 1786e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1787e41f4b71Sopenharmony_ci console.error("Failed to initialize the key session. Error code: "+ err.code +" Error message: "+ err.message) 1788e41f4b71Sopenharmony_ci }) 1789e41f4b71Sopenharmony_ci await huks.finishSession(handle, options).then((data) => { 1790e41f4b71Sopenharmony_ci console.info("Data is encrypted. Ciphertext: " + Uint8ArrayToString(data.outData)) 1791e41f4b71Sopenharmony_ci if (data.outData != undefined) { 1792e41f4b71Sopenharmony_ci cipherData = data.outData 1793e41f4b71Sopenharmony_ci } 1794e41f4b71Sopenharmony_ci console.info("running time result success!") 1795e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1796e41f4b71Sopenharmony_ci console.error("An exception is captured in the encryption process. Error code: " + err.code +" Error message: "+ err.message) 1797e41f4b71Sopenharmony_ci }) 1798e41f4b71Sopenharmony_ci return cipherData 1799e41f4b71Sopenharmony_ci} 1800e41f4b71Sopenharmony_ci 1801e41f4b71Sopenharmony_ciasync function DecryptData(keyAlias: string, decryptProperties: Array<huks.HuksParam>, cipherData: Uint8Array) { 1802e41f4b71Sopenharmony_ci const options: huks.HuksOptions = { 1803e41f4b71Sopenharmony_ci properties: decryptProperties, 1804e41f4b71Sopenharmony_ci inData: cipherData 1805e41f4b71Sopenharmony_ci } 1806e41f4b71Sopenharmony_ci let handle: number = 0; 1807e41f4b71Sopenharmony_ci await huks.initSessionAsUser(userId, keyAlias, options).then((data) => { 1808e41f4b71Sopenharmony_ci handle = data.handle; 1809e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1810e41f4b71Sopenharmony_ci console.error("Failed to initialize the key session. Error code: "+ err.code +" Error message: "+ err.message) 1811e41f4b71Sopenharmony_ci }) 1812e41f4b71Sopenharmony_ci await huks.finishSession(handle, options).then((data) => { 1813e41f4b71Sopenharmony_ci console.info("Data is decrypted. Plaintext: " + Uint8ArrayToString(data.outData)) 1814e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 1815e41f4b71Sopenharmony_ci console.error("An exception is captured in the decryption process. Error code: " + err.code +" Error message: "+ err.message) 1816e41f4b71Sopenharmony_ci }) 1817e41f4b71Sopenharmony_ci} 1818e41f4b71Sopenharmony_ci 1819e41f4b71Sopenharmony_ciasync function TestHuksInit() { 1820e41f4b71Sopenharmony_ci await GenerateKey(aesKeyAlias, GetAesGenerateProperties()) 1821e41f4b71Sopenharmony_ci let cipherData: Uint8Array = await EncryptData(aesKeyAlias, GetAesEncryptProperties()) 1822e41f4b71Sopenharmony_ci await DecryptData(aesKeyAlias, GetAesDecryptProperties(), cipherData) 1823e41f4b71Sopenharmony_ci} 1824e41f4b71Sopenharmony_ci 1825e41f4b71Sopenharmony_ciexport default function HuksAsUserTest() { 1826e41f4b71Sopenharmony_ci console.info('begin huks as user test') 1827e41f4b71Sopenharmony_ci TestHuksInit() 1828e41f4b71Sopenharmony_ci} 1829e41f4b71Sopenharmony_ci``` 1830