1# @ohos.security.huks (Universal Keystore) 2 3The **huks** module provides KeyStore (KS) capabilities, including key management and cryptographic operations, for applications. The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs. 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import { huks } from '@kit.UniversalKeystoreKit'; 13``` 14 15## HuksParam 16 17Defines the **param** field in the **properties** array of **options** used in the APIs. 18 19**Atomic service API**: This API can be used in atomic services since API version 11. 20 21**System capability**: SystemCapability.Security.Huks.Core 22 23| Name| Type | Mandatory| Description | 24| ------ | ----------------------------------- | ---- | ------------ | 25| tag | [HuksTag](#hukstag) | Yes | Tag. | 26| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.| 27 28## HuksOptions 29 30Defines **options** used in the APIs. 31 32**Atomic service API**: This API can be used in atomic services since API version 11. 33 34**System capability**: SystemCapability.Security.Huks.Core 35 36| Name | Type | Mandatory| Description | 37| ---------- | ----------------- | ---- | ------------------------ | 38| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.| 39| inData | Uint8Array | No | Input data. | 40 41## HuksSessionHandle<sup>9+</sup> 42 43Defines the struct for a HUKS handle. 44 45**Atomic service API**: This API can be used in atomic services since API version 11. 46 47**System capability**: SystemCapability.Security.Huks.Core 48 49| Name | Type | Mandatory| Description | 50| --------- | ---------- | ---- | ---------------------------------------------------- | 51| handle | number | Yes | Value of the handle. | 52| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.| 53 54## HuksReturnResult<sup>9+</sup> 55 56Represents the result returned. 57 58**System capability**: SystemCapability.Security.Huks.Core 59 60| Name | Type | Mandatory| Description | 61| ---------- | ------------------------------- | ---- | ---------------- | 62| outData | Uint8Array | No | Output data.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 63| properties | Array\<[HuksParam](#huksparam)> | No | Property information.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 64| certChains | Array\<string> | No | Certificate chain information.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 65 66## HuksListAliasesReturnResult<sup>12+</sup> 67 68Represents an array of key aliases. 69 70**Atomic service API**: This API can be used in atomic services since API version 12. 71 72**System capability**: SystemCapability.Security.Huks.Extension 73 74 75 76| Name | Type | Mandatory| Description | 77| ---------- | ------------------------------- | ---- | ---------------- | 78| keyAliases | Array\<string> | Yes | Array of key aliases.| 79 80 81## huks.generateKeyItem<sup>9+</sup> 82 83generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 84 85Generates a key. This API uses an asynchronous callback to return the result. 86 87**Atomic service API**: This API can be used in atomic services since API version 11. 88 89**System capability**: SystemCapability.Security.Huks.Core 90 91**Parameters** 92 93| Name | Type | Mandatory| Description | 94| -------- | --------------------------- | ---- | --------------------------------------------- | 95| keyAlias | string | Yes | Alias of the key. | 96| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 97| callback | AsyncCallback\<void> | Yes | Callback used to return the result. <br/>If the operation is successful, this API does not return the key content because the key is always protected in a TEE. <br/>If an exception occurs in the generation process, an error is captured.| 98 99**Error codes** 100 101For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 102 103| ID| Error Message | 104| -------- | ------------- | 105| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 106| 801 | api is not supported. | 107| 12000001 | algorithm mode is not supported. | 108| 12000002 | algorithm param is missing. | 109| 12000003 | algorithm param is invalid. | 110| 12000004 | operating file failed. | 111| 12000005 | IPC communication failed. | 112| 12000006 | error occurred in crypto engine. | 113| 12000012 | external error. | 114| 12000013 | queried credential does not exist. | 115| 12000014 | memory is insufficient. | 116| 12000015 | call service failed. | 117 118**Example** 119 120```ts 121import { huks } from '@kit.UniversalKeystoreKit'; 122/* Generate a 256-bit ECC key. */ 123let keyAlias: string = 'keyAlias'; 124let properties: Array<huks.HuksParam> =[ 125 { 126 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 127 value: huks.HuksKeyAlg.HUKS_ALG_ECC 128 }, 129 { 130 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 131 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 132 }, 133 { 134 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 135 value: 136 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 137 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 138 }, 139 { 140 tag: huks.HuksTag.HUKS_TAG_DIGEST, 141 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 142 }, 143]; 144let options: huks.HuksOptions = { 145 properties: properties 146}; 147try { 148 huks.generateKeyItem(keyAlias, options, (error, data) => { 149 if (error) { 150 console.error(`callback: generateKeyItem failed`); 151 } else { 152 console.info(`callback: generateKeyItem key success`); 153 } 154 }); 155} catch (error) { 156 console.error(`callback: generateKeyItem input arg invalid`); 157} 158``` 159 160## huks.generateKeyItem<sup>9+</sup> 161 162generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 163 164Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 165 166**Atomic service API**: This API can be used in atomic services since API version 11. 167 168**System capability**: SystemCapability.Security.Huks.Extension 169 170**Parameters** 171 172| Name | Type | Mandatory| Description | 173| -------- | --------------------------- | ---- | ------------------------ | 174| keyAlias | string | Yes | Alias of the key. | 175| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 176 177**Return value** 178 179| Type | Description | 180| ---------------------------------------------- | --------------------------------------------- | 181| Promise\<void> | Promise that returns no value.| 182 183**Error codes** 184 185For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 186 187| ID| Error Message | 188| -------- | ------------- | 189| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 190| 801 | api is not supported. | 191| 12000001 | algorithm mode is not supported. | 192| 12000002 | algorithm param is missing. | 193| 12000003 | algorithm param is invalid. | 194| 12000004 | operating file failed. | 195| 12000005 | IPC communication failed. | 196| 12000006 | error occurred in crypto engine. | 197| 12000012 | external error. | 198| 12000013 | queried credential does not exist. | 199| 12000014 | memory is insufficient. | 200| 12000015 | call service failed. | 201 202**Example** 203 204```ts 205/* Generate a 256-bit ECC key. */ 206import { huks } from '@kit.UniversalKeystoreKit'; 207let keyAlias = 'keyAlias'; 208let properties: Array<huks.HuksParam> =[ 209 { 210 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 211 value: huks.HuksKeyAlg.HUKS_ALG_ECC 212 }, 213 { 214 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 215 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 216 }, 217 { 218 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 219 value: 220 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 221 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 222 }, 223 { 224 tag: huks.HuksTag.HUKS_TAG_DIGEST, 225 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 226 }, 227]; 228let options: huks.HuksOptions = { 229 properties: properties 230}; 231try { 232 huks.generateKeyItem(keyAlias, options) 233 .then((data) => { 234 console.info(`promise: generateKeyItem success`); 235 }) 236 .catch((error: Error) => { 237 console.error(`promise: generateKeyItem failed`); 238 }); 239} catch (error) { 240 console.error(`promise: generateKeyItem input arg invalid`); 241} 242``` 243 244## huks.deleteKeyItem<sup>9+</sup> 245 246deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 247 248Deletes a key. This API uses an asynchronous callback to return the result. 249 250**Atomic service API**: This API can be used in atomic services since API version 11. 251 252**System capability**: SystemCapability.Security.Huks.Core 253 254**Parameters** 255 256| Name | Type | Mandatory| Description | 257| -------- | --------------------------- | ---- | --------------------------------------------- | 258| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 259| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 260| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 261 262**Error codes** 263 264For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 265 266| ID| Error Message | 267| -------- | ------------- | 268| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 269| 801 | api is not supported. | 270| 12000004 | operating file failed. | 271| 12000005 | IPC communication failed. | 272| 12000011 | queried entity does not exist. | 273| 12000012 | external error. | 274| 12000014 | memory is insufficient. | 275 276**Example** 277 278```ts 279import { huks } from '@kit.UniversalKeystoreKit'; 280/* Set options to emptyOptions. */ 281let keyAlias = 'keyAlias'; 282let emptyOptions: huks.HuksOptions = { 283 properties: [] 284}; 285try { 286 huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => { 287 if (error) { 288 console.error(`callback: deleteKeyItem failed`); 289 } else { 290 console.info(`callback: deleteKeyItem key success`); 291 } 292 }); 293} catch (error) { 294 console.error(`callback: deleteKeyItem input arg invalid`); 295} 296``` 297 298## huks.deleteKeyItem<sup>9+</sup> 299 300deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 301 302Deletes a key. This API uses a promise to return the result. 303 304**Atomic service API**: This API can be used in atomic services since API version 11. 305 306**System capability**: SystemCapability.Security.Huks.Extension 307 308**Parameters** 309 310| Name | Type | Mandatory| Description | 311| -------- | --------------------------- | ---- | ----------------------------------- | 312| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 313| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to delete. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 314 315**Return value** 316 317| Type | Description | 318| ---------------------------------------------- | --------------------------------------------- | 319| Promise\<void> | Promise that returns no value.| 320 321**Error codes** 322 323For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 324 325| ID| Error Message | 326| -------- | ------------- | 327| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 328| 801 | api is not supported. | 329| 12000004 | operating file failed. | 330| 12000005 | IPC communication failed. | 331| 12000011 | queried entity does not exist. | 332| 12000012 | external error. | 333| 12000014 | memory is insufficient. | 334 335**Example** 336 337```ts 338import { huks } from '@kit.UniversalKeystoreKit'; 339/* Set options to emptyOptions. */ 340let keyAlias = 'keyAlias'; 341let emptyOptions: huks.HuksOptions = { 342 properties: [] 343}; 344try { 345 huks.deleteKeyItem(keyAlias, emptyOptions) 346 .then ((data) => { 347 console.info(`promise: deleteKeyItem key success`); 348 }) 349 .catch((error: Error) => { 350 console.error(`promise: deleteKeyItem failed`); 351 }); 352} catch (error) { 353 console.error(`promise: deleteKeyItem input arg invalid`); 354} 355``` 356 357## huks.importKeyItem<sup>9+</sup> 358 359importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 360 361Imports a key in plaintext. This API uses an asynchronous callback to return the result. 362 363**Atomic service API**: This API can be used in atomic services since API version 11. 364 365**System capability**: SystemCapability.Security.Huks.Core 366 367The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 368 369**Parameters** 370 371| Name | Type | Mandatory| Description | 372| -------- | --------------------------- | ---- | --------------------------------------------- | 373| keyAlias | string | Yes | Alias of the key. | 374| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 375| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 376 377**Error codes** 378 379For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 380 381| ID| Error Message | 382| -------- | ------------- | 383| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 384| 801 | api is not supported. | 385| 12000001 | algorithm mode is not supported. | 386| 12000002 | algorithm param is missing. | 387| 12000003 | algorithm param is invalid. | 388| 12000004 | operating file failed. | 389| 12000005 | IPC communication failed. | 390| 12000006 | error occurred in crypto engine. | 391| 12000011 | queried entity does not exist. | 392| 12000012 | external error. | 393| 12000013 | queried credential does not exist. | 394| 12000014 | memory is insufficient. | 395| 12000015 | call service failed. | 396 397**Example** 398 399```ts 400import { huks } from '@kit.UniversalKeystoreKit'; 401/* Import a 256-bit AES key. */ 402let plainTextSize32 = makeRandomArr(32); 403function makeRandomArr(size: number) { 404 let arr = new Uint8Array(size); 405 for (let i = 0; i < size; i++) { 406 arr[i] = Math.floor(Math.random() * 10); 407 } 408 return arr; 409}; 410let keyAlias = 'keyAlias'; 411let properties: Array<huks.HuksParam> = [ 412 { 413 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 414 value: huks.HuksKeyAlg.HUKS_ALG_AES 415 }, 416 { 417 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 418 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 419 }, 420 { 421 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 422 value: 423 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 424 }, 425 { 426 tag: huks.HuksTag.HUKS_TAG_PADDING, 427 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 428 }, 429 { 430 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 431 value: huks.HuksCipherMode.HUKS_MODE_ECB 432 } 433]; 434let options: huks.HuksOptions = { 435 properties: properties, 436 inData: plainTextSize32 437}; 438try { 439 huks.importKeyItem(keyAlias, options, (error, data) => { 440 if (error) { 441 console.error(`callback: importKeyItem failed`); 442 } else { 443 console.info(`callback: importKeyItem success`); 444 } 445 }); 446} catch (error) { 447 console.error(`callback: importKeyItem input arg invalid`); 448} 449``` 450 451## huks.importKeyItem<sup>9+</sup> 452 453importKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 454 455Imports a key in plaintext. This API uses a promise to return the result. 456 457**Atomic service API**: This API can be used in atomic services since API version 11. 458 459**System capability**: SystemCapability.Security.Huks.Extension 460 461**Parameters** 462 463| Name | Type | Mandatory| Description | 464| -------- | --------------------------- | ---- | ----------------------------------- | 465| keyAlias | string | Yes | Alias of the key. | 466| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 467 468**Return value** 469 470| Type | Description | 471| ---------------------------------------------- | --------------------------------------------- | 472| Promise\<void> | Promise that returns no value.| 473 474**Error codes** 475 476For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 477 478| ID| Error Message | 479| -------- | ------------- | 480| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 481| 801 | api is not supported. | 482| 12000001 | algorithm mode is not supported. | 483| 12000002 | algorithm param is missing. | 484| 12000003 | algorithm param is invalid. | 485| 12000004 | operating file failed. | 486| 12000005 | IPC communication failed. | 487| 12000006 | error occurred in crypto engine. | 488| 12000011 | queried entity does not exist. | 489| 12000012 | external error. | 490| 12000013 | queried credential does not exist. | 491| 12000014 | memory is insufficient. | 492| 12000015 | call service failed. | 493 494**Example** 495 496```ts 497import { huks } from '@kit.UniversalKeystoreKit'; 498/* Import an AES key of 128 bits. */ 499let plainTextSize32 = makeRandomArr(32); 500function makeRandomArr(size: number) { 501 let arr = new Uint8Array(size); 502 for (let i = 0; i < size; i++) { 503 arr[i] = Math.floor(Math.random() * 10); 504 } 505 return arr; 506}; 507/* Step 1 Generate a key. */ 508let keyAlias = 'keyAlias'; 509let properties: Array<huks.HuksParam> = [ 510 { 511 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 512 value: huks.HuksKeyAlg.HUKS_ALG_AES 513 }, 514 { 515 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 516 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 517 }, 518 { 519 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 520 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 521 }, 522 { 523 tag: huks.HuksTag.HUKS_TAG_PADDING, 524 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 525 }, 526 { 527 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 528 value: huks.HuksCipherMode.HUKS_MODE_ECB 529 } 530]; 531let huksOptions: huks.HuksOptions = { 532 properties: properties, 533 inData: plainTextSize32 534}; 535try { 536 huks.importKeyItem(keyAlias, huksOptions) 537 .then((data) => { 538 console.info(`promise: importKeyItem success`); 539 }) 540 .catch((error: Error) => { 541 console.error(`promise: importKeyItem failed`); 542 }); 543} catch (error) { 544 console.error(`promise: importKeyItem input arg invalid`); 545} 546``` 547 548## huks.attestKeyItem<sup>9+</sup> 549 550attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 551 552Obtains the certificate used to attest a key. This API uses an asynchronous callback to return the result. 553 554**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 555 556**System capability**: SystemCapability.Security.Huks.Extension 557 558**Parameters** 559 560| Name | Type | Mandatory| Description | 561| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 562| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 563| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 564| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 565 566**Error codes** 567 568For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 569 570| ID| Error Message | 571| -------- | ------------- | 572| 201 | check permission failed. | 573| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 574| 801 | api is not supported. | 575| 12000001 | algorithm mode is not supported. | 576| 12000002 | algorithm param is missing. | 577| 12000003 | algorithm param is invalid. | 578| 12000004 | operating file failed. | 579| 12000005 | IPC communication failed. | 580| 12000006 | error occurred in crypto engine. | 581| 12000011 | queried entity does not exist. | 582| 12000012 | external error. | 583| 12000014 | memory is insufficient. | 584 585**Example** 586 587```ts 588import { huks } from '@kit.UniversalKeystoreKit'; 589let securityLevel = stringToUint8Array('sec_level'); 590let challenge = stringToUint8Array('challenge_data'); 591let versionInfo = stringToUint8Array('version_info'); 592let keyAliasString = "key attest"; 593function stringToUint8Array(str: string) { 594 let arr: number[] = []; 595 for (let i = 0, j = str.length; i < j; ++i) { 596 arr.push(str.charCodeAt(i)); 597 } 598 let tmpUint8Array = new Uint8Array(arr); 599 return tmpUint8Array; 600} 601 602async function generateKeyThenattestKey(alias: string) { 603 let aliasString = keyAliasString; 604 let aliasUint8 = stringToUint8Array(aliasString); 605 let generateProperties: Array<huks.HuksParam> = [ 606 { 607 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 608 value: huks.HuksKeyAlg.HUKS_ALG_RSA 609 }, 610 { 611 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 612 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 613 }, 614 { 615 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 616 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 617 }, 618 { 619 tag: huks.HuksTag.HUKS_TAG_DIGEST, 620 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 621 }, 622 { 623 tag: huks.HuksTag.HUKS_TAG_PADDING, 624 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 625 }, 626 { 627 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 628 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 629 }, 630 { 631 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 632 value: huks.HuksCipherMode.HUKS_MODE_ECB 633 } 634 ]; 635 let generateOptions: huks.HuksOptions = { 636 properties: generateProperties 637 }; 638 let attestProperties: Array<huks.HuksParam> = [ 639 { 640 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 641 value: securityLevel 642 }, 643 { 644 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 645 value: challenge 646 }, 647 { 648 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 649 value: versionInfo 650 }, 651 { 652 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 653 value: aliasUint8 654 } 655 ]; 656 let attestOptions: huks.HuksOptions = { 657 properties: attestProperties 658 }; 659 try { 660 huks.generateKeyItem(alias, generateOptions, (error, data) => { 661 if (error) { 662 console.error(`callback: generateKeyItem failed`); 663 } else { 664 console.info(`callback: generateKeyItem success`); 665 try { 666 huks.attestKeyItem(aliasString, attestOptions, (error, data) => { 667 if (error) { 668 console.error(`callback: attestKeyItem failed`); 669 } else { 670 console.info(`callback: attestKeyItem success`); 671 } 672 }); 673 } catch (error) { 674 console.error(`callback: attestKeyItem input arg invalid`); 675 } 676 } 677 }); 678 } catch (error) { 679 console.error(`callback: generateKeyItem input arg invalid`); 680 } 681} 682``` 683 684## huks.attestKeyItem<sup>9+</sup> 685 686attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 687 688Obtains the certificate used to attest a key. This API uses a promise to return the result. 689 690**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 691 692**System capability**: SystemCapability.Security.Huks.Extension 693 694**Parameters** 695 696| Name | Type | Mandatory| Description | 697| -------- | --------------------------- | ---- | ------------------------------------ | 698| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 699| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 700 701**Return value** 702 703| Type | Description | 704| ---------------------------------------------- | --------------------------------------------- | 705| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.| 706 707**Error codes** 708 709For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 710 711| ID| Error Message | 712| -------- | ------------- | 713| 201 | check permission failed. | 714| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 715| 801 | api is not supported. | 716| 12000001 | algorithm mode is not supported. | 717| 12000002 | algorithm param is missing. | 718| 12000003 | algorithm param is invalid. | 719| 12000004 | operating file failed. | 720| 12000005 | IPC communication failed. | 721| 12000006 | error occurred in crypto engine. | 722| 12000011 | queried entity does not exist. | 723| 12000012 | external error. | 724| 12000014 | memory is insufficient. | 725 726**Example** 727 728```ts 729import { huks } from '@kit.UniversalKeystoreKit'; 730 731let securityLevel = stringToUint8Array('sec_level'); 732let challenge = stringToUint8Array('challenge_data'); 733let versionInfo = stringToUint8Array('version_info'); 734let keyAliasString = "key attest"; 735function stringToUint8Array(str: string) { 736 let arr: number[] = []; 737 for (let i = 0, j = str.length; i < j; ++i) { 738 arr.push(str.charCodeAt(i)); 739 } 740 let tmpUint8Array = new Uint8Array(arr); 741 return tmpUint8Array; 742} 743async function generateKey(alias: string) { 744 let properties: Array<huks.HuksParam> = [ 745 { 746 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 747 value: huks.HuksKeyAlg.HUKS_ALG_RSA 748 }, 749 { 750 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 751 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 752 }, 753 { 754 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 755 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 756 }, 757 { 758 tag: huks.HuksTag.HUKS_TAG_DIGEST, 759 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 760 }, 761 { 762 tag: huks.HuksTag.HUKS_TAG_PADDING, 763 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 764 }, 765 { 766 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 767 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 768 }, 769 { 770 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 771 value: huks.HuksCipherMode.HUKS_MODE_ECB 772 } 773 ]; 774 let options: huks.HuksOptions = { 775 properties: properties 776 }; 777 try { 778 await huks.generateKeyItem(alias, options) 779 .then((data) => { 780 console.info(`promise: generateKeyItem success`); 781 }) 782 .catch((error: Error) => { 783 console.error(`promise: generateKeyItem failed`); 784 }); 785 } catch (error) { 786 console.error(`promise: generateKeyItem input arg invalid`); 787 } 788} 789async function attestKey() { 790 let aliasString = keyAliasString; 791 let aliasUint8 = stringToUint8Array(aliasString); 792 let properties: Array<huks.HuksParam> = [ 793 { 794 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 795 value: securityLevel 796 }, 797 { 798 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 799 value: challenge 800 }, 801 { 802 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 803 value: versionInfo 804 }, 805 { 806 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 807 value: aliasUint8 808 } 809 ]; 810 let options: huks.HuksOptions = { 811 properties: properties 812 }; 813 await generateKey(aliasString); 814 try { 815 await huks.attestKeyItem(aliasString, options) 816 .then((data) => { 817 console.info(`promise: attestKeyItem success`); 818 }) 819 .catch((error: Error) => { 820 console.error(`promise: attestKeyItem failed`); 821 }); 822 } catch (error) { 823 console.error(`promise: attestKeyItem input arg invalid`); 824 } 825} 826``` 827 828## huks.anonAttestKeyItem<sup>11+</sup> 829 830anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 831 832Obtains the certificate for anonymous attestation. This API uses an asynchronous callback to return the result. 833 834This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 835 836<!--RP1--><!--RP1End--> 837 838**Atomic service API**: This API can be used in atomic services since API version 12. 839 840**System capability**: SystemCapability.Security.Huks.Extension 841 842**Parameters** 843 844| Name | Type | Mandatory| Description | 845| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 846| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 847| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 848| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 849 850**Error codes** 851 852For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 853 854| ID| Error Message | 855| -------- | ------------- | 856| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 857| 801 | api is not supported. | 858| 12000001 | algorithm mode is not supported. | 859| 12000002 | algorithm param is missing. | 860| 12000003 | algorithm param is invalid. | 861| 12000004 | operating file failed. | 862| 12000005 | IPC communication failed. | 863| 12000006 | error occurred in crypto engine. | 864| 12000011 | queried entity does not exist. | 865| 12000012 | external error. | 866| 12000014 | memory is insufficient. | 867 868**Example** 869 870```ts 871import { huks } from '@kit.UniversalKeystoreKit'; 872let securityLevel = stringToUint8Array('sec_level'); 873let challenge = stringToUint8Array('challenge_data'); 874let versionInfo = stringToUint8Array('version_info'); 875let keyAliasString = "key anon attest"; 876function stringToUint8Array(str: string): Uint8Array { 877 let arr: number[] = []; 878 for (let i = 0, j = str.length; i < j; ++i) { 879 arr.push(str.charCodeAt(i)); 880 } 881 let tmpUint8Array = new Uint8Array(arr); 882 return tmpUint8Array; 883} 884 885async function generateKeyThenAttestKey(alias: string): Promise<void> { 886 let aliasString = keyAliasString; 887 let aliasUint8 = stringToUint8Array(aliasString); 888 let generateProperties: Array<huks.HuksParam> = [ 889 { 890 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 891 value: huks.HuksKeyAlg.HUKS_ALG_RSA 892 }, 893 { 894 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 895 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 896 }, 897 { 898 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 899 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 900 }, 901 { 902 tag: huks.HuksTag.HUKS_TAG_DIGEST, 903 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 904 }, 905 { 906 tag: huks.HuksTag.HUKS_TAG_PADDING, 907 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 908 }, 909 { 910 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 911 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 912 }, 913 { 914 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 915 value: huks.HuksCipherMode.HUKS_MODE_ECB 916 } 917 ]; 918 let generateOptions: huks.HuksOptions = { 919 properties: generateProperties 920 }; 921 let anonAttestProperties: Array<huks.HuksParam> = [ 922 { 923 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 924 value: securityLevel 925 }, 926 { 927 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 928 value: challenge 929 }, 930 { 931 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 932 value: versionInfo 933 }, 934 { 935 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 936 value: aliasUint8 937 } 938 ]; 939 let anonAttestOptions: huks.HuksOptions = { 940 properties: anonAttestProperties 941 }; 942 try { 943 huks.generateKeyItem(alias, generateOptions, (error, data) => { 944 if (error) { 945 console.error(`callback: generateKeyItem failed`); 946 } else { 947 console.info(`callback: generateKeyItem success`); 948 try { 949 huks.anonAttestKeyItem(aliasString, anonAttestOptions, (error, data) => { 950 if (error) { 951 console.error(`callback: anonAttestKeyItem failed`); 952 } else { 953 console.info(`callback: anonAttestKeyItem success`); 954 } 955 }); 956 } catch (error) { 957 console.error(`callback: anonAttestKeyItem input arg invalid`); 958 } 959 } 960 }); 961 } catch (error) { 962 console.error(`callback: generateKeyItem input arg invalid`); 963 } 964} 965``` 966 967## huks.anonAttestKeyItem<sup>11+</sup> 968 969anonAttestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 970 971Obtains the certificate for anonymous attestation. This API uses a promise to return the result. 972 973This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 974 975<!--RP1--><!--RP1End--> 976 977**Atomic service API**: This API can be used in atomic services since API version 12. 978 979**System capability**: SystemCapability.Security.Huks.Extension 980 981**Parameters** 982 983| Name | Type | Mandatory| Description | 984| -------- | --------------------------- | ---- | ------------------------------------ | 985| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 986| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 987 988**Return value** 989 990| Type | Description | 991| ---------------------------------------------- | --------------------------------------------- | 992| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **certChains** in **HuksReturnResult** is the certificate chain obtained.| 993 994**Error codes** 995 996For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 997 998| ID| Error Message | 999| -------- | ------------- | 1000| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1001| 801 | api is not supported. | 1002| 12000001 | algorithm mode is not supported. | 1003| 12000002 | algorithm param is missing. | 1004| 12000003 | algorithm param is invalid. | 1005| 12000004 | operating file failed. | 1006| 12000005 | IPC communication failed. | 1007| 12000006 | error occurred in crypto engine. | 1008| 12000011 | queried entity does not exist. | 1009| 12000012 | external error. | 1010| 12000014 | memory is insufficient. | 1011 1012**Example** 1013 1014```ts 1015import { huks } from '@kit.UniversalKeystoreKit'; 1016 1017let securityLevel = stringToUint8Array('sec_level'); 1018let challenge = stringToUint8Array('challenge_data'); 1019let versionInfo = stringToUint8Array('version_info'); 1020let keyAliasString = "key anon attest"; 1021function stringToUint8Array(str: string): Uint8Array { 1022 let arr: number[] = []; 1023 for (let i = 0, j = str.length; i < j; ++i) { 1024 arr.push(str.charCodeAt(i)); 1025 } 1026 let tmpUint8Array = new Uint8Array(arr); 1027 return tmpUint8Array; 1028} 1029async function generateKey(alias: string): Promise<void> { 1030 let properties: Array<huks.HuksParam> = [ 1031 { 1032 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1033 value: huks.HuksKeyAlg.HUKS_ALG_RSA 1034 }, 1035 { 1036 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1037 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 1038 }, 1039 { 1040 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1041 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 1042 }, 1043 { 1044 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1045 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1046 }, 1047 { 1048 tag: huks.HuksTag.HUKS_TAG_PADDING, 1049 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 1050 }, 1051 { 1052 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 1053 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 1054 }, 1055 { 1056 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1057 value: huks.HuksCipherMode.HUKS_MODE_ECB 1058 } 1059 ]; 1060 let options: huks.HuksOptions = { 1061 properties: properties 1062 }; 1063 try { 1064 let data = await huks.generateKeyItem(alias, options); 1065 } catch (error) { 1066 console.error(`promise: generateKeyItem failed`); 1067 } 1068} 1069async function anonAttestKey(): Promise<void> { 1070 let aliasString = keyAliasString; 1071 let aliasUint8 = stringToUint8Array(aliasString); 1072 let properties: Array<huks.HuksParam> = [ 1073 { 1074 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 1075 value: securityLevel 1076 }, 1077 { 1078 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 1079 value: challenge 1080 }, 1081 { 1082 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 1083 value: versionInfo 1084 }, 1085 { 1086 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 1087 value: aliasUint8 1088 } 1089 ]; 1090 let options: huks.HuksOptions = { 1091 properties: properties 1092 }; 1093 await generateKey(aliasString); 1094 try { 1095 let data = await huks.anonAttestKeyItem(aliasString, options); 1096 } catch (error) { 1097 console.error(`promise: anonAttestKeyItem fail`); 1098 } 1099} 1100``` 1101 1102## huks.importWrappedKeyItem<sup>9+</sup> 1103 1104importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 1105 1106Imports a wrapped key. This API uses an asynchronous callback to return the result. 1107 1108**Atomic service API**: This API can be used in atomic services since API version 12. 1109 1110**System capability**: SystemCapability.Security.Huks.Core 1111 1112The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1113 1114**Parameters** 1115 1116| Name | Type | Mandatory| Description | 1117| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1118| keyAlias | string | Yes | Alias of the wrapped key to import. | 1119| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1120| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1121| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 1122 1123**Error codes** 1124 1125For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1126 1127| ID| Error Message | 1128| -------- | ------------- | 1129| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1130| 801 | api is not supported. | 1131| 12000001 | algorithm mode is not supported. | 1132| 12000002 | algorithm param is missing. | 1133| 12000003 | algorithm param is invalid. | 1134| 12000004 | operating file failed. | 1135| 12000005 | IPC communication failed. | 1136| 12000006 | error occurred in crypto engine. | 1137| 12000011 | queried entity does not exist. | 1138| 12000012 | external error. | 1139| 12000013 | queried credential does not exist. | 1140| 12000014 | memory is insufficient. | 1141| 12000015 | call service failed. | 1142 1143**Example** 1144 1145```ts 1146import { huks } from '@kit.UniversalKeystoreKit'; 1147 1148let alias1 = "importAlias"; 1149let alias2 = "wrappingKeyAlias"; 1150async function TestGenFunc(alias: string, options: huks.HuksOptions) { 1151 try { 1152 await genKey(alias, options) 1153 .then((data) => { 1154 console.info(`callback: generateKeyItem success`); 1155 }) 1156 .catch((error: Error) => { 1157 console.error(`callback: generateKeyItem failed`); 1158 }); 1159 } catch (error) { 1160 console.error(`callback: generateKeyItem input arg invalid`); 1161 } 1162} 1163function genKey(alias: string, options: huks.HuksOptions) { 1164 return new Promise<void>((resolve, reject) => { 1165 try { 1166 huks.generateKeyItem(alias, options, (error, data) => { 1167 if (error) { 1168 reject(error); 1169 } else { 1170 resolve(data); 1171 } 1172 }); 1173 } catch (error) { 1174 throw (new Error(error)); 1175 } 1176 }); 1177} 1178async function TestExportFunc(alias: string, options: huks.HuksOptions) { 1179 try { 1180 await exportKey(alias, options) 1181 .then((data) => { 1182 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1183 }) 1184 .catch((error: Error) => { 1185 console.error(`callback: exportKeyItem failed`); 1186 }); 1187 } catch (error) { 1188 console.error(`callback: exportKeyItem input arg invalid`); 1189 } 1190} 1191function exportKey(alias: string, options: huks.HuksOptions) { 1192 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 1193 try { 1194 huks.exportKeyItem(alias, options, (error, data) => { 1195 if (error) { 1196 reject(error); 1197 } else { 1198 resolve(data); 1199 } 1200 }); 1201 } catch (error) { 1202 throw (new Error(error)); 1203 } 1204 }); 1205} 1206async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1207 try { 1208 await importWrappedKey(alias, wrappingAlias, options) 1209 .then((data) => { 1210 console.info(`callback: importWrappedKeyItem success`); 1211 }) 1212 .catch((error: Error) => { 1213 console.error(`callback: importWrappedKeyItem failed`); 1214 }); 1215 } catch (error) { 1216 console.error(`callback: importWrappedKeyItem input arg invalid`); 1217 } 1218} 1219function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1220 return new Promise<void>((resolve, reject) => { 1221 try { 1222 huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => { 1223 if (error) { 1224 reject(error); 1225 } else { 1226 resolve(data); 1227 } 1228 }); 1229 } catch (error) { 1230 throw (new Error(error)); 1231 } 1232 }); 1233} 1234async function TestImportWrappedKeyFunc( 1235 alias: string, 1236 wrappingAlias: string, 1237 genOptions: huks.HuksOptions, 1238 importOptions: huks.HuksOptions 1239) { 1240 await TestGenFunc(wrappingAlias, genOptions); 1241 await TestExportFunc(wrappingAlias, genOptions); 1242 1243 /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here. 1244 * For example, import **keyA**. 1245 * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**. 1246 * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**. 1247 * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**. 1248 * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**. 1249 * 5. Generate the **importOptions.inData** field in the following format: 1250 * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 + 1251 * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 + 1252 * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 + 1253 * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 + 1254 * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc 1255 */ 1256 /* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1257 let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]); 1258 importOptions.inData = inputKey; 1259 await TestImportWrappedFunc(alias, wrappingAlias, importOptions); 1260} 1261function makeGenerateOptions() { 1262 let properties: Array<huks.HuksParam> = [ 1263 { 1264 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1265 value: huks.HuksKeyAlg.HUKS_ALG_ECC 1266 }, 1267 { 1268 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1269 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 1270 }, 1271 { 1272 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1273 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 1274 }, 1275 { 1276 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1277 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1278 }, 1279 { 1280 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 1281 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR, 1282 } 1283 ]; 1284 let options: huks.HuksOptions = { 1285 properties: properties 1286 }; 1287 return options; 1288}; 1289function makeImportOptions() { 1290 let properties: Array<huks.HuksParam> = [ 1291 { 1292 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1293 value: huks.HuksKeyAlg.HUKS_ALG_AES 1294 }, 1295 { 1296 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1297 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1298 }, 1299 { 1300 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1301 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1302 }, 1303 { 1304 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1305 value: huks.HuksCipherMode.HUKS_MODE_CBC 1306 }, 1307 { 1308 tag: huks.HuksTag.HUKS_TAG_PADDING, 1309 value: huks.HuksKeyPadding.HUKS_PADDING_NONE 1310 }, 1311 { 1312 tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 1313 value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 1314 } 1315 ]; 1316 let options: huks.HuksOptions = { 1317 properties: properties 1318 }; 1319 return options; 1320}; 1321function huksImportWrappedKey() { 1322 let genOptions = makeGenerateOptions(); 1323 let importOptions = makeImportOptions(); 1324 TestImportWrappedKeyFunc( 1325 alias1, 1326 alias2, 1327 genOptions, 1328 importOptions 1329 ); 1330} 1331``` 1332 1333## huks.importWrappedKeyItem<sup>9+</sup> 1334 1335importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<void> 1336 1337Imports a wrapped key. This API uses a promise to return the result. 1338 1339**Atomic service API**: This API can be used in atomic services since API version 12. 1340 1341**System capability**: SystemCapability.Security.Huks.Extension 1342 1343**Parameters** 1344 1345| Name | Type | Mandatory| Description | 1346| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1347| keyAlias | string | Yes | Alias of the wrapped key to import. | 1348| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1349| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1350 1351**Return value** 1352 1353| Type | Description | 1354| ---------------------------------------------- | --------------------------------------------- | 1355| Promise\<void> | Promise that returns no value.| 1356 1357**Error codes** 1358 1359For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1360 1361| ID| Error Message | 1362| -------- | ------------- | 1363| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1364| 801 | api is not supported. | 1365| 12000001 | algorithm mode is not supported. | 1366| 12000002 | algorithm param is missing. | 1367| 12000003 | algorithm param is invalid. | 1368| 12000004 | operating file failed. | 1369| 12000005 | IPC communication failed. | 1370| 12000006 | error occurred in crypto engine. | 1371| 12000011 | queried entity does not exist. | 1372| 12000012 | external error. | 1373| 12000013 | queried credential does not exist. | 1374| 12000014 | memory is insufficient. | 1375| 12000015 | call service failed. | 1376 1377**Example** 1378 1379```ts 1380import { huks } from '@kit.UniversalKeystoreKit'; 1381/* The process is similar if a callback is used, except the following: */ 1382/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1383async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1384 try { 1385 await huks.importWrappedKeyItem(alias, wrappingAlias, options) 1386 .then ((data) => { 1387 console.info(`promise: importWrappedKeyItem success`); 1388 }) 1389 .catch((error: Error) => { 1390 console.error(`promise: importWrappedKeyItem failed`); 1391 }); 1392 } catch (error) { 1393 console.error(`promise: importWrappedKeyItem input arg invalid`); 1394 } 1395} 1396``` 1397 1398## huks.exportKeyItem<sup>9+</sup> 1399 1400exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1401 1402Exports a key. This API uses an asynchronous callback to return the result. 1403 1404**Atomic service API**: This API can be used in atomic services since API version 12. 1405 1406**System capability**: SystemCapability.Security.Huks.Core 1407 1408The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1409 1410**Parameters** 1411 1412| Name | Type | Mandatory| Description | 1413| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1414| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1415| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1416| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. Otherwise, an error code is returned.| 1417 1418**Error codes** 1419 1420For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1421 1422| ID| Error Message | 1423| -------- | ------------- | 1424| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1425| 801 | api is not supported. | 1426| 12000001 | algorithm mode is not supported. | 1427| 12000002 | algorithm param is missing. | 1428| 12000003 | algorithm param is invalid. | 1429| 12000004 | operating file failed. | 1430| 12000005 | IPC communication failed. | 1431| 12000006 | error occurred in crypto engine. | 1432| 12000011 | queried entity does not exist. | 1433| 12000012 | external error. | 1434| 12000014 | memory is insufficient. | 1435 1436**Example** 1437 1438```ts 1439import { huks } from '@kit.UniversalKeystoreKit'; 1440/* Set options to emptyOptions. */ 1441let keyAlias = 'keyAlias'; 1442let emptyOptions: huks.HuksOptions = { 1443 properties: [] 1444}; 1445try { 1446 huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => { 1447 if (error) { 1448 console.error(`callback: exportKeyItem failed`); 1449 } else { 1450 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1451 } 1452 }); 1453} catch (error) { 1454 console.error(`callback: exportKeyItem input arg invalid`); 1455} 1456``` 1457 1458## huks.exportKeyItem<sup>9+</sup> 1459 1460exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1461 1462Exports a key. This API uses a promise to return the result. 1463 1464**Atomic service API**: This API can be used in atomic services since API version 12. 1465 1466**System capability**: SystemCapability.Security.Huks.Extension 1467 1468**Parameters** 1469 1470| Name | Type | Mandatory| Description | 1471| -------- | --------------------------- | ---- | -------------------------------------------- | 1472| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1473| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1474 1475**Return value** 1476 1477| Type | Description | 1478| ---------------------------------------------- | ------------------------------------------------------------ | 1479| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the public key exported.| 1480 1481**Error codes** 1482 1483For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1484 1485| ID| Error Message | 1486| -------- | ------------- | 1487| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1488| 801 | api is not supported. | 1489| 12000001 | algorithm mode is not supported. | 1490| 12000002 | algorithm param is missing. | 1491| 12000003 | algorithm param is invalid. | 1492| 12000004 | operating file failed. | 1493| 12000005 | IPC communication failed. | 1494| 12000006 | error occurred in crypto engine. | 1495| 12000011 | queried entity does not exist. | 1496| 12000012 | external error. | 1497| 12000014 | memory is insufficient. | 1498 1499**Example** 1500 1501```ts 1502import { huks } from '@kit.UniversalKeystoreKit'; 1503/* Set options to emptyOptions. */ 1504let keyAlias = 'keyAlias'; 1505let emptyOptions: huks.HuksOptions = { 1506 properties: [] 1507}; 1508try { 1509 huks.exportKeyItem(keyAlias, emptyOptions) 1510 .then ((data) => { 1511 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 1512 }) 1513 .catch((error: Error) => { 1514 console.error(`promise: exportKeyItem failed`); 1515 }); 1516} catch (error) { 1517 console.error(`promise: exportKeyItem input arg invalid`); 1518} 1519``` 1520 1521## huks.getKeyItemProperties<sup>9+</sup> 1522 1523getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1524 1525Obtains key properties. This API uses an asynchronous callback to return the result. 1526 1527**Atomic service API**: This API can be used in atomic services since API version 12. 1528 1529**System capability**: SystemCapability.Security.Huks.Core 1530 1531The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1532 1533**Parameters** 1534 1535| Name | Type | Mandatory| Description | 1536| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1537| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1538| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1539| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.| 1540 1541**Error codes** 1542 1543For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1544 1545| ID| Error Message | 1546| -------- | ------------- | 1547| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1548| 801 | api is not supported. | 1549| 12000001 | algorithm mode is not supported. | 1550| 12000002 | algorithm param is missing. | 1551| 12000003 | algorithm param is invalid. | 1552| 12000004 | operating file failed. | 1553| 12000005 | IPC communication failed. | 1554| 12000006 | error occurred in crypto engine. | 1555| 12000011 | queried entity does not exist. | 1556| 12000012 | external error. | 1557| 12000014 | memory is insufficient. | 1558 1559**Example** 1560 1561```ts 1562import { huks } from '@kit.UniversalKeystoreKit'; 1563/* Set options to emptyOptions. */ 1564let keyAlias = 'keyAlias'; 1565let emptyOptions: huks.HuksOptions = { 1566 properties: [] 1567}; 1568try { 1569 huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => { 1570 if (error) { 1571 console.error(`callback: getKeyItemProperties failed`); 1572 } else { 1573 console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1574 } 1575 }); 1576} catch (error) { 1577 console.error(`callback: getKeyItemProperties input arg invalid`); 1578} 1579``` 1580 1581## huks.getKeyItemProperties<sup>9+</sup> 1582 1583getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1584 1585Obtains key properties. This API uses a promise to return the result. 1586 1587**Atomic service API**: This API can be used in atomic services since API version 12. 1588 1589**System capability**: SystemCapability.Security.Huks.Extension 1590 1591**Parameters** 1592 1593| Name | Type | Mandatory| Description | 1594| -------- | --------------------------- | ---- | -------------------------------------------- | 1595| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1596| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1597 1598**Return value** 1599 1600| Type | Description | 1601| ----------------------------------------------- | ------------------------------------------------------------ | 1602| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **properties** in **HuksReturnResult** holds the parameters required for generating the key.| 1603 1604**Error codes** 1605 1606For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1607 1608| ID| Error Message | 1609| -------- | ------------- | 1610| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1611| 801 | api is not supported. | 1612| 12000001 | algorithm mode is not supported. | 1613| 12000002 | algorithm param is missing. | 1614| 12000003 | algorithm param is invalid. | 1615| 12000004 | operating file failed. | 1616| 12000005 | IPC communication failed. | 1617| 12000006 | error occurred in crypto engine. | 1618| 12000011 | queried entity does not exist. | 1619| 12000012 | external error. | 1620| 12000014 | memory is insufficient. | 1621 1622**Example** 1623 1624```ts 1625import { huks } from '@kit.UniversalKeystoreKit'; 1626/* Set options to emptyOptions. */ 1627let keyAlias = 'keyAlias'; 1628let emptyOptions: huks.HuksOptions = { 1629 properties: [] 1630}; 1631try { 1632 huks.getKeyItemProperties(keyAlias, emptyOptions) 1633 .then ((data) => { 1634 console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1635 }) 1636 .catch((error: Error) => { 1637 console.error(`promise: getKeyItemProperties failed`); 1638 }); 1639} catch (error) { 1640 console.error(`promise: getKeyItemProperties input arg invalid`); 1641} 1642``` 1643 1644## huks.isKeyItemExist<sup>9+</sup> 1645 1646isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1647 1648Checks whether a key exists. This API uses an asynchronous callback to return the result. 1649 1650**System capability**: SystemCapability.Security.Huks.Core 1651 1652**Parameters** 1653 1654| Name | Type | Mandatory| Description | 1655| -------- | --------------------------- | ---- |--------------------------------------------------------| 1656| keyAlias | string | Yes | Alias of the key to check. | 1657| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1658| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, **data** is **true**. If the key does not exist, **error** is the error code.| 1659 1660**Error codes** 1661 1662For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1663 1664| ID| Error Message | 1665| -------- | ------------- | 1666| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1667| 801 | api is not supported. | 1668| 12000002 | algorithm param is missing. | 1669| 12000003 | algorithm param is invalid. | 1670| 12000004 | operating file failed. | 1671| 12000005 | IPC communication failed. | 1672| 12000006 | error occurred in crypto engine. | 1673| 12000011 | queried entity does not exist. | 1674| 12000012 | external error. | 1675| 12000014 | memory is insufficient. | 1676 1677**Example** 1678 1679```ts 1680import { huks } from '@kit.UniversalKeystoreKit'; 1681import { promptAction } from '@kit.ArkUI'; 1682/* Set options to emptyOptions. */ 1683let keyAlias = 'keyAlias'; 1684let emptyOptions: huks.HuksOptions = { 1685 properties: [] 1686}; 1687huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => { 1688 if (data) { 1689 promptAction.showToast({ 1690 message: "keyAlias: " + keyAlias +"is existed! ", 1691 duration: 2500, 1692 }) 1693 } else { 1694 promptAction.showToast({ 1695 message: "find key failed", 1696 duration: 2500, 1697 }) 1698 } 1699}); 1700``` 1701 1702## huks.isKeyItemExist<sup>9+</sup> 1703 1704isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1705 1706Checks whether a key exists. This API uses a promise to return the result. 1707 1708**System capability**: SystemCapability.Security.Huks.Extension 1709 1710**Parameters** 1711 1712| Name | Type | Mandatory| Description | 1713| -------- | --------------------------- | ---- | ------------------------ | 1714| keyAlias | string | Yes | Alias of the key to check. | 1715| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used.| 1716 1717**Return value** 1718 1719| Type | Description | 1720| ----------------- | --------------------------------------- | 1721| Promise\<boolean> | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.| 1722 1723**Error codes** 1724 1725For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1726 1727| ID| Error Message | 1728| -------- | ------------- | 1729| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1730| 801 | api is not supported. | 1731| 12000002 | algorithm param is missing. | 1732| 12000003 | algorithm param is invalid. | 1733| 12000004 | operating file failed. | 1734| 12000005 | IPC communication failed. | 1735| 12000006 | error occurred in crypto engine. | 1736| 12000011 | queried entity does not exist. | 1737| 12000012 | external error. | 1738| 12000014 | memory is insufficient. | 1739 1740**Example** 1741 1742```ts 1743import { huks } from '@kit.UniversalKeystoreKit'; 1744import { promptAction } from '@kit.ArkUI'; 1745 1746/* Set options to emptyOptions. */ 1747let keyAlias = 'keyAlias'; 1748let emptyOptions: huks.HuksOptions = { 1749 properties: [] 1750}; 1751huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => { 1752 promptAction.showToast({ 1753 message: "keyAlias: " + keyAlias +"is existed! ", 1754 duration: 500, 1755 }) 1756}).catch((error: Error)=>{ 1757 promptAction.showToast({ 1758 message: "find key failed", 1759 duration: 6500, 1760 }) 1761}) 1762``` 1763 1764## huks.hasKeyItem<sup>11+</sup> 1765 1766hasKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1767 1768Checks whether a key exists. This API uses an asynchronous callback to return the result. 1769 1770**Atomic service API**: This API can be used in atomic services since API version 11. 1771 1772**System capability**: SystemCapability.Security.Huks.Core 1773 1774**Parameters** 1775 1776| Name | Type | Mandatory| Description | 1777| -------- | --------------------------- | ---- |--------------------------------------------------------| 1778| keyAlias | string | Yes | Alias of the key to check. | 1779| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1780| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, **data** is **true**. Otherwise, **data** is **false**.| 1781 1782**Error codes** 1783 1784For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1785 1786| ID| Error Message | 1787| -------- | ------------- | 1788| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1789| 801 | api is not supported. | 1790| 12000002 | algorithm param is missing. | 1791| 12000003 | algorithm param is invalid. | 1792| 12000004 | operating file failed. | 1793| 12000005 | IPC communication failed. | 1794| 12000006 | error occurred in crypto engine. | 1795| 12000012 | external error. | 1796| 12000014 | memory is insufficient. | 1797 1798**Example** 1799 1800```ts 1801import { huks } from '@kit.UniversalKeystoreKit'; 1802import { promptAction } from '@kit.ArkUI'; 1803/* Set options to emptyOptions. */ 1804let keyAlias = 'keyAlias'; 1805let emptyOptions: huks.HuksOptions = { 1806 properties: [] 1807}; 1808 1809try { 1810 huks.hasKeyItem(keyAlias, emptyOptions, (error, data) => { 1811 if (data) { 1812 promptAction.showToast({ 1813 message: "keyAlias: " + keyAlias +" is existed!", 1814 duration: 2500, 1815 }) 1816 } else { 1817 promptAction.showToast({ 1818 message: "find key failed", 1819 duration: 2500, 1820 }) 1821 } 1822 }); 1823} catch (error) { 1824 console.error(`callback: hasKeyItem input args may be invalid`); 1825} 1826``` 1827 1828## huks.hasKeyItem<sup>11+</sup> 1829 1830hasKeyItem(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1831 1832Checks whether a key exists. This API uses a promise to return the result. 1833 1834**Atomic service API**: This API can be used in atomic services since API version 11. 1835 1836**System capability**: SystemCapability.Security.Huks.Extension 1837 1838**Parameters** 1839 1840| Name | Type | Mandatory| Description | 1841| -------- | --------------------------- | ---- | ------------------------ | 1842| keyAlias | string | Yes | Alias of the key to check. | 1843| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key. For example, you can pass in [HuksAuthStorageLevel](#huksauthstoragelevel11) to specify the security level of the key to check. **HuksAuthStorageLevel** can be left empty, which means the default value **HUKS_AUTH_STORAGE_LEVEL_DE** is used. | 1844 1845**Return value** 1846 1847| Type | Description | 1848| ----------------- | --------------------------------------- | 1849| Promise\<boolean> | Promise used to return the result. If the key exists, **true** is returned. If the key does not exist, **false** is returned.| 1850 1851**Error codes** 1852 1853For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1854 1855| ID| Error Message | 1856| -------- | ------------- | 1857| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1858| 801 | api is not supported. | 1859| 12000002 | algorithm param is missing. | 1860| 12000003 | algorithm param is invalid. | 1861| 12000004 | operating file failed. | 1862| 12000005 | IPC communication failed. | 1863| 12000006 | error occurred in crypto engine. | 1864| 12000012 | external error. | 1865| 12000014 | memory is insufficient. | 1866 1867**Example** 1868 1869```ts 1870import { huks } from '@kit.UniversalKeystoreKit'; 1871import { promptAction } from '@kit.ArkUI'; 1872 1873/* Set options to emptyOptions. */ 1874let keyAlias = 'keyAlias'; 1875let emptyOptions: huks.HuksOptions = { 1876 properties: [] 1877}; 1878huks.hasKeyItem(keyAlias, emptyOptions).then((data) => { 1879 if (data) { 1880 promptAction.showToast({ 1881 message: "keyAlias: " + keyAlias +" is existed!", 1882 duration: 2500, 1883 }) 1884 } else { 1885 promptAction.showToast({ 1886 message: "find key failed", 1887 duration: 2500, 1888 }) 1889 } 1890}).catch((error: Error)=>{ 1891 promptAction.showToast({ 1892 message: "find key failed", 1893 duration: 6500, 1894 }) 1895}) 1896``` 1897 1898## huks.initSession<sup>9+</sup> 1899 1900initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksSessionHandle>) : void 1901 1902Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1903 1904**Atomic service API**: This API can be used in atomic services since API version 11. 1905 1906**System capability**: SystemCapability.Security.Huks.Core 1907 1908**Parameters** 1909 1910| Name | Type | Mandatory| Description | 1911| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 1912| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1913| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1914| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback used to return a session handle for subsequent operations.| 1915 1916**Error codes** 1917 1918For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1919 1920| ID| Error Message | 1921| -------- | ------------- | 1922| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1923| 801 | api is not supported. | 1924| 12000001 | algorithm mode is not supported. | 1925| 12000002 | algorithm param is missing. | 1926| 12000003 | algorithm param is invalid. | 1927| 12000004 | operating file failed. | 1928| 12000005 | IPC communication failed. | 1929| 12000006 | error occurred in crypto engine. | 1930| 12000010 | the number of sessions has reached limit. | 1931| 12000011 | queried entity does not exist. | 1932| 12000012 | external error. | 1933| 12000014 | memory is insufficient. | 1934 1935## huks.initSession<sup>9+</sup> 1936 1937initSession(keyAlias: string, options: HuksOptions) : Promise\<HuksSessionHandle> 1938 1939Initializes a session for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1940 1941**Atomic service API**: This API can be used in atomic services since API version 11. 1942 1943**System capability**: SystemCapability.Security.Huks.Extension 1944 1945**Parameters** 1946 1947| Name | Type | Mandatory| Description | 1948| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1949| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1950| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1951 1952**Return value** 1953 1954| Type | Description | 1955| ----------------------------------- | -------------------------------------------------- | 1956| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations.| 1957 1958**Error codes** 1959 1960For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1961 1962| ID| Error Message | 1963| -------- | ------------- | 1964| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1965| 801 | api is not supported. | 1966| 12000001 | algorithm mode is not supported. | 1967| 12000002 | algorithm param is missing. | 1968| 12000003 | algorithm param is invalid. | 1969| 12000004 | operating file failed. | 1970| 12000005 | IPC communication failed. | 1971| 12000006 | error occurred in crypto engine. | 1972| 12000010 | the number of sessions has reached limit. | 1973| 12000011 | queried entity does not exist. | 1974| 12000012 | external error. | 1975| 12000014 | memory is insufficient. | 1976 1977## huks.updateSession<sup>9+</sup> 1978 1979updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1980 1981Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1982 1983**Atomic service API**: This API can be used in atomic services since API version 11. 1984 1985**System capability**: SystemCapability.Security.Huks.Core 1986 1987**Parameters** 1988 1989| Name | Type | Mandatory| Description | 1990| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1991| handle | number | Yes | Handle for the **updateSession** operation. | 1992| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1993| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.| 1994 1995**Error codes** 1996 1997For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 1998 1999| ID| Error Message | 2000| -------- | ------------- | 2001| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2002| 801 | api is not supported. | 2003| 12000001 | algorithm mode is not supported. | 2004| 12000002 | algorithm param is missing. | 2005| 12000003 | algorithm param is invalid. | 2006| 12000004 | operating file failed. | 2007| 12000005 | IPC communication failed. | 2008| 12000006 | error occurred in crypto engine. | 2009| 12000007 | this credential is already invalidated permanently. | 2010| 12000008 | verify auth token failed. | 2011| 12000009 | auth token is already timeout. | 2012| 12000011 | queried entity does not exist. | 2013| 12000012 | external error. | 2014| 12000014 | memory is insufficient. | 2015 2016## huks.updateSession<sup>9+</sup> 2017 2018updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2019 2020Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2021 2022**Atomic service API**: This API can be used in atomic services since API version 12. 2023 2024**System capability**: SystemCapability.Security.Huks.Extension 2025 2026**Parameters** 2027 2028| Name | Type | Mandatory| Description | 2029| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2030| handle | number | Yes | Handle for the **updateSession** operation. | 2031| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2032| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). | 2033| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **updateSession** operation result.| 2034 2035**Error codes** 2036 2037For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2038 2039| ID| Error Message | 2040| -------- | ------------- | 2041| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2042| 801 | api is not supported. | 2043| 12000001 | algorithm mode is not supported. | 2044| 12000002 | algorithm param is missing. | 2045| 12000003 | algorithm param is invalid. | 2046| 12000004 | operating file failed. | 2047| 12000005 | IPC communication failed. | 2048| 12000006 | error occurred in crypto engine. | 2049| 12000007 | this credential is already invalidated permanently. | 2050| 12000008 | verify auth token failed. | 2051| 12000009 | auth token is already timeout. | 2052| 12000011 | queried entity does not exist. | 2053| 12000012 | external error. | 2054| 12000014 | memory is insufficient. | 2055 2056## huks.updateSession<sup>9+</sup> 2057 2058updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2059 2060Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2061 2062**Atomic service API**: This API can be used in atomic services since API version 11. 2063 2064**System capability**: SystemCapability.Security.Huks.Extension 2065 2066**Parameters** 2067 2068| Name | Type | Mandatory| Description | 2069| ------- | ---------------------------------------------- | ---- | -------------------------------------------- | 2070| handle | number | Yes | Handle for the **updateSession** operation. | 2071| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2072| token | Uint8Array | No |Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. | 2073 2074**Return value** 2075 2076| Type | Description | 2077| ----------------------------------- | -------------------------------------------------- | 2078| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the **updateSession** operation result.| 2079 2080**Error codes** 2081 2082For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2083 2084| ID| Error Message | 2085| -------- | ------------- | 2086| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2087| 801 | api is not supported. | 2088| 12000001 | algorithm mode is not supported. | 2089| 12000002 | algorithm param is missing. | 2090| 12000003 | algorithm param is invalid. | 2091| 12000004 | operating file failed. | 2092| 12000005 | IPC communication failed. | 2093| 12000006 | error occurred in crypto engine. | 2094| 12000007 | this credential is already invalidated permanently. | 2095| 12000008 | verify auth token failed. | 2096| 12000009 | auth token is already timeout. | 2097| 12000011 | queried entity does not exist. | 2098| 12000012 | external error. | 2099| 12000014 | memory is insufficient. | 2100 2101## huks.finishSession<sup>9+</sup> 2102 2103finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 2104 2105Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2106 2107**Atomic service API**: This API can be used in atomic services since API version 11. 2108 2109**System capability**: SystemCapability.Security.Huks.Core 2110 2111**Parameters** 2112 2113| Name | Type | Mandatory| Description | 2114| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2115| handle | number | Yes | Handle for the **finishSession** operation. | 2116| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2117| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.| 2118 2119**Error codes** 2120 2121For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2122 2123| ID| Error Message | 2124| -------- | ------------- | 2125| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2126| 801 | api is not supported. | 2127| 12000001 | algorithm mode is not supported. | 2128| 12000002 | algorithm param is missing. | 2129| 12000003 | algorithm param is invalid. | 2130| 12000004 | operating file failed. | 2131| 12000005 | IPC communication failed. | 2132| 12000006 | error occurred in crypto engine. | 2133| 12000007 | this credential is already invalidated permanently. | 2134| 12000008 | verify auth token failed. | 2135| 12000009 | auth token is already timeout. | 2136| 12000011 | queried entity does not exist. | 2137| 12000012 | external error. | 2138| 12000014 | memory is insufficient. | 2139 2140## huks.finishSession<sup>9+</sup> 2141 2142finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2143 2144Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2145 2146**Atomic service API**: This API can be used in atomic services since API version 12. 2147 2148**System capability**: SystemCapability.Security.Huks.Extension 2149 2150**Parameters** 2151 2152| Name | Type | Mandatory| Description | 2153| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- | 2154| handle | number | Yes | Handle for the **finishSession** operation. | 2155| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2156| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). | 2157| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the **finishSession** operation result.| 2158 2159**Error codes** 2160 2161For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2162 2163| ID| Error Message | 2164| -------- | ------------- | 2165| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2166| 801 | api is not supported. | 2167| 12000001 | algorithm mode is not supported. | 2168| 12000002 | algorithm param is missing. | 2169| 12000003 | algorithm param is invalid. | 2170| 12000004 | operating file failed. | 2171| 12000005 | IPC communication failed. | 2172| 12000006 | error occurred in crypto engine. | 2173| 12000007 | this credential is already invalidated permanently. | 2174| 12000008 | verify auth token failed. | 2175| 12000009 | auth token is already timeout. | 2176| 12000011 | queried entity does not exist. | 2177| 12000012 | external error. | 2178| 12000014 | memory is insufficient. | 2179 2180## huks.finishSession<sup>9+</sup> 2181 2182finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2183 2184Finishes the key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2185 2186**Atomic service API**: This API can be used in atomic services since API version 11. 2187 2188**System capability**: SystemCapability.Security.Huks.Extension 2189 2190**Parameters** 2191 2192| Name | Type | Mandatory| Description | 2193| ------- | ----------------------------------------------- | ---- | ----------------------------------- | 2194| handle | number | Yes | Handle for the **finishSession** operation. | 2195| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2196| token | Uint8Array | No | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md). If this parameter is left blank, refined key access control is not performed. | 2197 2198**Return value** 2199 2200| Type | Description | 2201| ----------------------------------- | -------------------------------------------------- | 2202| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 2203 2204**Error codes** 2205 2206For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2207 2208| ID| Error Message | 2209| -------- | ------------- | 2210| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2211| 801 | api is not supported. | 2212| 12000001 | algorithm mode is not supported. | 2213| 12000002 | algorithm param is missing. | 2214| 12000003 | algorithm param is invalid. | 2215| 12000004 | operating file failed. | 2216| 12000005 | IPC communication failed. | 2217| 12000006 | error occurred in crypto engine. | 2218| 12000007 | this credential is already invalidated permanently. | 2219| 12000008 | verify auth token failed. | 2220| 12000009 | auth token is already timeout. | 2221| 12000011 | queried entity does not exist. | 2222| 12000012 | external error. | 2223| 12000014 | memory is insufficient. | 2224 2225## huks.abortSession<sup>9+</sup> 2226 2227abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\<void>) : void 2228 2229Aborts a key operation. This API uses an asynchronous callback to return the result. 2230 2231**Atomic service API**: This API can be used in atomic services since API version 11. 2232 2233**System capability**: SystemCapability.Security.Huks.Core 2234 2235**Parameters** 2236 2237| Name | Type | Mandatory| Description | 2238| -------- | --------------------------- | ---- | ------------------------------------------- | 2239| handle | number | Yes | Handle for the **abortSession** operation. | 2240| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2241| callback | AsyncCallback\<void> | Yes | Callback used to return the **abortSession** operation result.| 2242 2243**Error codes** 2244 2245For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2246 2247| ID| Error Message | 2248| -------- | ------------- | 2249| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2250| 801 | api is not supported. | 2251| 12000004 | operating file failed. | 2252| 12000005 | IPC communication failed. | 2253| 12000006 | error occurred in crypto engine. | 2254| 12000012 | external error. | 2255| 12000014 | memory is insufficient. | 2256 2257**Example** 2258 2259```ts 2260import { huks } from '@kit.UniversalKeystoreKit'; 2261/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2262 * If an error occurs in any of huks.initSession, huks.updateSession, 2263 * and huks.finishSession operations, 2264 * call huks.abortSession to terminate the use of the key. 2265 * 2266 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 2267 */ 2268 2269let keyAlias = "HuksDemoRSA"; 2270let properties: Array<huks.HuksParam> = [] 2271let options: huks.HuksOptions = { 2272 properties: properties, 2273 inData: new Uint8Array(0) 2274}; 2275let handle: number = 0; 2276async function huksAbort() { 2277 properties[0] = { 2278 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2279 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2280 }; 2281 properties[1] = { 2282 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2283 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2284 }; 2285 properties[2] = { 2286 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2287 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2288 }; 2289 properties[3] = { 2290 tag: huks.HuksTag.HUKS_TAG_PADDING, 2291 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2292 }; 2293 properties[4] = { 2294 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2295 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2296 }; 2297 properties[5] = { 2298 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2299 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2300 } 2301 try { 2302 huks.generateKeyItem(keyAlias, options, (error, data) => { 2303 if (error) { 2304 console.error(`callback: generateKeyItem failed`); 2305 } else { 2306 console.info(`callback: generateKeyItem success`); 2307 huks.initSession(keyAlias, options, (error, data) => {// Use abortSession to abort initSession. 2308 if (error) { 2309 console.error(`callback: initSession failed`); 2310 } else { 2311 console.info(`callback: initSession success, data = ${JSON.stringify(data)}`); 2312 handle = data.handle; 2313 huks.abortSession(handle, options, (error, data) => { 2314 if (error) { 2315 console.error(`callback: abortSession failed`); 2316 } else { 2317 console.info(`callback: abortSession success`); 2318 } 2319 }); 2320 } 2321 }); 2322 } 2323 }); 2324 } catch (error) { 2325 console.error(`callback: huksAbort failed`); 2326 } 2327} 2328``` 2329 2330## huks.abortSession<sup>9+</sup> 2331 2332abortSession(handle: number, options: HuksOptions) : Promise\<void>; 2333 2334Aborts a key operation. This API uses a promise to return the result. 2335 2336**Atomic service API**: This API can be used in atomic services since API version 11. 2337 2338**System capability**: SystemCapability.Security.Huks.Extension 2339 2340**Parameters** 2341 2342| Name | Type | Mandatory| Description | 2343| ------- | --------------------------- | ---- | ------------------------------------------- | 2344| handle | number | Yes | Handle for the **abortSession** operation. | 2345| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2346 2347**Return value** 2348 2349| Type | Description | 2350| ----------------------------------- | -------------------------------------------------- | 2351| Promise\<void> | Promise used to return the **abortSession** operation result.| 2352 2353**Error codes** 2354 2355For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2356 2357| ID| Error Message | 2358| -------- | ------------- | 2359| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2360| 801 | api is not supported. | 2361| 12000004 | operating file failed. | 2362| 12000005 | IPC communication failed. | 2363| 12000006 | error occurred in crypto engine. | 2364| 12000012 | external error. | 2365| 12000014 | memory is insufficient. | 2366 2367**Example** 2368 2369```ts 2370import { huks } from '@kit.UniversalKeystoreKit'; 2371/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2372 * If an error occurs in any of huks.initSession, huks.updateSession, 2373 * and huks.finishSession operations, 2374 * call huks.abortSession to terminate the use of the key. 2375 * 2376 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 2377 */ 2378 2379function stringToUint8Array(str: string) { 2380 let arr: number[] = []; 2381 for (let i = 0, j = str.length; i < j; ++i) { 2382 arr.push(str.charCodeAt(i)); 2383 } 2384 let tmpUint8Array = new Uint8Array(arr); 2385 return tmpUint8Array; 2386} 2387 2388let keyAlias = "HuksDemoRSA"; 2389let properties: Array<huks.HuksParam> = [] 2390let options: huks.HuksOptions = { 2391 properties: properties, 2392 inData: new Uint8Array(0) 2393}; 2394let handle: number = 0; 2395 2396async function generateKey() { 2397 properties[0] = { 2398 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2399 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2400 }; 2401 properties[1] = { 2402 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2403 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2404 }; 2405 properties[2] = { 2406 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2407 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2408 }; 2409 properties[3] = { 2410 tag: huks.HuksTag.HUKS_TAG_PADDING, 2411 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2412 }; 2413 properties[4] = { 2414 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2415 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2416 }; 2417 properties[5] = { 2418 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2419 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2420 } 2421 2422 try { 2423 await huks.generateKeyItem(keyAlias, options) 2424 .then((data) => { 2425 console.info(`promise: generateKeyItem success`); 2426 }) 2427 .catch((error: Error) => { 2428 console.error(`promise: generateKeyItem failed`); 2429 }); 2430 } catch (error) { 2431 console.error(`promise: generateKeyItem input arg invalid`); 2432 } 2433} 2434 2435async function huksInit() { 2436 console.info('enter huksInit'); 2437 try { 2438 await huks.initSession(keyAlias, options) 2439 .then((data) => { 2440 console.info(`promise: initSession success, data = ${JSON.stringify(data)}`); 2441 handle = data.handle; 2442 }) 2443 .catch((error: Error) => { 2444 console.error(`promise: initSession key failed`); 2445 }); 2446 } catch (error) { 2447 console.error(`promise: initSession input arg invalid`); 2448 } 2449} 2450 2451async function huksUpdate() { 2452 console.info('enter huksUpdate'); 2453 options.inData = stringToUint8Array("huksHmacTest"); 2454 try { 2455 await huks.updateSession(handle, options) 2456 .then((data) => { 2457 console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`); 2458 }) 2459 .catch((error: Error) => { 2460 console.error(`promise: updateSession failed`); 2461 }); 2462 } catch (error) { 2463 console.error(`promise: updateSession input arg invalid`); 2464 } 2465} 2466 2467async function huksFinish() { 2468 console.info('enter huksFinish'); 2469 options.inData = new Uint8Array(0); 2470 try { 2471 await huks.finishSession(handle, options) 2472 .then((data) => { 2473 console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`); 2474 }) 2475 .catch((error: Error) => { 2476 console.error(`promise: finishSession failed`); 2477 }); 2478 } catch (error) { 2479 console.error(`promise: finishSession input arg invalid`); 2480 } 2481} 2482 2483async function huksAbort() { 2484 console.info('enter huksAbort'); 2485 try { 2486 await huks.abortSession(handle, options) 2487 .then((data) => { 2488 console.info(`promise: abortSession success`); 2489 }) 2490 .catch((error: Error) => { 2491 console.error(`promise: abortSession failed`); 2492 }); 2493 } catch (error) { 2494 console.error(`promise: abortSession input arg invalid`); 2495 } 2496} 2497 2498async function testAbort() { 2499 await generateKey(); 2500 await huksInit(); // Use abortSession to abort initSession. 2501 await huksAbort(); 2502} 2503``` 2504 2505## huks.listAliases<sup>12+</sup> 2506 2507listAliases(options: HuksOptions): Promise\<HuksListAliasesReturnResult>; 2508 2509Lists key aliases. This API uses a promise to return the result. 2510 2511**Atomic service API**: This API can be used in atomic services since API version 12. 2512 2513**System capability**: SystemCapability.Security.Huks.Extension 2514 2515**Parameters** 2516 2517| Name | Type | Mandatory| Description | 2518| ------- | --------------------------- | ---- | ------------------------------------------- | 2519| options | [HuksOptions](#huksoptions) | Yes | Parameters for listing key aliases. | 2520 2521 2522**Return value** 2523 2524| Type | Description | 2525| ----------------------------------- | -------------------------------------------------- | 2526| Promise<[HuksListAliasesReturnResult](#hukslistaliasesreturnresult12)> | Promise used to return the key aliases obtained.| 2527 2528**Error codes** 2529 2530For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2531 2532| ID| Error Message | 2533| -------- | ------------- | 2534| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2535| 12000004 | operating file failed. | 2536| 12000005 | IPC communication failed. | 2537| 12000012 | external error. | 2538| 12000014 | memory is insufficient. | 2539 2540**Example** 2541 2542```ts 2543import { huks } from '@kit.UniversalKeystoreKit' 2544 2545async function testListAliases() { 2546 let queryProperties: Array<huks.HuksParam> = [ 2547 { 2548 tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 2549 value: huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_DE 2550 } 2551 ]; 2552 let queryOptions: huks.HuksOptions = { 2553 properties: queryProperties 2554 }; 2555 2556 try { 2557 let result: huks.HuksListAliasesReturnResult = await huks.listAliases(queryOptions); 2558 console.info(`promise: listAliases success`); 2559 } catch (error) { 2560 console.error(`promise: listAliases fail , code: ` + error.code + `, msg: ` + error.message); 2561 } 2562} 2563 2564``` 2565 2566 2567## HuksExceptionErrCode<sup>9+</sup> 2568 2569Enumerates the error codes. 2570 2571For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 2572 2573**System capability**: SystemCapability.Security.Huks.Core 2574 2575| Name | Value| Description | 2576| ---------------------------------------------- | -------- |--------------------------- | 2577| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2578| HUKS_ERR_CODE_NOT_SYSTEM_APP<sup>12+</sup> | 202 | The caller is not a system application and cannot call the system API.<br> **System capability**: SystemCapability.Security.Huks.Core | 2579| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. Possible causes: 1. Mandatory parameters are left unspecified.2. Incorrect parameter types.3. Parameter verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2580| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2581| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2582| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2583| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2584| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2585| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2586| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2587| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2588| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2589| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2590| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2591| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2592| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2593| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2594| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2595| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2596| HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET<sup>11+</sup> | 12000016 | The required lock screen password is not set.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2597 2598## HuksKeyPurpose 2599 2600Enumerates the key purposes. 2601 2602**System capability**: SystemCapability.Security.Huks.Core 2603 2604| Name | Value | Description | 2605| ------------------------ | ---- | -------------------------------- | 2606| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2607| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2608| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2609| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2610| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2611| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2612| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2613| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2614| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2615 2616## HuksKeyDigest 2617 2618Enumerates the digest algorithms. 2619 2620**Atomic service API**: This API can be used in atomic services since API version 12. 2621 2622**System capability**: SystemCapability.Security.Huks.Core 2623 2624The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2625 2626| Name | Value | Description | 2627| ---------------------- | ---- | ---------------------------------------- | 2628| HUKS_DIGEST_NONE | 0 | No digest algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2629| HUKS_DIGEST_MD5 | 1 | MD5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2630| HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup> | 2631| HUKS_DIGEST_SHA1 | 10 | SHA-1.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2632| HUKS_DIGEST_SHA224 | 11 | SHA-224.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2633| HUKS_DIGEST_SHA256 | 12 | SHA-256.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2634| HUKS_DIGEST_SHA384 | 13 | SHA-384.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2635| HUKS_DIGEST_SHA512 | 14 | SHA-512.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2636 2637## HuksKeyPadding 2638 2639Enumerates the padding algorithms. 2640 2641**System capability**: SystemCapability.Security.Huks.Core 2642 2643| Name | Value | Description | 2644| ---------------------- | ---- | ---------------------------------------- | 2645| HUKS_PADDING_NONE | 0 | No padding algorithm is used.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2646| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2647| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2648| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2649| HUKS_PADDING_PKCS5 | 4 | PKCS #5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2650| HUKS_PADDING_PKCS7 | 5 | PKCS #7.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2651| HUKS_PADDING_ISO_IEC_9796_2<sup>12+</sup> | 6 | ISO_IEC_9796_2<!--Del--> (not supported currently) <!--DelEnd-->.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2652| HUKS_PADDING_ISO_IEC_9797_1<sup>12+</sup> | 7 | ISO_IEC_9797_1<!--Del--> (not supported currently) <!--DelEnd-->.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2653 2654## HuksCipherMode 2655 2656Enumerates the cipher modes. 2657 2658**System capability**: SystemCapability.Security.Huks.Core 2659 2660| Name | Value | Description | 2661| ------------- | ---- | --------------------- | 2662| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core | 2663| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core | 2664| HUKS_MODE_CTR | 3 | Counter (CTR) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core | 2665| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2666| HUKS_MODE_CFB<sup>12+</sup> | 5 | Ciphertext Feedback (CFB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core | 2667| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2668| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2669 2670## HuksKeySize 2671 2672Enumerates the key sizes. 2673 2674**System capability**: SystemCapability.Security.Huks.Core 2675 2676| Name | Value | Description | 2677| ---------------------------------- | ---- | ------------------------------------------ | 2678| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2679| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2680| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2681| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2682| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2683| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2684| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2685| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2686| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2687| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2688| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2689| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2690| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2691| HUKS_AES_KEY_SIZE_512<sup>(deprecated)</sup> | 512 | AES key of 512 bits.<br/>This API is deprecated since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2692| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2693| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2694| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2695| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup> | 2696| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | ShangMi2 (SM2) key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup> | 2697| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | ShangMi4 (SM4) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup> | 2698| HUKS_DES_KEY_SIZE_64<sup>12+</sup> | 64 | DES key of 64 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2699| HUKS_3DES_KEY_SIZE_128<sup>12+</sup> | 128 | 3DES key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2700| HUKS_3DES_KEY_SIZE_192<sup>12+</sup> | 192 | 3DES key of 192 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2701 2702## HuksKeyAlg 2703 2704Enumerates the key algorithms. 2705 2706**System capability**: SystemCapability.Security.Huks.Core 2707 2708| Name | Value | Description | 2709| ------------------------- | ---- | --------------------- | 2710| HUKS_ALG_RSA | 1 | RSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2711| HUKS_ALG_ECC | 2 | ECC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2712| HUKS_ALG_DSA | 3 | DSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2713| HUKS_ALG_AES | 20 | AES.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2714| HUKS_ALG_HMAC | 50 | HMAC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2715| HUKS_ALG_HKDF | 51 | HKDF.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2716| HUKS_ALG_PBKDF2 | 52 | PBKDF2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2717| HUKS_ALG_ECDH | 100 | ECDH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2718| HUKS_ALG_X25519 | 101 | X25519. <br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2719| HUKS_ALG_ED25519 | 102 | Ed25519.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2720| HUKS_ALG_DH | 103 | DH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2721| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2722| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2723| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2724| HUKS_ALG_DES<sup>12+</sup> | 160 | DES.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2725| HUKS_ALG_3DES<sup>12+</sup> | 161 | 3DES.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2726| HUKS_ALG_CMAC<sup>12+</sup> | 162 | CMAC<!--Del--> (not supported currently) <!--DelEnd-->.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2727 2728## HuksKeyGenerateType 2729 2730Enumerates the key generation types. 2731 2732**Atomic service API**: This API can be used in atomic services since API version 12. 2733 2734**System capability**: SystemCapability.Security.Huks.Core 2735 2736The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2737 2738| Name | Value | Description | 2739| ------------------------------ | ---- | ---------------- | 2740| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.| 2741| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.| 2742| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.| 2743 2744## HuksKeyFlag 2745 2746Enumerates the key generation modes. 2747 2748**Atomic service API**: This API can be used in atomic services since API version 12. 2749 2750**System capability**: SystemCapability.Security.Huks.Core 2751 2752| Name | Value | Description | 2753| -------------------------- | ---- | ------------------------------------ | 2754| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. | 2755| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. | 2756| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.| 2757| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.| 2758 2759## HuksKeyStorageType 2760 2761Enumerates the key storage modes. 2762 2763**System capability**: SystemCapability.Security.Huks.Core 2764 2765| Name | Value | Description | 2766| -------------------------------------------- | ---- | ------------------------------ | 2767| HUKS_STORAGE_TEMP<sup>(deprecated)</sup> | 0 | The key is managed locally.<br>**NOTE**<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2768| HUKS_STORAGE_PERSISTENT<sup>(deprecated)</sup> | 1 | The key is managed by the HUKS service.<br>**NOTE**<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2769| HUKS_STORAGE_ONLY_USED_IN_HUKS<sup>10+</sup> | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2770| HUKS_STORAGE_KEY_EXPORT_ALLOWED<sup>10+</sup> | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2771 2772## HuksSendType 2773 2774Enumerates the tag transfer modes. 2775 2776**Atomic service API**: This API can be used in atomic services since API version 12. 2777 2778**System capability**: SystemCapability.Security.Huks.Core 2779 2780The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2781 2782| Name | Value | Description | 2783| -------------------- | ---- | ----------------- | 2784| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.| 2785| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.| 2786 2787## HuksUnwrapSuite<sup>9+</sup> 2788 2789Enumerates the algorithm suites that can be used for importing a key in ciphertext. 2790 2791**Atomic service API**: This API can be used in atomic services since API version 12. 2792 2793**System capability**: SystemCapability.Security.Huks.Core 2794 2795The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12 2796 2797| Name | Value | Description | 2798| ---------------------------------------------- | ---- | ----------------------------------------------------- | 2799| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.| 2800| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. | 2801 2802## HuksImportKeyType<sup>9+</sup> 2803 2804Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported. 2805 2806**Atomic service API**: This API can be used in atomic services since API version 12. 2807 2808**System capability**: SystemCapability.Security.Huks.Core 2809 2810The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12 2811 2812| Name | Value | Description | 2813| ------------------------- | ---- | ------------------------------ | 2814| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key. | 2815| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key. | 2816| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair. | 2817 2818## HuksRsaPssSaltLenType<sup>10+</sup> 2819 2820Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification. 2821 2822**Atomic service API**: This API can be used in atomic services since API version 12. 2823 2824**System capability**: SystemCapability.Security.Huks.Core 2825 2826The system capability is **SystemCapability.Security.Huks.Extension** in API versions 10 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2827 2828| Name | Value | Description | 2829| ------------------------------------------ | ---- | ---------------------------- | 2830| HUKS_RSA_PSS_SALT_LEN_DIGEST<sup>10+</sup> | 0 | **salt_len** is set to the digest length.| 2831| HUKS_RSA_PSS_SALT_LEN_MAX<sup>10+</sup> | 1 | **salt_len** is set to the maximum length.| 2832 2833## HuksUserAuthType<sup>9+</sup> 2834 2835Enumerates the user authentication types. 2836 2837**Atomic service API**: This API can be used in atomic services since API version 12. 2838 2839**System capability**: SystemCapability.Security.Huks.Extension 2840 2841| Name | Value | Description | 2842| ------------------------------- | ---- | ------------------------- | 2843| both.| 1 << 0 | Fingerprint authentication. | 2844| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.| 2845| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.| 2846 2847## HuksUserAuthMode<sup>12+</sup> 2848 2849Enumerates the user authentication modes. 2850 2851**Atomic service API**: This API can be used in atomic services since API version 12. 2852 2853**System capability**: SystemCapability.Security.Huks.Extension 2854 2855| Name | Value | Description | 2856| ------------------------------- | ---- | ------------------------- | 2857| HUKS_USER_AUTH_MODE_LOCAL | 0 | Local authentication. | 2858| HUKS_USER_AUTH_MODE_COAUTH | 1 | Cross-device collaborative authentication.| 2859 2860## HuksAuthAccessType<sup>9+</sup> 2861 2862Enumerates the access control types. 2863 2864**Atomic service API**: This API can be used in atomic services since API version 12. 2865 2866**System capability**: SystemCapability.Security.Huks.Extension 2867 2868| Name | Value | Description | 2869| --------------------------------------- | ---- | ------------------------------------------------ | 2870| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. | 2871| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.| 2872| HUKS_AUTH_ACCESS_ALWAYS_VALID<sup>11+</sup> | 1 << 2 | The key is always valid.| 2873 2874## HuksChallengeType<sup>9+</sup> 2875 2876Enumerates the types of the challenges generated when a key is used. 2877 2878**Atomic service API**: This API can be used in atomic services since API version 12. 2879 2880**System capability**: SystemCapability.Security.Huks.Extension 2881 2882| Name | Value | Description | 2883| ------------------------------- | ---- | ------------------------------ | 2884| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.| 2885| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.| 2886| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.| 2887 2888## HuksChallengePosition<sup>9+</sup> 2889 2890Enumerates the positions of the 8-byte valid value in a custom challenge generated. 2891 2892**Atomic service API**: This API can be used in atomic services since API version 12. 2893 2894**System capability**: SystemCapability.Security.Huks.Extension 2895 2896| Name | Value | Description | 2897| ------------------------------- | ---- | ------------------------------ | 2898| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.| 2899| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.| 2900| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.| 2901| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.| 2902 2903## HuksSecureSignType<sup>9+</sup> 2904 2905Enumerates the signature types of the key generated or imported. 2906 2907**Atomic service API**: This API can be used in atomic services since API version 12. 2908 2909**System capability**: SystemCapability.Security.Huks.Extension 2910 2911| Name | Value | Description | 2912| ------------------------------ | ---- | ------------------------------------------------------------ | 2913| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.| 2914 2915## HuksAuthStorageLevel<sup>11+</sup> 2916 2917Enumerates the storage security levels of a key. 2918 2919**Atomic service API**: This API can be used in atomic services since API version 12. 2920 2921**System capability**: SystemCapability.Security.Huks.Core 2922 2923The system capability is **SystemCapability.Security.Huks.Extension** in API version 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2924 2925| Name | Value | Description | 2926| ------------------------------ | ---- | ------------------------------------------------------------ | 2927| HUKS_AUTH_STORAGE_LEVEL_DE | 0 | The key can be accessed only after the device is started.| 2928| HUKS_AUTH_STORAGE_LEVEL_CE | 1 | The key can be accessed only after the first unlock of the device.| 2929| HUKS_AUTH_STORAGE_LEVEL_ECE | 2 | The key can be accessed only when the device is unlocked.| 2930 2931## HuksTagType 2932 2933Enumerates the tag data types. 2934 2935**Atomic service API**: This API can be used in atomic services since API version 11. 2936 2937**System capability**: SystemCapability.Security.Huks.Core 2938 2939| Name | Value | Description | 2940| --------------------- | ------- | --------------------------------------- | 2941| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | 2942| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | 2943| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.| 2944| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. | 2945| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | 2946| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | 2947 2948## HuksTag 2949 2950Enumerates the tags used to invoke parameters. 2951 2952**System capability**: SystemCapability.Security.Huks.Core 2953 2954| Name | Value | Description | 2955| ----------------------------------------------------------- | ---------------------------------------- | ------------------------------------------------------------ | 2956| HUKS_TAG_INVALID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2957| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2958| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2959| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2960| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2961| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2962| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2963| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2964| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2965| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Nonce for key encryption and decryption.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2966| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2967| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2968| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2969| HUKS_TAG_PWD<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2970| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2971| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2972| HUKS_TAG_DERIVE_MAIN_KEY<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2973| HUKS_TAG_DERIVE_FACTOR<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2974| HUKS_TAG_DERIVE_ALG<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2975| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2976| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2977| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2978| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2979| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2980| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2981| HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2982| HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2983| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2984| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2985| HUKS_TAG_ACTIVE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2986| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2987| HUKS_TAG_USAGE_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2988| HUKS_TAG_CREATION_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2989| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2990| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2991| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2992| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HUKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set the user authentication type to **HUKS_USER_AUTH_TYPE_FACE**, **HUKS_USER_AUTH_TYPE_FINGERPRINT**, or| both.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2993| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | One-time validity period of the authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2994| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2995| HUKS_TAG_KEY_AUTH_ACCESS_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2996| HUKS_TAG_KEY_SECURE_SIGN_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2997| HUKS_TAG_CHALLENGE_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2998| HUKS_TAG_CHALLENGE_POS<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2999| HUKS_TAG_KEY_AUTH_PURPOSE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3000| HUKS_TAG_AUTH_STORAGE_LEVEL<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|316 | Key storage security level, which is a value of [HuksAuthStorageLevel](#huksauthstoragelevel11).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3001| HUKS_TAG_USER_AUTH_MODE<sup>12+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 319 | User authentication mode, which is a value of [HuksUserAuthMode](#huksuserauthmode12).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3002| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3003| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3004| HUKS_TAG_ATTESTATION_ID_BRAND<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3005| HUKS_TAG_ATTESTATION_ID_DEVICE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3006| HUKS_TAG_ATTESTATION_ID_PRODUCT<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3007| HUKS_TAG_ATTESTATION_ID_SERIAL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3008| HUKS_TAG_ATTESTATION_ID_IMEI<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3009| HUKS_TAG_ATTESTATION_ID_MEID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3010| HUKS_TAG_ATTESTATION_ID_MANUFACTURER<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3011| HUKS_TAG_ATTESTATION_ID_MODEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3012| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3013| HUKS_TAG_ATTESTATION_ID_SOCID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3014| HUKS_TAG_ATTESTATION_ID_UDID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3015| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3016| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3017| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3018| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3019| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3020| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3021| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3022| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3023| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3024| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3025| HUKS_TAG_SECURE_KEY_ALIAS<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3026| HUKS_TAG_SECURE_KEY_UUID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3027| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3028| HUKS_TAG_IS_DEVICE_PASSWORD_SET<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1012 | Whether the key is accessible only when the user sets a lock screen password.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3029| HUKS_TAG_PROCESS_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3030| HUKS_TAG_PACKAGE_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3031| HUKS_TAG_ACCESS_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3032| HUKS_TAG_USES_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3033| HUKS_TAG_CRYPTO_CTX<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3034| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3035| HUKS_TAG_KEY_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3036| HUKS_TAG_PAYLOAD_LEN<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 3037| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 3038| HUKS_TAG_IS_KEY_HANDLE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3039| HUKS_TAG_OS_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3040| HUKS_TAG_OS_PATCHLEVEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 3041| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 3042| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3043| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 3044 3045## huks.getSdkVersion<sup>(deprecated)</sup> 3046 3047getSdkVersion(options: HuksOptions) : string 3048 3049Obtains the SDK version of the current system. 3050 3051> **NOTE** 3052> 3053> This API is deprecated since API version 11. 3054 3055**System capability**: SystemCapability.Security.Huks.Extension 3056 3057**Parameters** 3058 3059| Name | Type | Mandatory| Description | 3060| ------- | ---------- | ---- | ------------------------- | 3061| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.| 3062 3063**Return value** 3064 3065| Type | Description | 3066| ------ | ------------- | 3067| string | SDK version obtained.| 3068 3069**Example** 3070 3071```ts 3072import { huks } from '@kit.UniversalKeystoreKit'; 3073/* Set options to emptyOptions. */ 3074let emptyOptions: huks.HuksOptions = { 3075 properties: [] 3076}; 3077let result = huks.getSdkVersion(emptyOptions); 3078``` 3079 3080## huks.generateKey<sup>(deprecated)</sup> 3081 3082generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3083 3084Generates a key. This API uses an asynchronous callback to return the result. 3085 3086> **NOTE** 3087> 3088> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9). 3089 3090**System capability**: SystemCapability.Security.Huks.Extension 3091 3092**Parameters** 3093 3094| Name | Type | Mandatory| Description | 3095| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3096| keyAlias | string | Yes | Alias of the key. | 3097| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | 3098| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.| 3099 3100**Example** 3101 3102```ts 3103import { huks } from '@kit.UniversalKeystoreKit'; 3104/* Generate an RSA key of 512 bits. */ 3105 3106let keyAlias = 'keyAlias'; 3107let properties: Array<huks.HuksParam> = [ 3108 { 3109 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3110 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3111 }, 3112 { 3113 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3114 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512 3115 }, 3116 { 3117 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3118 value: 3119 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 3120 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3121 }, 3122 { 3123 tag: huks.HuksTag.HUKS_TAG_PADDING, 3124 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3125 }, 3126 { 3127 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3128 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3129 } 3130]; 3131let options: huks.HuksOptions = { 3132 properties: properties 3133}; 3134huks.generateKey(keyAlias, options, (err, data) => { 3135}); 3136``` 3137 3138## huks.generateKey<sup>(deprecated)</sup> 3139 3140generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3141 3142Generates a key. This API uses a promise to return the result. 3143 3144> **NOTE** 3145> 3146> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9-1). 3147 3148**System capability**: SystemCapability.Security.Huks.Extension 3149 3150**Parameters** 3151 3152| Name | Type | Mandatory| Description | 3153| -------- | --------------------------- | ---- | ------------------------ | 3154| keyAlias | string | Yes | Alias of the key. | 3155| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.| 3156 3157**Return value** 3158 3159| Type | Description | 3160| ----------------------------------- | -------------------------------------------------- | 3161| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3162 3163**Example** 3164 3165```ts 3166import { huks } from '@kit.UniversalKeystoreKit'; 3167/* Generate a 256-bit ECC key. */ 3168 3169let keyAlias = 'keyAlias'; 3170let properties: Array<huks.HuksParam> = [ 3171 { 3172 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3173 value: huks.HuksKeyAlg.HUKS_ALG_ECC 3174 }, 3175 { 3176 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3177 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 3178 }, 3179 { 3180 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3181 value: 3182 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 3183 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 3184 }, 3185 { 3186 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3187 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3188 } 3189]; 3190let options: huks.HuksOptions = { 3191 properties: properties 3192}; 3193let result = huks.generateKey(keyAlias, options); 3194``` 3195 3196## huks.deleteKey<sup>(deprecated)</sup> 3197 3198deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3199 3200Deletes a key. This API uses an asynchronous callback to return the result. 3201 3202> **NOTE** 3203> 3204> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9). 3205 3206**System capability**: SystemCapability.Security.Huks.Extension 3207 3208**Parameters** 3209 3210| Name | Type | Mandatory| Description | 3211| -------- | ----------------------------------------- | ---- |----------------------------------------------------| 3212| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 3213| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3214| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. | 3215 3216**Example** 3217 3218```ts 3219import { huks } from '@kit.UniversalKeystoreKit'; 3220/* Set options to emptyOptions. */ 3221let keyAlias = 'keyAlias'; 3222let emptyOptions: huks.HuksOptions = { 3223 properties: [] 3224}; 3225huks.deleteKey(keyAlias, emptyOptions, (err, data) => { 3226}); 3227``` 3228 3229## huks.deleteKey<sup>(deprecated)</sup> 3230 3231deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3232 3233Deletes a key. This API uses a promise to return the result. 3234 3235> **NOTE** 3236> 3237> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9-1). 3238 3239**System capability**: SystemCapability.Security.Huks.Extension 3240 3241**Parameters** 3242 3243| Name | Type | Mandatory| Description | 3244| -------- | ----------- | ---- | ----------------------------------------------------- | 3245| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 3246| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3247 3248**Return value** 3249 3250| Type | Description | 3251| ----------------------------------- | -------------------------------------------------- | 3252| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3253 3254**Example** 3255 3256```ts 3257import { huks } from '@kit.UniversalKeystoreKit'; 3258/* Set options to emptyOptions. */ 3259let keyAlias = 'keyAlias'; 3260let emptyOptions: huks.HuksOptions = { 3261 properties: [] 3262}; 3263let result = huks.deleteKey(keyAlias, emptyOptions); 3264``` 3265 3266## huks.importKey<sup>(deprecated)</sup> 3267 3268importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3269 3270Imports a key in plaintext. This API uses an asynchronous callback to return the result. 3271 3272> **NOTE** 3273> 3274> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9). 3275 3276**System capability**: SystemCapability.Security.Huks.Extension 3277 3278**Parameters** 3279 3280| Name | Type | Mandatory| Description | 3281| -------- | ------------------------ | ---- | ------------------------------------------------- | 3282| keyAlias | string | Yes | Alias of the key.| 3283| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3284| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3285 3286**Example** 3287 3288```ts 3289import { huks } from '@kit.UniversalKeystoreKit'; 3290/* Import a 256-bit AES key. */ 3291 3292let plainTextSize32 = makeRandomArr(32); 3293function makeRandomArr(size: number) { 3294 let arr = new Uint8Array(size); 3295 for (let i = 0; i < size; i++) { 3296 arr[i] = Math.floor(Math.random() * 10); 3297 } 3298 return arr; 3299}; 3300let keyAlias = 'keyAlias'; 3301let properties: Array<huks.HuksParam> = [ 3302 { 3303 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3304 value: huks.HuksKeyAlg.HUKS_ALG_AES 3305 }, 3306 { 3307 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3308 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 3309 }, 3310 { 3311 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3312 value: 3313 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3314 }, 3315 { 3316 tag: huks.HuksTag.HUKS_TAG_PADDING, 3317 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3318 }, 3319 { 3320 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3321 value: huks.HuksCipherMode.HUKS_MODE_ECB 3322 } 3323]; 3324let options: huks.HuksOptions = { 3325 properties: properties, 3326 inData: plainTextSize32 3327}; 3328huks.importKey(keyAlias, options, (err, data) => { 3329}); 3330``` 3331 3332## huks.importKey<sup>(deprecated)</sup> 3333 3334importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3335 3336Imports a key in plaintext. This API uses a promise to return the result. 3337 3338> **NOTE** 3339> 3340> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9-1). 3341 3342**System capability**: SystemCapability.Security.Huks.Extension 3343 3344**Parameters** 3345 3346| Name | Type | Mandatory| Description | 3347| -------- | ----------- | ---- | ------------------------------------ | 3348| keyAlias | string | Yes | Alias of the key.| 3349| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3350 3351**Return value** 3352 3353| Type | Description | 3354| ----------------------------------- | -------------------------------------------------- | 3355| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3356 3357**Example** 3358 3359```ts 3360import { huks } from '@kit.UniversalKeystoreKit'; 3361/* Import an AES key of 128 bits. */ 3362 3363let plainTextSize32 = makeRandomArr(32); 3364function makeRandomArr(size: number) { 3365 let arr = new Uint8Array(size); 3366 for (let i = 0; i < size; i++) { 3367 arr[i] = Math.floor(Math.random() * 10); 3368 } 3369 return arr; 3370}; 3371/* Step 1 Generate a key. */ 3372let keyAlias = 'keyAlias'; 3373let properties: Array<huks.HuksParam> = [ 3374 { 3375 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3376 value: huks.HuksKeyAlg.HUKS_ALG_AES 3377 }, 3378 { 3379 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3380 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 3381 }, 3382 { 3383 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3384 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3385 }, 3386 { 3387 tag: huks.HuksTag.HUKS_TAG_PADDING, 3388 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3389 }, 3390 { 3391 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3392 value: huks.HuksCipherMode.HUKS_MODE_ECB 3393 } 3394]; 3395let huksOptions: huks.HuksOptions = { 3396 properties: properties, 3397 inData: plainTextSize32 3398}; 3399let result = huks.importKey(keyAlias, huksOptions); 3400``` 3401 3402## huks.exportKey<sup>(deprecated)</sup> 3403 3404exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3405 3406Exports a key. This API uses an asynchronous callback to return the result. 3407 3408> **NOTE** 3409> 3410> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9). 3411 3412**System capability**: SystemCapability.Security.Huks.Extension 3413 3414**Parameters** 3415 3416| Name | Type | Mandatory| Description | 3417| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3418| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3419| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3420| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3421 3422**Example** 3423 3424```ts 3425import { huks } from '@kit.UniversalKeystoreKit'; 3426/* Set options to emptyOptions. */ 3427let keyAlias = 'keyAlias'; 3428let emptyOptions: huks.HuksOptions = { 3429 properties: [] 3430}; 3431huks.exportKey(keyAlias, emptyOptions, (err, data) => { 3432}); 3433``` 3434 3435## huks.exportKey<sup>(deprecated)</sup> 3436 3437exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3438 3439Exports a key. This API uses a promise to return the result. 3440 3441> **NOTE** 3442> 3443> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9-1). 3444 3445**System capability**: SystemCapability.Security.Huks.Extension 3446 3447**Parameters** 3448 3449| Name | Type | Mandatory| Description | 3450| -------- | ----------- | ---- | ------------------------------------------------------------ | 3451| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3452| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3453 3454**Return value** 3455 3456| Type | Description | 3457| ----------------------------------- | ------------------------------------------------------------ | 3458| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3459 3460**Example** 3461 3462```ts 3463import { huks } from '@kit.UniversalKeystoreKit'; 3464/* Set options to emptyOptions. */ 3465let keyAlias = 'keyAlias'; 3466let emptyOptions: huks.HuksOptions = { 3467 properties: [] 3468}; 3469let result = huks.exportKey(keyAlias, emptyOptions); 3470``` 3471 3472## huks.getKeyProperties<sup>(deprecated)</sup> 3473 3474getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3475 3476Obtains key properties. This API uses an asynchronous callback to return the result. 3477 3478> **NOTE** 3479> 3480> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9). 3481 3482**System capability**: SystemCapability.Security.Huks.Extension 3483 3484**Parameters** 3485 3486| Name | Type | Mandatory| Description | 3487| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3488| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3489| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3490| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.| 3491 3492**Example** 3493 3494```ts 3495import { huks } from '@kit.UniversalKeystoreKit'; 3496/* Set options to emptyOptions. */ 3497let keyAlias = 'keyAlias'; 3498let emptyOptions: huks.HuksOptions = { 3499 properties: [] 3500}; 3501huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => { 3502}); 3503``` 3504 3505## huks.getKeyProperties<sup>(deprecated)</sup> 3506 3507getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3508 3509Obtains key properties. This API uses a promise to return the result. 3510 3511> **NOTE** 3512> 3513> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9-1). 3514 3515**System capability**: SystemCapability.Security.Huks.Extension 3516 3517**Parameters** 3518 3519| Name | Type | Mandatory| Description | 3520| -------- | ----------- | ---- | ------------------------------------------------------------ | 3521| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3522| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3523 3524**Return value** 3525 3526| Type | Description | 3527| ------------------ | ------------------------------------------------------------ | 3528| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** returns the parameters required for generating the key. If the operation fails, an error code is returned.| 3529 3530**Example** 3531 3532```ts 3533import { huks } from '@kit.UniversalKeystoreKit'; 3534/* Set options to emptyOptions. */ 3535let keyAlias = 'keyAlias'; 3536let emptyOptions: huks.HuksOptions = { 3537 properties: [] 3538}; 3539let result = huks.getKeyProperties(keyAlias, emptyOptions); 3540``` 3541 3542## huks.isKeyExist<sup>(deprecated)</sup> 3543 3544isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 3545 3546Checks whether a key exists. This API uses an asynchronous callback to return the result. 3547 3548> **NOTE** 3549> 3550> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9). 3551 3552**System capability**: SystemCapability.Security.Huks.Extension 3553 3554**Parameters** 3555 3556| Name | Type | Mandatory| Description | 3557| -------- | ---------------------- | ---- | ------------------------------------- | 3558| keyAlias | string | Yes | Alias of the key to check.| 3559| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3560| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3561 3562**Example** 3563 3564```ts 3565import { huks } from '@kit.UniversalKeystoreKit'; 3566/* Set options to emptyOptions. */ 3567let keyAlias = 'keyAlias'; 3568let emptyOptions: huks.HuksOptions = { 3569 properties: [] 3570}; 3571huks.isKeyExist(keyAlias, emptyOptions, (err, data) => { 3572}); 3573``` 3574 3575## huks.isKeyExist<sup>(deprecated)</sup> 3576 3577isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 3578 3579Checks whether a key exists. This API uses a promise to return the result. 3580 3581> **NOTE** 3582> 3583> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9-1). 3584 3585**System capability**: SystemCapability.Security.Huks.Extension 3586 3587**Parameters** 3588 3589| Name | Type | Mandatory| Description | 3590| -------- | ----------- | ---- | -------------------------------- | 3591| keyAlias | string | Yes | Alias of the key to check.| 3592| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3593 3594**Return value** 3595 3596| Type | Description | 3597| ----------------- | --------------------------------------- | 3598| Promise\<boolean> | Promise used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3599 3600**Example** 3601 3602```ts 3603import { huks } from '@kit.UniversalKeystoreKit'; 3604/* Set options to emptyOptions. */ 3605let keyAlias = 'keyAlias'; 3606let emptyOptions: huks.HuksOptions = { 3607 properties: [] 3608}; 3609let result = huks.isKeyExist(keyAlias, emptyOptions); 3610``` 3611 3612## huks.init<sup>(deprecated)</sup> 3613 3614init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksHandle>) : void 3615 3616Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3617 3618> **NOTE** 3619> 3620> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3621 3622**System capability**: SystemCapability.Security.Huks.Extension 3623 3624**Parameters** 3625 3626| Name | Type | Mandatory| Description | 3627| -------- | ---------------------- | ---- | ------------------------------------- | 3628| keyAlias | string | Yes | Alias of the target key.| 3629| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3630| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback used to return a session handle for subsequent operations.| 3631 3632## huks.init<sup>(deprecated)</sup> 3633 3634init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> 3635 3636Initializes a session for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3637 3638> **NOTE** 3639> 3640> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3641 3642**System capability**: SystemCapability.Security.Huks.Extension 3643 3644**Parameters** 3645 3646| Name | Type | Mandatory| Description | 3647| -------- | ---------------------- | ---- | ------------------------------------- | 3648| keyAlias | string | Yes | Alias of the target key.| 3649| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3650 3651**Return value** 3652 3653| Type | Description | 3654| ----------------------------------- | -------------------------------------------------- | 3655| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return a session handle for subsequent operations.| 3656 3657## huks.update<sup>(deprecated)</sup> 3658 3659update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3660 3661Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3662 3663> **NOTE** 3664> 3665> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-1). 3666 3667**System capability**: SystemCapability.Security.Huks.Extension 3668 3669**Parameters** 3670 3671| Name | Type | Mandatory| Description | 3672| -------- | ----------------------------------------- | ---- | -------------------------------------------- | 3673| handle | number | Yes | Handle for the **update** operation. | 3674| token | Uint8Array | No | Token of the **update** operation. | 3675| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3676| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the **update** operation result.| 3677 3678## huks.update<sup>(deprecated)</sup> 3679 3680update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>; 3681 3682Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3683 3684> **NOTE** 3685> 3686> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-2). 3687 3688**System capability**: SystemCapability.Security.Huks.Extension 3689 3690**Parameters** 3691 3692| Name | Type | Mandatory| Description | 3693| ------- | ----------------------------------- | ---- | -------------------------------------------- | 3694| handle | number | Yes | Handle for the **update** operation. | 3695| token | Uint8Array | No | Token of the **update** operation. | 3696| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3697 3698**Return value** 3699 3700| Type | Description | 3701| ----------------------------------- | -------------------------------------------------- | 3702| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **update** operation result.| 3703 3704## huks.finish<sup>(deprecated)</sup> 3705 3706finish(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3707 3708Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3709 3710> **NOTE** 3711> 3712> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9). 3713 3714**System capability**: SystemCapability.Security.Huks.Extension 3715 3716**Parameters** 3717 3718| Name | Type | Mandatory| Description | 3719| -------- | ---------------------- | ---- | ------------------------------------- | 3720| handle | number | Yes | Handle for the **finish** operation.| 3721| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3722| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **finish** operation result.| 3723 3724## huks.finish<sup>(deprecated)</sup> 3725 3726finish(handle: number, options: HuksOptions) : Promise\<HuksResult> 3727 3728Finishes the key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3729 3730> **NOTE** 3731> 3732> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9-1). 3733 3734**System capability**: SystemCapability.Security.Huks.Extension 3735 3736**Parameters** 3737 3738| Name | Type | Mandatory| Description | 3739| -------- | ---------------------- | ---- | ------------------------------------- | 3740| handle | number | Yes | Handle for the **finish** operation.| 3741| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3742 3743**Return value** 3744 3745| Type | Description | 3746| ----------------------------------- | -------------------------------------------------- | 3747| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.| 3748 3749## huks.abort<sup>(deprecated)</sup> 3750 3751abort(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3752 3753Aborts the use of the key. This API uses an asynchronous callback to return the result. 3754 3755> **NOTE** 3756> 3757> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9). 3758 3759**System capability**: SystemCapability.Security.Huks.Extension 3760 3761**Parameters** 3762 3763| Name | Type | Mandatory| Description | 3764| -------- | ---------------------- | ---- | ------------------------------------- | 3765| handle | number | Yes | Handle for the **abort** operation.| 3766| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3767| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the **abort** operation result.| 3768 3769**Example** 3770 3771```ts 3772import { huks } from '@kit.UniversalKeystoreKit'; 3773/* huks.init, huks.update, and huks.finish must be used together. 3774 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3775 * 3776 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 3777 */ 3778 3779let keyAlias = "HuksDemoRSA"; 3780let properties: Array<huks.HuksParam> = []; 3781let options: huks.HuksOptions = { 3782 properties: properties, 3783 inData: new Uint8Array(0) 3784}; 3785let handle: number = 0; 3786let resultMessage = ""; 3787async function generateKey() { 3788 properties[0] = { 3789 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3790 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3791 }; 3792 properties[1] = { 3793 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3794 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3795 }; 3796 properties[2] = { 3797 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3798 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3799 }; 3800 properties[3] = { 3801 tag: huks.HuksTag.HUKS_TAG_PADDING, 3802 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3803 }; 3804 properties[4] = { 3805 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3806 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3807 }; 3808 huks.generateKey(keyAlias, options); 3809} 3810function stringToUint8Array(str: string) { 3811 let arr: number[] = []; 3812 for (let i = 0, j = str.length; i < j; ++i) { 3813 arr.push(str.charCodeAt(i)); 3814 } 3815 let tmpUint8Array = new Uint8Array(arr); 3816 return tmpUint8Array; 3817} 3818async function huksInit() { 3819 await huks.init(keyAlias, options).then((data) => { 3820 console.info(`test init data: ${JSON.stringify(data)}`); 3821 handle = data.handle; 3822 }).catch((err) => { 3823 console.error("test init err information: " + JSON.stringify(err)) 3824 }) 3825} 3826async function huksUpdate() { 3827 options.inData = stringToUint8Array("huksHmacTest"); 3828 await huks.update(handle, options.inData, options).then((data) => { 3829 if (data.errorCode === 0) { 3830 resultMessage += "update success!"; 3831 } else { 3832 resultMessage += "update fail!"; 3833 } 3834 }); 3835 console.info(resultMessage); 3836} 3837function huksFinish() { 3838 options.inData = stringToUint8Array("HuksDemoHMAC"); 3839 huks.finish(handle, options).then((data) => { 3840 if (data.errorCode === 0) { 3841 resultMessage = "finish success!"; 3842 console.info(resultMessage); 3843 } else { 3844 resultMessage = "finish fail errorCode: " + data.errorCode; 3845 console.error(resultMessage); 3846 } 3847 }).catch((err) => { 3848 resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err) 3849 }); 3850} 3851async function huksAbort() { 3852 new Promise<huks.HuksResult>((resolve, reject) => { 3853 huks.abort(handle, options, (err, data) => { 3854 console.info(`huksAbort data ${JSON.stringify(data)}`); 3855 console.error(`huksAbort err ${JSON.stringify(err)}`); 3856 }); 3857 }); 3858} 3859``` 3860 3861## huks.abort<sup>(deprecated)</sup> 3862 3863abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; 3864 3865Aborts the use of the key. This API uses a promise to return the result. 3866 3867> **NOTE** 3868> 3869> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9-1). 3870 3871**System capability**: SystemCapability.Security.Huks.Extension 3872 3873**Parameters** 3874 3875| Name | Type | Mandatory| Description | 3876| -------- | ---------------------- | ---- | ------------------------------------- | 3877| handle | number | Yes | Handle for the **abort** operation.| 3878| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3879 3880**Return value** 3881 3882| Type | Description | 3883| ----------------------------------- | -------------------------------------------------- | 3884| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **abort** operation result.| 3885 3886**Example** 3887 3888```ts 3889import { huks } from '@kit.UniversalKeystoreKit'; 3890/* huks.init, huks.update, and huks.finish must be used together. 3891 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3892 * 3893 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 3894 */ 3895let keyAlias = "HuksDemoRSA"; 3896let properties: Array<huks.HuksParam> = []; 3897let options: huks.HuksOptions = { 3898 properties: properties, 3899 inData: new Uint8Array(0) 3900}; 3901let handle: number = 0; 3902let resultMessage = ""; 3903 3904function stringToUint8Array(str: string) { 3905 let arr: number[] = []; 3906 for (let i = 0, j = str.length; i < j; ++i) { 3907 arr.push(str.charCodeAt(i)); 3908 } 3909 let tmpUint8Array = new Uint8Array(arr); 3910 return tmpUint8Array; 3911} 3912 3913async function generateKey() { 3914 properties[0] = { 3915 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3916 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3917 }; 3918 properties[1] = { 3919 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3920 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3921 }; 3922 properties[2] = { 3923 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3924 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3925 }; 3926 properties[3] = { 3927 tag: huks.HuksTag.HUKS_TAG_PADDING, 3928 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3929 }; 3930 properties[4] = { 3931 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3932 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3933 }; 3934 huks.generateKey(keyAlias, options, (err, data) => { 3935 }); 3936} 3937 3938async function huksInit() { 3939 return new Promise<huks.HuksHandle>((resolve, reject) => { 3940 huks.init(keyAlias, options, async (err, data) => { 3941 if (data.errorCode === 0) { 3942 resultMessage = "init success!" 3943 handle = data.handle; 3944 } else { 3945 resultMessage = "init fail errorCode: " + data.errorCode 3946 } 3947 }); 3948 }); 3949} 3950 3951async function huksUpdate() { 3952 options.inData = stringToUint8Array("huksHmacTest"); 3953 new Promise<huks.HuksResult>((resolve, reject) => { 3954 huks.update(handle, options.inData, options, (err, data) => { 3955 if (data.errorCode === 0) { 3956 resultMessage += "update success!"; 3957 console.info(resultMessage); 3958 } else { 3959 resultMessage += "update fail!"; 3960 console.error(resultMessage); 3961 } 3962 }); 3963 }); 3964 3965} 3966 3967async function huksFinish() { 3968 options.inData = stringToUint8Array("0"); 3969 new Promise<huks.HuksResult>((resolve, reject) => { 3970 huks.finish(handle, options, (err, data) => { 3971 if (data.errorCode === 0) { 3972 resultMessage = "finish success!"; 3973 } else { 3974 resultMessage = "finish fail errorCode: " + data.errorCode; 3975 } 3976 }); 3977 }); 3978} 3979 3980function huksAbort() { 3981 huks.abort(handle, options).then((data) => { 3982 if (data.errorCode === 0) { 3983 console.info("abort success!"); 3984 } else { 3985 console.error("abort fail errorCode: " + data.errorCode); 3986 } 3987 }).catch((err: Error) => { 3988 console.error("abort fail, catch errorMessage:" + JSON.stringify(err)); 3989 }); 3990} 3991``` 3992 3993## HuksHandle<sup>(deprecated)</sup> 3994 3995Defines the struct for a HUKS handle. 3996 3997**System capability**: SystemCapability.Security.Huks.Extension 3998 3999> **NOTE** 4000> 4001> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle<sup>9+</sup>](#hukssessionhandle9). 4002 4003| Name | Type | Mandatory| Description | 4004| ---------- | ---------------- | ---- | -------- | 4005| errorCode | number | Yes | Error code.| 4006| handle | number | Yes| Value of the handle.| 4007| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.| 4008 4009## HuksResult<sup>(deprecated)</sup> 4010 4011Defines the **HuksResult** struct. 4012 4013**System capability**: SystemCapability.Security.Huks.Extension 4014 4015> **NOTE** 4016> 4017> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult<sup>9+</sup>](#huksreturnresult9). 4018> - For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 4019 4020| Name | Type | Mandatory| Description | 4021| ---------- | ------------------------------- | ---- | ---------------- | 4022| errorCode | number | Yes | Error code. | 4023| outData | Uint8Array | No | Output data. | 4024| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 4025| certChains | Array\<string> | No | Certificate chain information.| 4026 4027## HuksErrorCode<sup>(deprecated)</sup> 4028 4029Enumerates the error codes. 4030 4031**System capability**: SystemCapability.Security.Huks.Extension 4032 4033> **NOTE** 4034> 4035> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode<sup>9+</sup>](#huksexceptionerrcode9). 4036 4037| Name | Value | Description| 4038| -------------------------- | ----- | ---- | 4039| HUKS_SUCCESS | 0 |Success.| 4040| HUKS_FAILURE | -1 |Failure.| 4041| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.| 4042| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.| 4043| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.| 4044| HUKS_ERROR_NO_PERMISSION | -5 |No permission.| 4045| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.| 4046| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.| 4047| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.| 4048| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.| 4049| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.| 4050| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.| 4051| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.| 4052| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.| 4053| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.| 4054| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.| 4055| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.| 4056| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.| 4057| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.| 4058| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.| 4059| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.| 4060| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.| 4061| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.| 4062| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.| 4063| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.| 4064| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.| 4065| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.| 4066| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.| 4067| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.| 4068| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.| 4069| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.| 4070| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.| 4071| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.| 4072| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.| 4073| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.| 4074| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFuse.| 4075| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.| 4076| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.| 4077| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.| 4078| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. | 4079| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.| 4080| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.| 4081| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.| 4082| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.| 4083| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.| 4084| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.| 4085| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.| 4086| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).| 4087| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.| 4088| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.| 4089| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.| 4090| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.| 4091| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.| 4092| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.| 4093| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.| 4094| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.| 4095| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.| 4096| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.| 4097| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.| 4098| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.| 4099| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.| 4100| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.| 4101| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.| 4102| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.| 4103| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.| 4104| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.| 4105| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.| 4106