1e41f4b71Sopenharmony_ci# Symmetric Key Generation and Conversion Specifications 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciThis topic describes the supported algorithms and specifications for symmetric key generation and conversion. 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ciA key can be generated based on a string parameter, which holds key specifications. The string parameters supported by each algorithm are provided in the specific algorithm specifications. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ci## AES 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ciAdvanced Encryption Standard (AES) is the most common symmetric encryption algorithm. 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ciIt has the following features: 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ci- It is a block cipher with a block size of 128 bits. 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci- The key length can be 128 bits, 192 bits, or 256 bits. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci- It provides higher security and faster processing speed than Triple Data Encryption Standard (3DES). 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci 23e41f4b71Sopenharmony_ciAn AES key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length. 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 27e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 28e41f4b71Sopenharmony_ci| AES | 128 | AES128 | 9+ | 29e41f4b71Sopenharmony_ci| AES | 192 | AES192 | 9+ | 30e41f4b71Sopenharmony_ci| AES | 256 | AES256 | 9+ | 31e41f4b71Sopenharmony_ci 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci## 3DES 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ci3DES is also called 3DESede or Triple DES. 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ciIt has the following features: 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ci- It uses three 64-bit keys to encrypt a data block three times, which means to apply the DES cipher three times to each data block. 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci- Compared with DES, 3DES provides higher security due to longer key length, but lower processing speed. 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_ciA 3DES key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length. 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 46e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 47e41f4b71Sopenharmony_ci| 3DES | 192 | 3DES192 | 9+ | 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci 50e41f4b71Sopenharmony_ci## SM4 51e41f4b71Sopenharmony_ci 52e41f4b71Sopenharmony_ciShangMi 4 (SM4) is a symmetric algorithm. 53e41f4b71Sopenharmony_ci 54e41f4b71Sopenharmony_ciIt has the following features: 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ci- It is a block cipher with a block size of 128 bits. 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci- The key length is also 128 bits, which can be extended by an expansion key. 59e41f4b71Sopenharmony_ci 60e41f4b71Sopenharmony_ci- Both the encryption algorithm and the key expansion algorithm use a 32-round non-linear iteration structure. A non-linear key scheduler is used to produce the round keys. The decryption uses the same round keys as for encryption, except that they are in reversed order. 61e41f4b71Sopenharmony_ci 62e41f4b71Sopenharmony_ciAn SM4 key can be generated from a string parameter. When creating a symmetric key generator instance, you need to specify the key specifications in a string parameter. The string parameter consists of the symmetric key algorithm and key length with an underscore (_) in between. 63e41f4b71Sopenharmony_ci 64e41f4b71Sopenharmony_ci| Symmetric Key Algorithm| Key Length (Bit)| String Parameter| API Version| 65e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 66e41f4b71Sopenharmony_ci| SM4 | 128 | SM4_128 | 10+ | 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ci 69e41f4b71Sopenharmony_ci## HMAC 70e41f4b71Sopenharmony_ci 71e41f4b71Sopenharmony_ciHash-based Message Authentication Code (HMAC) is a hash-based message authentication code algorithm. A symmetric key is required for calculation. 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ciIt has the following features: 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ciThe symmetric key used by HMAC can be of any length. 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ci- If the key length is greater than the HMAC block length, the one-way hash result of the key is used as the new key. 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci- If the key length is less than the HMAC block length, 0s are padded at the end of the key as the new key. That is, the key length is the same as the HMAC block length. 80e41f4b71Sopenharmony_ci 81e41f4b71Sopenharmony_ci- You are advised to use the output length of the message digest (MD) algorithm as the key length. 82e41f4b71Sopenharmony_ci 83e41f4b71Sopenharmony_ciThe symmetric key used by HMAC can be generated based on a string parameter. 84e41f4b71Sopenharmony_ci 85e41f4b71Sopenharmony_ci- When the length of the key used by HMAC is the same as the length of the MD generated, the string parameter consists of the MAC algorithm and MD algorithm with a vertical bar (|) in between. The string parameter specifies the key specifications when a symmetric key generator is created. 86e41f4b71Sopenharmony_ci 87e41f4b71Sopenharmony_ci- If the length of the key used by HMAC is not within the range of the MD generated by the MD algorithms listed in the following table, use the string parameter **HMAC** to create a symmetric key generator and then generate a key based on the binary data of the key used by HMAC. 88e41f4b71Sopenharmony_ci 89e41f4b71Sopenharmony_ci| MAC Algorithm| MD Algorithm| Key Length (Bit)| String Parameter| API Version| 90e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | -------- | 91e41f4b71Sopenharmony_ci| HMAC | SHA1 | 160 | HMAC\|SHA1 | 11+ | 92e41f4b71Sopenharmony_ci| HMAC | SHA224 | 224 | HMAC\|SHA224 | 11+ | 93e41f4b71Sopenharmony_ci| HMAC | SHA256 | 256 | HMAC\|SHA256 | 11+ | 94e41f4b71Sopenharmony_ci| HMAC | SHA384 | 384 | HMAC\|SHA384 | 11+ | 95e41f4b71Sopenharmony_ci| HMAC | SHA512 | 512 | HMAC\|SHA512 | 11+ | 96e41f4b71Sopenharmony_ci| HMAC | SM3 | 256 | HMAC\|SM3 | 11+ | 97e41f4b71Sopenharmony_ci| HMAC | - | [1, 32768] | HMAC | 11+ | 98