1e41f4b71Sopenharmony_ci# Introduction to Device Certificate Kit 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciDevice Certificate Kit provides the [certificate framework](#certificate-framework) and [certificate management](#certificate-management) capabilities for developers. 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci## Certificate Framework 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ciThe certificate framework provides APIs for parsing and validating digital certificates. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ciYou can use the APIs to parse and validate a certificate, certificate extensions, and a certificate revocation list (CRL), and validate a certificate chain. 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ciThe certificate framework shields the differences between third-party algorithm libraries to make development a more enjoyable experience. 12e41f4b71Sopenharmony_ci 13e41f4b71Sopenharmony_ci**Scenarios** 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ciThe application parses the received certificate or the certificate entered by the user, obtains the basic fields or extension fields of the certificate for display or verification, and uses the CA certificate chain and CRL to verify the certificate validity. 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci### Working Principles 18e41f4b71Sopenharmony_ci 19e41f4b71Sopenharmony_ciThe system provides the certificate framework, which shields the differences between third-party algorithm libraries. You only need to use the APIs provided by the certificate framework to implement operations on certificates. 20e41f4b71Sopenharmony_ci 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci 23e41f4b71Sopenharmony_ci### Related Kits 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ciDuring the use of certificate framework functionalities, public keys need to be generated and obtained, which depends on [Crypto Architecture Kit](../CryptoArchitectureKit/crypto-architecture-kit-intro.md). 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci## Certificate Management 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ciThe **certManager** module provides system-level certificate management capabilities to ensure certificate security during transmission and storage and prevent unauthorized certificate access and use. 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ciYou can use the APIs provided by this module to implement secure management and use of certificates throughout their lifecycle (installation, storage, use, and destruction). You can also install, obtain, use, and uninstall private certificates. 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci**Scenarios** 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ci- Install a private certificate. 36e41f4b71Sopenharmony_ci- Obtain a private certificate. 37e41f4b71Sopenharmony_ci- Use a private certificate to generate a signature and verify a signature. 38e41f4b71Sopenharmony_ci- Uninstall a private certificate. 39e41f4b71Sopenharmony_ci 40e41f4b71Sopenharmony_ci### Related Kits 41e41f4b71Sopenharmony_ci 42e41f4b71Sopenharmony_ciDuring the use of the certificate management functionalities, certificates need to be installed and used, which depends on [Universal Keystore Kit](../UniversalKeystoreKit/huks-overview.md). 43e41f4b71Sopenharmony_ci 44e41f4b71Sopenharmony_ci## Constraints 45e41f4b71Sopenharmony_ci 46e41f4b71Sopenharmony_ciDevice Certificate Kit does not provide the capabilities of generating or issuing certificates or CRLs. Such capabilities are implemented by a certificate authority (CA) rather than a single application. 47
