1e41f4b71Sopenharmony_ci# Introduction to Universal Keystore Kit
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciUniversal Keystore Kit (referred to as HUKS) provides applications and services with unified secure key operations, including key management (key generation/destruction, key import, key attestation, key agreement, and key derivation) and key use (encryption/decryption, signing/signature verification, and access control).
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ciThe keys managed by HUKS can be imported by a service or an application or generated by invoking HUKS APIs. HUKS also provides the key access control, which ensures secure and authorized access to the keys in HUKS.
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci## HUKS Architecture
8e41f4b71Sopenharmony_ci
9e41f4b71Sopenharmony_ciThe HUKS module consists of the following:
10e41f4b71Sopenharmony_ci
11e41f4b71Sopenharmony_ci- SDK: provides key management APIs. You can use ArkTS or C APIs based on your services.
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ci- HUKS service layer: implements key session management and storage management.
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci- HUKS core layer: implements core functionalities, including cryptographic operations, encryption and decryption, and key access control.
16e41f4b71Sopenharmony_ci  > **NOTE**
17e41f4b71Sopenharmony_ci  > The HUKS core layer must run in a secure environment, such as the [TEE](huks-concepts.md) or secure chipset of a system or device. The secure environment depends on the hardware. The implementation in the open source repository is simulated, and subject to adaptation by OEM vendors.
18e41f4b71Sopenharmony_ci
19e41f4b71Sopenharmony_ci![en_image_0000001736030930](figures/huks_architecture.png)
20e41f4b71Sopenharmony_ci
21e41f4b71Sopenharmony_ci
22e41f4b71Sopenharmony_ci## Core Functionalities
23e41f4b71Sopenharmony_ci
24e41f4b71Sopenharmony_ciHUKS provides the following key management functionalities throughout their lifecycle.
25e41f4b71Sopenharmony_ci
26e41f4b71Sopenharmony_ci
27e41f4b71Sopenharmony_ci### Key Generation
28e41f4b71Sopenharmony_ci
29e41f4b71Sopenharmony_ci| Functionality| Description|
30e41f4b71Sopenharmony_ci| -------- | -------- |
31e41f4b71Sopenharmony_ci| [Key generation](huks-key-generation-overview.md) | Generates a key randomly. During the lifecycle of the key, the plaintext of the key can be accessed only in the secure environment and cannot be exposed out of the secure environment.|
32e41f4b71Sopenharmony_ci| [Key import](huks-key-import-overview.md) | Imports an externally generated key to HUKS for management.|
33e41f4b71Sopenharmony_ci
34e41f4b71Sopenharmony_ci
35e41f4b71Sopenharmony_ci### Key Use
36e41f4b71Sopenharmony_ci
37e41f4b71Sopenharmony_ci| Functionality| Description|
38e41f4b71Sopenharmony_ci| -------- | -------- |
39e41f4b71Sopenharmony_ci| [Encryption and decryption](huks-encryption-decryption-overview.md) | Encrypts plaintext into ciphertext using a key, or decrypts ciphertext into plaintext using a key.|
40e41f4b71Sopenharmony_ci| [Signing and signature verification](huks-signing-signature-verification-overview.md) | Generates a digital signature, which confirms the data authenticity (the message came from the stated sender).|
41e41f4b71Sopenharmony_ci| [Key agreement](huks-key-agreement-overview.md) | Allows two or more parties to jointly establish a shared key in a non-secure environment.|
42e41f4b71Sopenharmony_ci| [Key derivation](huks-key-derivation-overview.md) | Derives one or more secrete keys from a key.|
43e41f4b71Sopenharmony_ci| [Key access control](huks-identity-authentication-overview.md) | Prevents unauthorized access to the keys in HUKS.|
44e41f4b71Sopenharmony_ci
45e41f4b71Sopenharmony_ci
46e41f4b71Sopenharmony_ci### Key Deletion
47e41f4b71Sopenharmony_ci
48e41f4b71Sopenharmony_ci| Functionality| Description|
49e41f4b71Sopenharmony_ci| -------- | -------- |
50e41f4b71Sopenharmony_ci| [Key deletion](huks-delete-key-arkts.md) | Securely deletes key data from HUKS.|
51e41f4b71Sopenharmony_ci
52e41f4b71Sopenharmony_ci
53e41f4b71Sopenharmony_ci### Key Attestation
54e41f4b71Sopenharmony_ci
55e41f4b71Sopenharmony_ci| Functionality| Description|
56e41f4b71Sopenharmony_ci| -------- | -------- |
57e41f4b71Sopenharmony_ci| [Key attestation](huks-key-attestation-overview.md) | Issues a certificate for the public key in an asymmetric key pair stored in HUKS to prove the validity of the key (the key is generated in a secure environment).|
58e41f4b71Sopenharmony_ci
59e41f4b71Sopenharmony_ci
60e41f4b71Sopenharmony_ci## Related Kits
61e41f4b71Sopenharmony_ci
62e41f4b71Sopenharmony_ci[Key access control](huks-identity-authentication-overview.md) depends on [User Authentication Kit](../UserAuthenticationKit/user-authentication-overview.md).
63e41f4b71Sopenharmony_ci
64