# @ohos.security.huks (Universal Keystore)
The **huks** module provides KeyStore (KS) capabilities, including key management and cryptographic operations, for applications. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs.
> **NOTE**
>
> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
## Modules to Import
```ts
import { huks } from '@kit.UniversalKeystoreKit';
```
## HuksParam
Defines the **param** field in the **properties** array of **options** used in the APIs.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
| Name| Type | Mandatory| Description |
| ------ | ----------------------------------- | ---- | ------------ |
| tag | [HuksTag](#hukstag) | Yes | Tag. |
| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.|
## HuksOptions
Defines **options** used in the APIs.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Type | Mandatory| Description |
| ---------- | ----------------- | ---- | ------------------------ |
| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.|
| inData | Uint8Array | No | Input data. |
## HuksSessionHandle9+
Defines the struct for a HUKS handle.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Type | Mandatory| Description |
| --------- | ---------- | ---- | ---------------------------------------------------- |
| handle | number | Yes | Value of the handle. |
| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.|
## HuksReturnResult9+
Represents the result returned.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Type | Mandatory| Description |
| ---------- | ------------------------------- | ---- | ---------------- |
| outData | Uint8Array | No | Output data.
**Atomic service API**: This API can be used in atomic services since API version 11. |
| properties | Array\<[HuksParam](#huksparam)> | No | Property information.
**Atomic service API**: This API can be used in atomic services since API version 11. |
| certChains | Array\ | No | Certificate chain information.
**Atomic service API**: This API can be used in atomic services since API version 12.|
## HuksListAliasesReturnResult12+
Represents an array of key aliases.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Type | Mandatory| Description |
| ---------- | ------------------------------- | ---- | ---------------- |
| keyAliases | Array\ | Yes | Array of key aliases.|
## huks.generateKeyItem9+
generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Generates a key. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.|
| callback | AsyncCallback\ | Yes | Callback used to return the result.
If the operation is successful, this API does not return the key content because the key is always protected in a TEE.
If an exception occurs in the generation process, an error is captured.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Generate a 256-bit ECC key. */
let keyAlias: string = 'keyAlias';
let properties: Array =[
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
];
let options: huks.HuksOptions = {
properties: properties
};
try {
huks.generateKeyItem(keyAlias, options, (error, data) => {
if (error) {
console.error(`callback: generateKeyItem failed`);
} else {
console.info(`callback: generateKeyItem key success`);
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid`);
}
```
## huks.generateKeyItem9+
generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------ |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.|
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise\ | Promise that returns no value.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
/* Generate a 256-bit ECC key. */
import { huks } from '@kit.UniversalKeystoreKit';
let keyAlias = 'keyAlias';
let properties: Array =[
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
];
let options: huks.HuksOptions = {
properties: properties
};
try {
huks.generateKeyItem(keyAlias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: generateKeyItem failed`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid`);
}
```
## huks.deleteKeyItem9+
deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Deletes a key. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. |
| callback | AsyncCallback\ | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => {
if (error) {
console.error(`callback: deleteKeyItem failed`);
} else {
console.info(`callback: deleteKeyItem key success`);
}
});
} catch (error) {
console.error(`callback: deleteKeyItem input arg invalid`);
}
```
## huks.deleteKeyItem9+
deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Deletes a key. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ----------------------------------- |
| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. |
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise\ | Promise that returns no value.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.deleteKeyItem(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: deleteKeyItem key success`);
})
.catch((error: Error) => {
console.error(`promise: deleteKeyItem failed`);
});
} catch (error) {
console.error(`promise: deleteKeyItem input arg invalid`);
}
```
## huks.importKeyItem9+
importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Imports a key in plaintext. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.|
| callback | AsyncCallback\ | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Import a 256-bit AES key. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let options: huks.HuksOptions = {
properties: properties,
inData: plainTextSize32
};
try {
huks.importKeyItem(keyAlias, options, (error, data) => {
if (error) {
console.error(`callback: importKeyItem failed`);
} else {
console.info(`callback: importKeyItem success`);
}
});
} catch (error) {
console.error(`callback: importKeyItem input arg invalid`);
}
```
## huks.importKeyItem9+
importKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Imports a key in plaintext. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ----------------------------------- |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.|
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise\ | Promise that returns no value.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Import an AES key of 128 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let huksOptions: huks.HuksOptions = {
properties: properties,
inData: plainTextSize32
};
try {
huks.importKeyItem(keyAlias, huksOptions)
.then((data) => {
console.info(`promise: importKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: importKeyItem failed`);
});
} catch (error) {
console.error(`promise: importKeyItem input arg invalid`);
}
```
## huks.attestKeyItem9+
attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Obtains the certificate used to attest a key. This API uses an asynchronous callback to return the result.
**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications)
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. |
| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 201 | check permission failed. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKeyThenattestKey(alias: string) {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let generateProperties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let generateOptions: huks.HuksOptions = {
properties: generateProperties
};
let attestProperties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
}
];
let attestOptions: huks.HuksOptions = {
properties: attestProperties
};
try {
huks.generateKeyItem(alias, generateOptions, (error, data) => {
if (error) {
console.error(`callback: generateKeyItem failed`);
} else {
console.info(`callback: generateKeyItem success`);
try {
huks.attestKeyItem(aliasString, attestOptions, (error, data) => {
if (error) {
console.error(`callback: attestKeyItem failed`);
} else {
console.info(`callback: attestKeyItem success`);
}
});
} catch (error) {
console.error(`callback: attestKeyItem input arg invalid`);
}
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid`);
}
}
```
## huks.attestKeyItem9+
attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Obtains the certificate used to attest a key. This API uses a promise to return the result.
**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications)
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------------------ |
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. |
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 201 | check permission failed. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key attest";
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey(alias: string) {
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let options: huks.HuksOptions = {
properties: properties
};
try {
await huks.generateKeyItem(alias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: generateKeyItem failed`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid`);
}
}
async function attestKey() {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
}
];
let options: huks.HuksOptions = {
properties: properties
};
await generateKey(aliasString);
try {
await huks.attestKeyItem(aliasString, options)
.then((data) => {
console.info(`promise: attestKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: attestKeyItem failed`);
});
} catch (error) {
console.error(`promise: attestKeyItem input arg invalid`);
}
}
```
## huks.anonAttestKeyItem11+
anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Obtains the certificate for anonymous attestation. This API uses an asynchronous callback to return the result.
This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. |
| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key anon attest";
function stringToUint8Array(str: string): Uint8Array {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKeyThenAttestKey(alias: string): Promise {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let generateProperties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let generateOptions: huks.HuksOptions = {
properties: generateProperties
};
let anonAttestProperties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
}
];
let anonAttestOptions: huks.HuksOptions = {
properties: anonAttestProperties
};
try {
huks.generateKeyItem(alias, generateOptions, (error, data) => {
if (error) {
console.error(`callback: generateKeyItem failed`);
} else {
console.info(`callback: generateKeyItem success`);
try {
huks.anonAttestKeyItem(aliasString, anonAttestOptions, (error, data) => {
if (error) {
console.error(`callback: anonAttestKeyItem failed`);
} else {
console.info(`callback: anonAttestKeyItem success`);
}
});
} catch (error) {
console.error(`callback: anonAttestKeyItem input arg invalid`);
}
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid`);
}
}
```
## huks.anonAttestKeyItem11+
anonAttestKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Obtains the certificate for anonymous attestation. This API uses a promise to return the result.
This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------------------ |
| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. |
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
let securityLevel = stringToUint8Array('sec_level');
let challenge = stringToUint8Array('challenge_data');
let versionInfo = stringToUint8Array('version_info');
let keyAliasString = "key anon attest";
function stringToUint8Array(str: string): Uint8Array {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey(alias: string): Promise {
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PSS
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let options: huks.HuksOptions = {
properties: properties
};
try {
let data = await huks.generateKeyItem(alias, options);
} catch (error) {
console.error(`promise: generateKeyItem failed`);
}
}
async function anonAttestKey(): Promise {
let aliasString = keyAliasString;
let aliasUint8 = stringToUint8Array(aliasString);
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
value: securityLevel
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
value: challenge
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
value: versionInfo
},
{
tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
value: aliasUint8
}
];
let options: huks.HuksOptions = {
properties: properties
};
await generateKey(aliasString);
try {
let data = await huks.anonAttestKeyItem(aliasString, options);
} catch (error) {
console.error(`promise: anonAttestKeyItem fail`);
}
}
```
## huks.importWrappedKeyItem9+
importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Imports a wrapped key. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
**Parameters**
| Name | Type | Mandatory| Description |
| ---------------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.|
| callback | AsyncCallback\ | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
let alias1 = "importAlias";
let alias2 = "wrappingKeyAlias";
async function TestGenFunc(alias: string, options: huks.HuksOptions) {
try {
await genKey(alias, options)
.then((data) => {
console.info(`callback: generateKeyItem success`);
})
.catch((error: Error) => {
console.error(`callback: generateKeyItem failed`);
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid`);
}
}
function genKey(alias: string, options: huks.HuksOptions) {
return new Promise((resolve, reject) => {
try {
huks.generateKeyItem(alias, options, (error, data) => {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw (new Error(error));
}
});
}
async function TestExportFunc(alias: string, options: huks.HuksOptions) {
try {
await exportKey(alias, options)
.then((data) => {
console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) => {
console.error(`callback: exportKeyItem failed`);
});
} catch (error) {
console.error(`callback: exportKeyItem input arg invalid`);
}
}
function exportKey(alias: string, options: huks.HuksOptions) {
return new Promise((resolve, reject) => {
try {
huks.exportKeyItem(alias, options, (error, data) => {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw (new Error(error));
}
});
}
async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
try {
await importWrappedKey(alias, wrappingAlias, options)
.then((data) => {
console.info(`callback: importWrappedKeyItem success`);
})
.catch((error: Error) => {
console.error(`callback: importWrappedKeyItem failed`);
});
} catch (error) {
console.error(`callback: importWrappedKeyItem input arg invalid`);
}
}
function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
return new Promise((resolve, reject) => {
try {
huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
throw (new Error(error));
}
});
}
async function TestImportWrappedKeyFunc(
alias: string,
wrappingAlias: string,
genOptions: huks.HuksOptions,
importOptions: huks.HuksOptions
) {
await TestGenFunc(wrappingAlias, genOptions);
await TestExportFunc(wrappingAlias, genOptions);
/*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here.
* For example, import **keyA**.
* 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**.
* 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**.
* 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**.
* 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**.
* 5. Generate the **importOptions.inData** field in the following format:
* keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 +
* nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 +
* kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 +
* nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 +
* Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc
*/
/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */
let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]);
importOptions.inData = inputKey;
await TestImportWrappedFunc(alias, wrappingAlias, importOptions);
}
function makeGenerateOptions() {
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
},
{
tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR,
}
];
let options: huks.HuksOptions = {
properties: properties
};
return options;
};
function makeImportOptions() {
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
}
];
let options: huks.HuksOptions = {
properties: properties
};
return options;
};
function huksImportWrappedKey() {
let genOptions = makeGenerateOptions();
let importOptions = makeImportOptions();
TestImportWrappedKeyFunc(
alias1,
alias2,
genOptions,
importOptions
);
}
```
## huks.importWrappedKeyItem9+
importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\
Imports a wrapped key. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ---------------- | --------------------------- | ---- | --------------------------------------------- |
| keyAlias | string | Yes | Alias of the wrapped key to import. |
| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.|
**Return value**
| Type | Description |
| ---------------------------------------------- | --------------------------------------------- |
| Promise\ | Promise that returns no value.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000013 | queried credential does not exist. |
| 12000014 | memory is insufficient. |
| 12000015 | call service failed. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* The process is similar if a callback is used, except the following: */
/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */
async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) {
try {
await huks.importWrappedKeyItem(alias, wrappingAlias, options)
.then ((data) => {
console.info(`promise: importWrappedKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: importWrappedKeyItem failed`);
});
} catch (error) {
console.error(`promise: importWrappedKeyItem input arg invalid`);
}
}
```
## huks.exportKeyItem9+
exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Exports a key. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. Otherwise, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => {
if (error) {
console.error(`callback: exportKeyItem failed`);
} else {
console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: exportKeyItem input arg invalid`);
}
```
## huks.exportKeyItem9+
exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Exports a key. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | -------------------------------------------- |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
**Return value**
| Type | Description |
| ---------------------------------------------- | ------------------------------------------------------------ |
| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the public key exported.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.exportKeyItem(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) => {
console.error(`promise: exportKeyItem failed`);
});
} catch (error) {
console.error(`promise: exportKeyItem input arg invalid`);
}
```
## huks.getKeyItemProperties9+
getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Obtains key properties. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => {
if (error) {
console.error(`callback: getKeyItemProperties failed`);
} else {
console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
}
});
} catch (error) {
console.error(`callback: getKeyItemProperties input arg invalid`);
}
```
## huks.getKeyItemProperties9+
getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\
Obtains key properties. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | -------------------------------------------- |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
**Return value**
| Type | Description |
| ----------------------------------------------- | ------------------------------------------------------------ |
| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **properties** in **HuksReturnResult** holds the parameters required for generating the key.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.getKeyItemProperties(keyAlias, emptyOptions)
.then ((data) => {
console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) => {
console.error(`promise: getKeyItemProperties failed`);
});
} catch (error) {
console.error(`promise: getKeyItemProperties input arg invalid`);
}
```
## huks.isKeyItemExist9+
isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Checks whether a key exists. This API uses an asynchronous callback to return the result.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- |--------------------------------------------------------|
| keyAlias | string | Yes | Alias of the key to check. |
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. |
| callback | AsyncCallback\ | Yes | Callback used to return the result. If the key exists, **data** is **true**. If the key does not exist, **error** is the error code.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
import { promptAction } from '@kit.ArkUI';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => {
if (data) {
promptAction.showToast({
message: "keyAlias: " + keyAlias +"is existed! ",
duration: 2500,
})
} else {
promptAction.showToast({
message: "find key failed",
duration: 2500,
})
}
});
```
## huks.isKeyItemExist9+
isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\
Checks whether a key exists. This API uses a promise to return the result.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------ |
| keyAlias | string | Yes | Alias of the key to check. |
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used.|
**Return value**
| Type | Description |
| ----------------- | --------------------------------------- |
| Promise\ | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
import { promptAction } from '@kit.ArkUI';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => {
promptAction.showToast({
message: "keyAlias: " + keyAlias +"is existed! ",
duration: 500,
})
}).catch((error: Error)=>{
promptAction.showToast({
message: "find key failed",
duration: 6500,
})
})
```
## huks.hasKeyItem11+
hasKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Checks whether a key exists. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- |--------------------------------------------------------|
| keyAlias | string | Yes | Alias of the key to check. |
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. |
| callback | AsyncCallback\ | Yes | Callback used to return the result. If the key exists, **data** is **true**. Otherwise, **data** is **false**.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
import { promptAction } from '@kit.ArkUI';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
try {
huks.hasKeyItem(keyAlias, emptyOptions, (error, data) => {
if (data) {
promptAction.showToast({
message: "keyAlias: " + keyAlias +" is existed!",
duration: 2500,
})
} else {
promptAction.showToast({
message: "find key failed",
duration: 2500,
})
}
});
} catch (error) {
console.error(`callback: hasKeyItem input args may be invalid`);
}
```
## huks.hasKeyItem11+
hasKeyItem(keyAlias: string, options: HuksOptions) : Promise\
Checks whether a key exists. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------ |
| keyAlias | string | Yes | Alias of the key to check. |
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. |
**Return value**
| Type | Description |
| ----------------- | --------------------------------------- |
| Promise\ | Promise used to return the result. If the key exists, **true** is returned. If the key does not exist, **false** is returned.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
import { promptAction } from '@kit.ArkUI';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.hasKeyItem(keyAlias, emptyOptions).then((data) => {
if (data) {
promptAction.showToast({
message: "keyAlias: " + keyAlias +" is existed!",
duration: 2500,
})
} else {
promptAction.showToast({
message: "find key failed",
duration: 2500,
})
}
}).catch((error: Error)=>{
promptAction.showToast({
message: "find key failed",
duration: 6500,
})
})
```
## huks.initSession9+
initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- |
| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. |
| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback used to return a session handle for subsequent operations.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000010 | the number of sessions has reached limit. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.initSession9+
initSession(keyAlias: string, options: HuksOptions) : Promise\
Initializes a session for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ |
| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000010 | the number of sessions has reached limit. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.updateSession9+
updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **updateSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.updateSession9+
updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **updateSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. |
| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.updateSession9+
updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\
Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ---------------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **updateSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. |
| token | Uint8Array | No |Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the **updateSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.finishSession9+
finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\) : void
Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **finishSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. |
| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.finishSession9+
finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\) : void
Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **finishSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. |
| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). |
| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.finishSession9+
finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\
Finishes the key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ----------------------------------------------- | ---- | ----------------------------------- |
| handle | number | Yes | Handle for the **finishSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. |
| token | Uint8Array | No | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000001 | algorithm mode is not supported. |
| 12000002 | algorithm param is missing. |
| 12000003 | algorithm param is invalid. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000007 | this credential is already invalidated permanently. |
| 12000008 | verify auth token failed. |
| 12000009 | auth token is already timeout. |
| 12000011 | queried entity does not exist. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
## huks.abortSession9+
abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\) : void
Aborts a key operation. This API uses an asynchronous callback to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------------------------- |
| handle | number | Yes | Handle for the **abortSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. |
| callback | AsyncCallback\ | Yes | Callback used to return the **abortSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
* If an error occurs in any of huks.initSession, huks.updateSession,
* and huks.finishSession operations,
* call huks.abortSession to terminate the use of the key.
*
* The following uses a 2048-bit RSA key as an example. The callback-based APIs are used.
*/
let keyAlias = "HuksDemoRSA";
let properties: Array = []
let options: huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(0)
};
let handle: number = 0;
async function huksAbort() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
try {
huks.generateKeyItem(keyAlias, options, (error, data) => {
if (error) {
console.error(`callback: generateKeyItem failed`);
} else {
console.info(`callback: generateKeyItem success`);
huks.initSession(keyAlias, options, (error, data) => {// Use abortSession to abort initSession.
if (error) {
console.error(`callback: initSession failed`);
} else {
console.info(`callback: initSession success, data = ${JSON.stringify(data)}`);
handle = data.handle;
huks.abortSession(handle, options, (error, data) => {
if (error) {
console.error(`callback: abortSession failed`);
} else {
console.info(`callback: abortSession success`);
}
});
}
});
}
});
} catch (error) {
console.error(`callback: huksAbort failed`);
}
}
```
## huks.abortSession9+
abortSession(handle: number, options: HuksOptions) : Promise\;
Aborts a key operation. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | --------------------------- | ---- | ------------------------------------------- |
| handle | number | Yes | Handle for the **abortSession** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\ | Promise used to return the **abortSession** operation result.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 801 | api is not supported. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000006 | error occurred in crypto engine. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* huks.initSession, huks.updateSession, and huks.finishSession must be used together.
* If an error occurs in any of huks.initSession, huks.updateSession,
* and huks.finishSession operations,
* call huks.abortSession to terminate the use of the key.
*
* The following uses a 2048-bit RSA key as an example. The promise-based APIs are used.
*/
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
let keyAlias = "HuksDemoRSA";
let properties: Array = []
let options: huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(0)
};
let handle: number = 0;
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB,
}
try {
await huks.generateKeyItem(keyAlias, options)
.then((data) => {
console.info(`promise: generateKeyItem success`);
})
.catch((error: Error) => {
console.error(`promise: generateKeyItem failed`);
});
} catch (error) {
console.error(`promise: generateKeyItem input arg invalid`);
}
}
async function huksInit() {
console.info('enter huksInit');
try {
await huks.initSession(keyAlias, options)
.then((data) => {
console.info(`promise: initSession success, data = ${JSON.stringify(data)}`);
handle = data.handle;
})
.catch((error: Error) => {
console.error(`promise: initSession key failed`);
});
} catch (error) {
console.error(`promise: initSession input arg invalid`);
}
}
async function huksUpdate() {
console.info('enter huksUpdate');
options.inData = stringToUint8Array("huksHmacTest");
try {
await huks.updateSession(handle, options)
.then((data) => {
console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) => {
console.error(`promise: updateSession failed`);
});
} catch (error) {
console.error(`promise: updateSession input arg invalid`);
}
}
async function huksFinish() {
console.info('enter huksFinish');
options.inData = new Uint8Array(0);
try {
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) => {
console.error(`promise: finishSession failed`);
});
} catch (error) {
console.error(`promise: finishSession input arg invalid`);
}
}
async function huksAbort() {
console.info('enter huksAbort');
try {
await huks.abortSession(handle, options)
.then((data) => {
console.info(`promise: abortSession success`);
})
.catch((error: Error) => {
console.error(`promise: abortSession failed`);
});
} catch (error) {
console.error(`promise: abortSession input arg invalid`);
}
}
async function testAbort() {
await generateKey();
await huksInit(); // Use abortSession to abort initSession.
await huksAbort();
}
```
## huks.listAliases12+
listAliases(options: HuksOptions): Promise\;
Lists key aliases. This API uses a promise to return the result.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | --------------------------- | ---- | ------------------------------------------- |
| options | [HuksOptions](#huksoptions) | Yes | Parameters for listing key aliases. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise<[HuksListAliasesReturnResult](#hukslistaliasesreturnresult12)> | Promise used to return the key aliases obtained.|
**Error codes**
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| ID| Error Message |
| -------- | ------------- |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 12000004 | operating file failed. |
| 12000005 | IPC communication failed. |
| 12000012 | external error. |
| 12000014 | memory is insufficient. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit'
async function testListAliases() {
let queryProperties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL,
value: huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_DE
}
];
let queryOptions: huks.HuksOptions = {
properties: queryProperties
};
try {
let result: huks.HuksListAliasesReturnResult = await huks.listAliases(queryOptions);
console.info(`promise: listAliases success`);
} catch (error) {
console.error(`promise: listAliases fail , code: ` + error.code + `, msg: ` + error.message);
}
}
```
## HuksExceptionErrCode9+
Enumerates the error codes.
For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value| Description |
| ---------------------------------------------- | -------- |--------------------------- |
| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_NOT_SYSTEM_APP12+ | 202 | The caller is not a system application and cannot call the system API.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. Possible causes: 1. Mandatory parameters are left unspecified.2. Incorrect parameter types.3. Parameter verification failed.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET11+ | 12000016 | The required lock screen password is not set.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension |
## HuksKeyPurpose
Enumerates the key purposes.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ------------------------ | ---- | -------------------------------- |
| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
## HuksKeyDigest
Enumerates the digest algorithms.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
| Name | Value | Description |
| ---------------------- | ---- | ---------------------------------------- |
| HUKS_DIGEST_NONE | 0 | No digest algorithm.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_MD5 | 1 | MD5.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_SM39+ | 2 | SM3.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11 |
| HUKS_DIGEST_SHA1 | 10 | SHA-1.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_SHA224 | 11 | SHA-224.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_SHA256 | 12 | SHA-256.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_SHA384 | 13 | SHA-384.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DIGEST_SHA512 | 14 | SHA-512.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
## HuksKeyPadding
Enumerates the padding algorithms.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ---------------------- | ---- | ---------------------------------------- |
| HUKS_PADDING_NONE | 0 | No padding algorithm is used.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_PADDING_PKCS5 | 4 | PKCS #5.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_PADDING_PKCS7 | 5 | PKCS #7.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_PADDING_ISO_IEC_9796_212+ | 6 | ISO_IEC_9796_2 (not supported currently) .
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_PADDING_ISO_IEC_9797_112+ | 7 | ISO_IEC_9797_1 (not supported currently) .
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
## HuksCipherMode
Enumerates the cipher modes.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ------------- | ---- | --------------------- |
| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_MODE_CTR | 3 | Counter (CTR) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_MODE_CFB12+ | 5 | Ciphertext Feedback (CFB) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
## HuksKeySize
Enumerates the key sizes.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ---------------------------------- | ---- | ------------------------------------------ |
| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_AES_KEY_SIZE_512(deprecated) | 512 | AES key of 512 bits.
This API is deprecated since API version 11.
**System capability**: SystemCapability.Security.Huks.Core |
| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11 |
| HUKS_SM2_KEY_SIZE_2569+ | 256 | ShangMi2 (SM2) key of 256 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11 |
| HUKS_SM4_KEY_SIZE_1289+ | 128 | ShangMi4 (SM4) key of 128 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11 |
| HUKS_DES_KEY_SIZE_6412+ | 64 | DES key of 64 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_3DES_KEY_SIZE_12812+ | 128 | 3DES key of 128 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_3DES_KEY_SIZE_19212+ | 192 | 3DES key of 192 bits.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
## HuksKeyAlg
Enumerates the key algorithms.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ------------------------- | ---- | --------------------- |
| HUKS_ALG_RSA | 1 | RSA.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_ECC | 2 | ECC.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_DSA | 3 | DSA.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_AES | 20 | AES.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ALG_HMAC | 50 | HMAC.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_HKDF | 51 | HKDF.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_PBKDF2 | 52 | PBKDF2.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_ECDH | 100 | ECDH.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_X25519 | 101 | X25519.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_ED25519 | 102 | Ed25519.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_DH | 103 | DH.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_ALG_SM29+ | 150 | SM2.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11|
| HUKS_ALG_SM39+ | 151 | SM3.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11|
| HUKS_ALG_SM49+ | 152 | SM4.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11|
| HUKS_ALG_DES12+ | 160 | DES.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ALG_3DES12+ | 161 | 3DES.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_ALG_CMAC12+ | 162 | CMAC (not supported currently) .
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
## HuksKeyGenerateType
Enumerates the key generation types.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
| Name | Value | Description |
| ------------------------------ | ---- | ---------------- |
| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.|
| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.|
| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.|
## HuksKeyFlag
Enumerates the key generation modes.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| -------------------------- | ---- | ------------------------------------ |
| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. |
| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. |
| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.|
| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.|
## HuksKeyStorageType
Enumerates the key storage modes.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| -------------------------------------------- | ---- | ------------------------------ |
| HUKS_STORAGE_TEMP(deprecated) | 0 | The key is managed locally.
**NOTE**
This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_STORAGE_PERSISTENT(deprecated) | 1 | The key is managed by the HUKS service.
**NOTE**
This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_STORAGE_ONLY_USED_IN_HUKS10+ | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension10-11|
| HUKS_STORAGE_KEY_EXPORT_ALLOWED10+ | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension10-11|
## HuksSendType
Enumerates the tag transfer modes.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
| Name | Value | Description |
| -------------------- | ---- | ----------------- |
| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.|
| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.|
## HuksUnwrapSuite9+
Enumerates the algorithm suites that can be used for importing a key in ciphertext.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12
| Name | Value | Description |
| ---------------------------------------------- | ---- | ----------------------------------------------------- |
| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.|
| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. |
## HuksImportKeyType9+
Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12
| Name | Value | Description |
| ------------------------- | ---- | ------------------------------ |
| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key. |
| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key. |
| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair. |
## HuksRsaPssSaltLenType10+
Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API versions 10 to 11, and **SystemCapability.Security.Huks.Core** since API version 12.
| Name | Value | Description |
| ------------------------------------------ | ---- | ---------------------------- |
| HUKS_RSA_PSS_SALT_LEN_DIGEST10+ | 0 | **salt_len** is set to the digest length.|
| HUKS_RSA_PSS_SALT_LEN_MAX10+ | 1 | **salt_len** is set to the maximum length.|
## HuksUserAuthType9+
Enumerates the user authentication types.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| ------------------------------- | ---- | ------------------------- |
| both.| 1 << 0 | Fingerprint authentication. |
| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.|
| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.|
## HuksUserAuthMode12+
Enumerates the user authentication modes.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| ------------------------------- | ---- | ------------------------- |
| HUKS_USER_AUTH_MODE_LOCAL | 0 | Local authentication. |
| HUKS_USER_AUTH_MODE_COAUTH | 1 | Cross-device collaborative authentication.|
## HuksAuthAccessType9+
Enumerates the access control types.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| --------------------------------------- | ---- | ------------------------------------------------ |
| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. |
| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.|
| HUKS_AUTH_ACCESS_ALWAYS_VALID11+ | 1 << 2 | The key is always valid.|
## HuksChallengeType9+
Enumerates the types of the challenges generated when a key is used.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| ------------------------------- | ---- | ------------------------------ |
| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.|
| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.|
| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.|
## HuksChallengePosition9+
Enumerates the positions of the 8-byte valid value in a custom challenge generated.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| ------------------------------- | ---- | ------------------------------ |
| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.|
| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.|
| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.|
| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.|
## HuksSecureSignType9+
Enumerates the signature types of the key generated or imported.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension
| Name | Value | Description |
| ------------------------------ | ---- | ------------------------------------------------------------ |
| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.|
## HuksAuthStorageLevel11+
Enumerates the storage security levels of a key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core
The system capability is **SystemCapability.Security.Huks.Extension** in API version 11, and **SystemCapability.Security.Huks.Core** since API version 12.
| Name | Value | Description |
| ------------------------------ | ---- | ------------------------------------------------------------ |
| HUKS_AUTH_STORAGE_LEVEL_DE | 0 | The key can be accessed only after the device is started.|
| HUKS_AUTH_STORAGE_LEVEL_CE | 1 | The key can be accessed only after the first unlock of the device.|
| HUKS_AUTH_STORAGE_LEVEL_ECE | 2 | The key can be accessed only when the device is unlocked.|
## HuksTagType
Enumerates the tag data types.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| --------------------- | ------- | --------------------------------------- |
| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. |
| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. |
| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.|
| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. |
| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. |
| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. |
## HuksTag
Enumerates the tags used to invoke parameters.
**System capability**: SystemCapability.Security.Huks.Core
| Name | Value | Description |
| ----------------------------------------------------------- | ---------------------------------------- | ------------------------------------------------------------ |
| HUKS_TAG_INVALID(deprecated) | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding mode.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Nonce for key encryption and decryption.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_PWD(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_DERIVE_MAIN_KEY(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_DERIVE_FACTOR(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_DERIVE_ALG(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_IMPORT_KEY_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11|
| HUKS_TAG_UNWRAP_ALGORITHM_SUITE9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension9-11|
| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG10+ | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension10-11|
| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE10+ | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension10-11|
| HUKS_TAG_ACTIVE_DATETIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_USAGE_EXPIRE_DATETIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_CREATION_DATETIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HUKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set the user authentication type to **HUKS_USER_AUTH_TYPE_FACE**, **HUKS_USER_AUTH_TYPE_FINGERPRINT**, or| both.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | One-time validity period of the authentication token.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Authentication token.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY_AUTH_ACCESS_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY_SECURE_SIGN_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_CHALLENGE_TYPE9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_CHALLENGE_POS9+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY_AUTH_PURPOSE10+ | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_AUTH_STORAGE_LEVEL11+ | HuksTagType.HUKS_TAG_TYPE_UINT \|316 | Key storage security level, which is a value of [HuksAuthStorageLevel](#huksauthstoragelevel11).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_USER_AUTH_MODE12+ | HuksTagType.HUKS_TAG_TYPE_UINT \| 319 | User authentication mode, which is a value of [HuksUserAuthMode](#huksuserauthmode12).
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_BRAND(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_DEVICE(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_PRODUCT(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_SERIAL(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_IMEI(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_MEID(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_MANUFACTURER(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_MODEL(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_SOCID(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_UDID(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_SECURE_KEY_ALIAS(deprecated) | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_SECURE_KEY_UUID(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_IS_DEVICE_PASSWORD_SET11+ | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1012 | Whether the key is accessible only when the user sets a lock screen password.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_PROCESS_NAME(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_PACKAGE_NAME(deprecated) | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_ACCESS_TIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_USES_TIME(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_CRYPTO_CTX(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_KEY_VERSION(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_PAYLOAD_LEN(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Extension|
| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.
**Atomic service API**: This API can be used in atomic services since API version 11.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_IS_KEY_HANDLE(deprecated) | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved field, which is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_OS_VERSION(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_OS_PATCHLEVEL(deprecated) | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. It is deprecated since API version 9.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core|
| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.
**Atomic service API**: This API can be used in atomic services since API version 12.
**System capability**: SystemCapability.Security.Huks.Core12+
SystemCapability.Security.Huks.Extension8-11|
## huks.getSdkVersion(deprecated)
getSdkVersion(options: HuksOptions) : string
Obtains the SDK version of the current system.
> **NOTE**
>
> This API is deprecated since API version 11.
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ---------- | ---- | ------------------------- |
| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.|
**Return value**
| Type | Description |
| ------ | ------------- |
| string | SDK version obtained.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let emptyOptions: huks.HuksOptions = {
properties: []
};
let result = huks.getSdkVersion(emptyOptions);
```
## huks.generateKey(deprecated)
generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Generates a key. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem9+](#huksgeneratekeyitem9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. |
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Generate an RSA key of 512 bits. */
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
}
];
let options: huks.HuksOptions = {
properties: properties
};
huks.generateKey(keyAlias, options, (err, data) => {
});
```
## huks.generateKey(deprecated)
generateKey(keyAlias: string, options: HuksOptions) : Promise\
Generates a key. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem9+](#huksgeneratekeyitem9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------ |
| keyAlias | string | Yes | Alias of the key. |
| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Generate a 256-bit ECC key. */
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
}
];
let options: huks.HuksOptions = {
properties: properties
};
let result = huks.generateKey(keyAlias, options);
```
## huks.deleteKey(deprecated)
deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Deletes a key. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem9+](#huksdeletekeyitem9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------- | ---- |----------------------------------------------------|
| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.|
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. |
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.deleteKey(keyAlias, emptyOptions, (err, data) => {
});
```
## huks.deleteKey(deprecated)
deleteKey(keyAlias: string, options: HuksOptions) : Promise\
Deletes a key. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem9+](#huksdeletekeyitem9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ----------------------------------------------------- |
| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
let result = huks.deleteKey(keyAlias, emptyOptions);
```
## huks.importKey(deprecated)
importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Imports a key in plaintext. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem9+](#huksimportkeyitem9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ------------------------ | ---- | ------------------------------------------------- |
| keyAlias | string | Yes | Alias of the key.|
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.|
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Import a 256-bit AES key. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let options: huks.HuksOptions = {
properties: properties,
inData: plainTextSize32
};
huks.importKey(keyAlias, options, (err, data) => {
});
```
## huks.importKey(deprecated)
importKey(keyAlias: string, options: HuksOptions) : Promise\
Imports a key in plaintext. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem9+](#huksimportkeyitem9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------ |
| keyAlias | string | Yes | Alias of the key.|
| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Import an AES key of 128 bits. */
let plainTextSize32 = makeRandomArr(32);
function makeRandomArr(size: number) {
let arr = new Uint8Array(size);
for (let i = 0; i < size; i++) {
arr[i] = Math.floor(Math.random() * 10);
}
return arr;
};
/* Step 1 Generate a key. */
let keyAlias = 'keyAlias';
let properties: Array = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}
];
let huksOptions: huks.HuksOptions = {
properties: properties,
inData: plainTextSize32
};
let result = huks.importKey(keyAlias, huksOptions);
```
## huks.exportKey(deprecated)
exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Exports a key. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem9+](#huksexportkeyitem9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.exportKey(keyAlias, emptyOptions, (err, data) => {
});
```
## huks.exportKey(deprecated)
exportKey(keyAlias: string, options: HuksOptions) : Promise\
Exports a key. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem9+](#huksexportkeyitem9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value**
| Type | Description |
| ----------------------------------- | ------------------------------------------------------------ |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
let result = huks.exportKey(keyAlias, emptyOptions);
```
## huks.getKeyProperties(deprecated)
getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Obtains key properties. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties9+](#huksgetkeyitemproperties9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. |
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). |
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => {
});
```
## huks.getKeyProperties(deprecated)
getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\
Obtains key properties. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties9+](#huksgetkeyitemproperties9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | ------------------------------------------------------------ |
| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.|
| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).|
**Return value**
| Type | Description |
| ------------------ | ------------------------------------------------------------ |
| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** returns the parameters required for generating the key. If the operation fails, an error code is returned.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
let result = huks.getKeyProperties(keyAlias, emptyOptions);
```
## huks.isKeyExist(deprecated)
isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Checks whether a key exists. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist9+](#huksiskeyitemexist9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the key to check.|
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.|
| callback | AsyncCallback\ | Yes | Callback used to return the result. The value **true** means the key exists; the value **false** means the opposite.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
huks.isKeyExist(keyAlias, emptyOptions, (err, data) => {
});
```
## huks.isKeyExist(deprecated)
isKeyExist(keyAlias: string, options: HuksOptions) : Promise\
Checks whether a key exists. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist9+](#huksiskeyitemexist9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------- | ---- | -------------------------------- |
| keyAlias | string | Yes | Alias of the key to check.|
| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.|
**Return value**
| Type | Description |
| ----------------- | --------------------------------------- |
| Promise\ | Promise used to return the result. The value **true** means the key exists; the value **false** means the opposite.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* Set options to emptyOptions. */
let keyAlias = 'keyAlias';
let emptyOptions: huks.HuksOptions = {
properties: []
};
let result = huks.isKeyExist(keyAlias, emptyOptions);
```
## huks.init(deprecated)
init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\) : void
Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.initSession9+](#huksinitsession9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the target key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.|
| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback used to return a session handle for subsequent operations.|
## huks.init(deprecated)
init(keyAlias: string, options: HuksOptions) : Promise\
Initializes a session for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.initSession9+](#huksinitsession9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| keyAlias | string | Yes | Alias of the target key.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return a session handle for subsequent operations.|
## huks.update(deprecated)
update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\) : void
Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.updateSession9+](#huksupdatesession9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ----------------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **update** operation. |
| token | Uint8Array | No | Token of the **update** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. |
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the **update** operation result.|
## huks.update(deprecated)
update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\;
Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.updateSession9+](#huksupdatesession9-2).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| ------- | ----------------------------------- | ---- | -------------------------------------------- |
| handle | number | Yes | Handle for the **update** operation. |
| token | Uint8Array | No | Token of the **update** operation. |
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. |
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **update** operation result.|
## huks.finish(deprecated)
finish(handle: number, options: HuksOptions, callback: AsyncCallback\) : void
Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.finishSession9+](#huksfinishsession9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle for the **finish** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.|
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **finish** operation result.|
## huks.finish(deprecated)
finish(handle: number, options: HuksOptions) : Promise\
Finishes the key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.finishSession9+](#huksfinishsession9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle for the **finish** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.|
## huks.abort(deprecated)
abort(handle: number, options: HuksOptions, callback: AsyncCallback\) : void
Aborts the use of the key. This API uses an asynchronous callback to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.abortSession9+](#huksabortsession9).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle for the **abort** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.|
| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **abort** operation result.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* huks.init, huks.update, and huks.finish must be used together.
* If an error occurs in any of them, call huks.abort to terminate the use of the key.
*
* The following uses a 2048-bit RSA key as an example. The callback-based APIs are used.
*/
let keyAlias = "HuksDemoRSA";
let properties: Array = [];
let options: huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(0)
};
let handle: number = 0;
let resultMessage = "";
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
huks.generateKey(keyAlias, options);
}
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function huksInit() {
await huks.init(keyAlias, options).then((data) => {
console.info(`test init data: ${JSON.stringify(data)}`);
handle = data.handle;
}).catch((err) => {
console.error("test init err information: " + JSON.stringify(err))
})
}
async function huksUpdate() {
options.inData = stringToUint8Array("huksHmacTest");
await huks.update(handle, options.inData, options).then((data) => {
if (data.errorCode === 0) {
resultMessage += "update success!";
} else {
resultMessage += "update fail!";
}
});
console.info(resultMessage);
}
function huksFinish() {
options.inData = stringToUint8Array("HuksDemoHMAC");
huks.finish(handle, options).then((data) => {
if (data.errorCode === 0) {
resultMessage = "finish success!";
console.info(resultMessage);
} else {
resultMessage = "finish fail errorCode: " + data.errorCode;
console.error(resultMessage);
}
}).catch((err) => {
resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err)
});
}
async function huksAbort() {
new Promise((resolve, reject) => {
huks.abort(handle, options, (err, data) => {
console.info(`huksAbort data ${JSON.stringify(data)}`);
console.error(`huksAbort err ${JSON.stringify(err)}`);
});
});
}
```
## huks.abort(deprecated)
abort(handle: number, options: HuksOptions) : Promise\;
Aborts the use of the key. This API uses a promise to return the result.
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [huks.abortSession9+](#huksabortsession9-1).
**System capability**: SystemCapability.Security.Huks.Extension
**Parameters**
| Name | Type | Mandatory| Description |
| -------- | ---------------------- | ---- | ------------------------------------- |
| handle | number | Yes | Handle for the **abort** operation.|
| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.|
**Return value**
| Type | Description |
| ----------------------------------- | -------------------------------------------------- |
| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **abort** operation result.|
**Example**
```ts
import { huks } from '@kit.UniversalKeystoreKit';
/* huks.init, huks.update, and huks.finish must be used together.
* If an error occurs in any of them, call huks.abort to terminate the use of the key.
*
* The following uses a 2048-bit RSA key as an example. The promise-based APIs are used.
*/
let keyAlias = "HuksDemoRSA";
let properties: Array = [];
let options: huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(0)
};
let handle: number = 0;
let resultMessage = "";
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
let tmpUint8Array = new Uint8Array(arr);
return tmpUint8Array;
}
async function generateKey() {
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
};
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
};
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
huks.generateKey(keyAlias, options, (err, data) => {
});
}
async function huksInit() {
return new Promise((resolve, reject) => {
huks.init(keyAlias, options, async (err, data) => {
if (data.errorCode === 0) {
resultMessage = "init success!"
handle = data.handle;
} else {
resultMessage = "init fail errorCode: " + data.errorCode
}
});
});
}
async function huksUpdate() {
options.inData = stringToUint8Array("huksHmacTest");
new Promise((resolve, reject) => {
huks.update(handle, options.inData, options, (err, data) => {
if (data.errorCode === 0) {
resultMessage += "update success!";
console.info(resultMessage);
} else {
resultMessage += "update fail!";
console.error(resultMessage);
}
});
});
}
async function huksFinish() {
options.inData = stringToUint8Array("0");
new Promise((resolve, reject) => {
huks.finish(handle, options, (err, data) => {
if (data.errorCode === 0) {
resultMessage = "finish success!";
} else {
resultMessage = "finish fail errorCode: " + data.errorCode;
}
});
});
}
function huksAbort() {
huks.abort(handle, options).then((data) => {
if (data.errorCode === 0) {
console.info("abort success!");
} else {
console.error("abort fail errorCode: " + data.errorCode);
}
}).catch((err: Error) => {
console.error("abort fail, catch errorMessage:" + JSON.stringify(err));
});
}
```
## HuksHandle(deprecated)
Defines the struct for a HUKS handle.
**System capability**: SystemCapability.Security.Huks.Extension
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle9+](#hukssessionhandle9).
| Name | Type | Mandatory| Description |
| ---------- | ---------------- | ---- | -------- |
| errorCode | number | Yes | Error code.|
| handle | number | Yes| Value of the handle.|
| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.|
## HuksResult(deprecated)
Defines the **HuksResult** struct.
**System capability**: SystemCapability.Security.Huks.Extension
> **NOTE**
>
> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult9+](#huksreturnresult9).
> - For details about the error codes, see [HUKS Error Codes](errorcode-huks.md).
| Name | Type | Mandatory| Description |
| ---------- | ------------------------------- | ---- | ---------------- |
| errorCode | number | Yes | Error code. |
| outData | Uint8Array | No | Output data. |
| properties | Array\<[HuksParam](#huksparam)> | No | Property information. |
| certChains | Array\ | No | Certificate chain information.|
## HuksErrorCode(deprecated)
Enumerates the error codes.
**System capability**: SystemCapability.Security.Huks.Extension
> **NOTE**
>
> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode9+](#huksexceptionerrcode9).
| Name | Value | Description|
| -------------------------- | ----- | ---- |
| HUKS_SUCCESS | 0 |Success.|
| HUKS_FAILURE | -1 |Failure.|
| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.|
| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.|
| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.|
| HUKS_ERROR_NO_PERMISSION | -5 |No permission.|
| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.|
| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.|
| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.|
| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.|
| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.|
| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.|
| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.|
| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.|
| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.|
| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.|
| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.|
| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.|
| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.|
| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.|
| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.|
| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.|
| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.|
| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.|
| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.|
| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.|
| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.|
| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.|
| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.|
| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.|
| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.|
| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.|
| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.|
| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.|
| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.|
| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFuse.|
| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.|
| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.|
| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.|
| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. |
| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.|
| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.|
| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.|
| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.|
| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.|
| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.|
| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.|
| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).|
| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.|
| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.|
| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.|
| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.|
| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.|
| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.|
| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.|
| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.|
| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.|
| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.|
| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.|
| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.|
| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.|
| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.|
| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.|
| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.|
| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.|
| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.|
| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.|