1e41f4b71Sopenharmony_ci# HUKS Changelog
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ci## cl.huks.1 HUKS Supports RsaPssSaltLengthType
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ciBefore the change, the HUKS uses **RSA_PSS_SALT_LEN_MAX** for signing or signature verification by default.
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ciAfter the change, the type defined by **HuksRsaPssSaltLenType** is passed in for signature or signature verification. If **HuksRsaPssSaltLenType** is not passed in, **RSA_PSS_SALT_LEN_MAX** is used by default.
8e41f4b71Sopenharmony_ci
9e41f4b71Sopenharmony_ci**Change Impact**
10e41f4b71Sopenharmony_ci
11e41f4b71Sopenharmony_ciBehaviors of released JavaScript APIs have been changed.
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ci**Key API/Component Changes**
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ciReleased JavaScript APIs remain unchanged, but the parameter set passed to the APIs are changed.
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci**Adaptation Guide**
18e41f4b71Sopenharmony_ci
19e41f4b71Sopenharmony_ciThe following uses RSA signing as an example.
20e41f4b71Sopenharmony_ci
21e41f4b71Sopenharmony_ci```js
22e41f4b71Sopenharmony_ciimport huks from '@ohos.security.huks';
23e41f4b71Sopenharmony_ci
24e41f4b71Sopenharmony_cilet keyAlias = 'rsa_Key';
25e41f4b71Sopenharmony_cilet inData = new Uint8Array(
26e41f4b71Sopenharmony_ci    0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF,
27e41f4b71Sopenharmony_ci    0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3,
28e41f4b71Sopenharmony_ci);
29e41f4b71Sopenharmony_ci/* Parameters for signing */
30e41f4b71Sopenharmony_cilet signProperties = new Array();
31e41f4b71Sopenharmony_cisignProperties[0] = {
32e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
33e41f4b71Sopenharmony_ci    value: huks.HuksKeyAlg.HUKS_ALG_RSA,
34e41f4b71Sopenharmony_ci}
35e41f4b71Sopenharmony_cisignProperties[1] = {
36e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
37e41f4b71Sopenharmony_ci    value:
38e41f4b71Sopenharmony_ci    huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN
39e41f4b71Sopenharmony_ci}
40e41f4b71Sopenharmony_cisignProperties[2] = {
41e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
42e41f4b71Sopenharmony_ci    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048,
43e41f4b71Sopenharmony_ci}
44e41f4b71Sopenharmony_cisignProperties[3] = {
45e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_PADDING,
46e41f4b71Sopenharmony_ci    value: huks.HuksKeyPadding.HUKS_PADDING_PSS,
47e41f4b71Sopenharmony_ci}
48e41f4b71Sopenharmony_cisignProperties[4] = {
49e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_DIGEST,
50e41f4b71Sopenharmony_ci    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA1,
51e41f4b71Sopenharmony_ci}
52e41f4b71Sopenharmony_cisignProperties[5] = {
53e41f4b71Sopenharmony_ci    tag: huks.HuksTag.HUKS_TAG_RSA_PSS_SALT_LEN_TYPE,
54e41f4b71Sopenharmony_ci    value: huks.HuksRsaPssSaltLenType.HUKS_RSA_PSS_SALT_LEN_MAX,
55e41f4b71Sopenharmony_ci}
56e41f4b71Sopenharmony_cilet signOptions = {
57e41f4b71Sopenharmony_ci    properties: signProperties,
58e41f4b71Sopenharmony_ci    inData: inData
59e41f4b71Sopenharmony_ci}
60e41f4b71Sopenharmony_ci
61e41f4b71Sopenharmony_cihuks.initSession(keyAlias, signOptions);
62e41f4b71Sopenharmony_ci```
63e41f4b71Sopenharmony_ci
64e41f4b71Sopenharmony_ciFor more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
65e41f4b71Sopenharmony_ci
66e41f4b71Sopenharmony_ci## cl.huks.2 Resolved the Issues in Storage or Export of Derived or Agreed Keys
67e41f4b71Sopenharmony_ci
68e41f4b71Sopenharmony_ciBefore the change, the HUKS supports storage and export of derived keys and agreed keys, which poses security risks.
69e41f4b71Sopenharmony_ci
70e41f4b71Sopenharmony_ciAfter the change, the application needs to pass in **HuksKeyStorageType** for key derivation or key agreement. Only storage or export is allowed at a time. If this parameter is not passed in, both storage and export are supported by default, which poses security risks and is not recommended.
71e41f4b71Sopenharmony_ci
72e41f4b71Sopenharmony_ci**Change Impact**
73e41f4b71Sopenharmony_ci
74e41f4b71Sopenharmony_ciBehaviors of released JavaScript APIs have been changed.
75e41f4b71Sopenharmony_ci
76e41f4b71Sopenharmony_ci**Key API/Component Changes**
77e41f4b71Sopenharmony_ci
78e41f4b71Sopenharmony_ciReleased JavaScript APIs remain unchanged, but the parameter set passed to the APIs are changed.
79e41f4b71Sopenharmony_ci
80e41f4b71Sopenharmony_ci**Adaptation Guide**
81e41f4b71Sopenharmony_ci
82e41f4b71Sopenharmony_ciFor more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
83e41f4b71Sopenharmony_ci
84e41f4b71Sopenharmony_ci## cl.huks.3 Adding Tags for Fine-grained User Identity Access Control
85e41f4b71Sopenharmony_ci
86e41f4b71Sopenharmony_ciAdded **HUKS_TAG_KEY_AUTH_PURPOSE** to **HuksTag** for fine-grained user identity access control. This tag specifies the user identity authentication used for specific algorithm. 
87e41f4b71Sopenharmony_ci
88e41f4b71Sopenharmony_ci**Change Impact**
89e41f4b71Sopenharmony_ci
90e41f4b71Sopenharmony_ciThe new HuksTag does not affect existing APIs.
91e41f4b71Sopenharmony_ci
92e41f4b71Sopenharmony_ci**Key API/Component Changes**
93e41f4b71Sopenharmony_ci
94e41f4b71Sopenharmony_ci**HuksTag** is added with **HUKS_TAG_KEY_AUTH_PURPOSE** to support fine-grained user identity access control.
95e41f4b71Sopenharmony_ci
96e41f4b71Sopenharmony_ci**Adaptation Guide**
97e41f4b71Sopenharmony_ci
98e41f4b71Sopenharmony_ciFor more information, see [Fine-grained User Identity Authentication](../../../application-dev/security/huks-guidelines.md#fine-grained-user-identity-authentication) and [HuksTag](../../../application-dev/reference/apis/js-apis-huks.md#hukstag).
99