1e41f4b71Sopenharmony_ci# Key Generation Overview and Algorithm Specifications 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciYou can use the HUKS APIs to generate a key randomly and store the key in HUKS. 4e41f4b71Sopenharmony_ci> **NOTE**<br> 5e41f4b71Sopenharmony_ci> Key aliases must not contain sensitive information, such as personal data. 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci- Random generation: HUKS uses a cryptographically secure pseudorandom number generator (PRNG) to generate keys. The PRNG helps improve the randomness, unpredictability, and non-reproducibility of the keys, making the generated keys difficult to infer. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci- Secure storage: Except the public keys in asymmetric key pairs, the keys generated by HUKS can be used only in the secure storage area throughout their lifecycle (from generation to destruction). In addition, the generated key file cannot be directly accessed by any service except HUKS. Even the services that generate the keys can perform key operations and obtain the operation result only using the HUKS APIs. 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ci## Supported Algorithms 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ciThe following table lists the supported key generation specifications. 15e41f4b71Sopenharmony_ci<!--Del--> 16e41f4b71Sopenharmony_ciThe key management service specifications include mandatory specifications and optional specifications. Mandatory specifications are algorithm specifications that must be supported. Optional specifications can be used based on actual situation. Before using the optional specifications, refer to the documents provided by the vendor to ensure that the specifications are supported. 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci**You are advised to use mandatory specifications in your development for compatibility purposes.** 19e41f4b71Sopenharmony_ci<!--DelEnd--> 20e41f4b71Sopenharmony_ci**Specifications for Standard-System Devices** 21e41f4b71Sopenharmony_ci| Algorithm| Supported Key Length (Bit)| API Version| <!--DelCol4-->Mandatory| 22e41f4b71Sopenharmony_ci| -------- | -------- | -------- | -------- | 23e41f4b71Sopenharmony_ci| AES | 128, 192, 256| 8+ | Yes| 24e41f4b71Sopenharmony_ci| <!--DelRow-->RSA | 512, 768, 1024| 8+ | No| 25e41f4b71Sopenharmony_ci| RSA | 2048, 3072, 4096| 8+ | Yes| 26e41f4b71Sopenharmony_ci| HMAC | An integer multiple of 8, ranging from 8 to 1024 (inclusive)| 8+ | Yes| 27e41f4b71Sopenharmony_ci| <!--DelRow-->ECC | 224 | 8+ | No| 28e41f4b71Sopenharmony_ci| ECC | 256, 384, 521| 8+ | Yes| 29e41f4b71Sopenharmony_ci| ED25519 | 256 | 8+ | Yes| 30e41f4b71Sopenharmony_ci| X25519 | 256 | 8+ | Yes| 31e41f4b71Sopenharmony_ci| <!--DelRow-->DSA | An integer multiple of 8, ranging from 512 to 1024 (inclusive) | 8+ | No| 32e41f4b71Sopenharmony_ci| DH | 2048 | 8+ | Yes| 33e41f4b71Sopenharmony_ci| <!--DelRow-->DH | 3072, 4096| 8+ | No| 34e41f4b71Sopenharmony_ci| SM2 | 256 | 9+ | Yes| 35e41f4b71Sopenharmony_ci| SM4 | 128 | 9+ | Yes| 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ci> **NOTE**<br> 38e41f4b71Sopenharmony_ci> The DH algorithm uses the FFDHE named safe prime groups. 39e41f4b71Sopenharmony_ci 40e41f4b71Sopenharmony_ci**Specifications for Mimi-System Devices** 41e41f4b71Sopenharmony_ci 42e41f4b71Sopenharmony_ci<!--Del--> 43e41f4b71Sopenharmony_ciBefore implementing the specifications for mini-system devices, determine whether your device supports the related specifications. 44e41f4b71Sopenharmony_ci<!--DelEnd--> 45e41f4b71Sopenharmony_ci 46e41f4b71Sopenharmony_ci| Algorithm| Supported Key Length (Bit)| API Version| 47e41f4b71Sopenharmony_ci| -------- | -------- | -------- | 48e41f4b71Sopenharmony_ci| AES | 128, 192, 256| 8+ | 49e41f4b71Sopenharmony_ci| DES | 64 | 12+ | 50e41f4b71Sopenharmony_ci| 3DES | 128, 192| 12+ | 51e41f4b71Sopenharmony_ci| RSA | An integer multiple of 8, ranging from 1024 to 2048 (inclusive)| 12+ | 52e41f4b71Sopenharmony_ci| HMAC | An integer multiple of 8, ranging from 8 to 1024 (inclusive)| 12+ | 53e41f4b71Sopenharmony_ci| CMAC | 128 (supporting only 3DES)| 12+ | 54