1# Non-anonymous Key Attestation (ArkTS) 2 3The caller must have the [ohos.permission.ATTEST_KEY](../AccessToken/permissions-for-system-apps.md#ohospermissionattest_key) permission. You need to request the permission based on the APL of your permission. For details, see [Workflow for Requesting Permissions](../AccessToken/determine-application-mode.md). 4 5## How to Develop 6 71. Set the key alias (**keyAlias**), which cannot exceed 128 bytes. 8 92. Initializes a parameter set. 10 11 The **properties** field in [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions) must contain [HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag). Optional parameters include [HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag) and [HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag). 12 133. Generate an asymmetric key. For details, see [Key Generation](huks-key-generation-overview.md). 14 154. Use [huks.attestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksattestkeyitem9) with the key alias and parameter set to perform key attestation. 16 17```ts 18/* 19 * Perform non-anonymous key attestation. This example uses promise-based APIs. 20 */ 21import { huks } from '@kit.UniversalKeystoreKit'; 22 23/* 1. Set the key alias. */ 24let keyAliasString = "key attest"; 25let aliasString = keyAliasString; 26let aliasUint8 = StringToUint8Array(keyAliasString); 27let securityLevel = StringToUint8Array('sec_level'); 28let challenge = StringToUint8Array('challenge_data'); 29let versionInfo = StringToUint8Array('version_info'); 30let attestCertChain: Array<string>; 31 32class throwObject { 33 isThrow: boolean = false; 34} 35 36/* Encapsulate the key parameter set. */ 37let genKeyProperties: Array<huks.HuksParam> = [ 38 { 39 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 40 value: huks.HuksKeyAlg.HUKS_ALG_RSA 41 }, 42 { 43 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 44 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 45 }, 46 { 47 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 48 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 49 }, 50 { 51 tag: huks.HuksTag.HUKS_TAG_DIGEST, 52 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 53 }, 54 { 55 tag: huks.HuksTag.HUKS_TAG_PADDING, 56 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 57 }, 58 { 59 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 60 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 61 }, 62 { 63 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 64 value: huks.HuksCipherMode.HUKS_MODE_ECB 65 } 66] 67let genOptions: huks.HuksOptions = { 68 properties: genKeyProperties 69}; 70 71/* 2. Encapsulate the parameter set for key attestation. */ 72let attestKeyproperties: Array<huks.HuksParam> = [ 73 { 74 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 75 value: securityLevel 76 }, 77 { 78 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 79 value: challenge 80 }, 81 { 82 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 83 value: versionInfo 84 }, 85 { 86 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 87 value: aliasUint8 88 } 89] 90let huksOptions: huks.HuksOptions = { 91 properties: attestKeyproperties 92}; 93 94function StringToUint8Array(str: string) { 95 let arr: number[] = []; 96 for (let i = 0, j = str.length; i < j; ++i) { 97 arr.push(str.charCodeAt(i)); 98 } 99 return new Uint8Array(arr); 100} 101 102function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 103 return new Promise<void>((resolve, reject) => { 104 try { 105 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 106 if (error) { 107 reject(error); 108 } else { 109 resolve(data); 110 } 111 }); 112 } catch (error) { 113 throwObject.isThrow = true; 114 throw (error as Error); 115 } 116 }); 117} 118 119/* 3. Generate a key. */ 120async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 121 console.info(`enter promise generateKeyItem`); 122 let throwObject: throwObject = { isThrow: false }; 123 try { 124 await generateKeyItem(keyAlias, huksOptions, throwObject) 125 .then((data) => { 126 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 127 }) 128 .catch((error: Error) => { 129 if (throwObject.isThrow) { 130 throw (error as Error); 131 } else { 132 console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`); 133 } 134 }); 135 } catch (error) { 136 console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`); 137 } 138} 139 140/* 4. Attest the key. */ 141function attestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 142 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 143 try { 144 huks.attestKeyItem(keyAlias, huksOptions, (error, data) => { 145 if (error) { 146 reject(error); 147 } else { 148 resolve(data); 149 } 150 }); 151 } catch (error) { 152 throwObject.isThrow = true; 153 throw (error as Error); 154 } 155 }); 156} 157 158async function publicAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 159 console.info(`enter promise attestKeyItem`); 160 let throwObject: throwObject = { isThrow: false }; 161 try { 162 await attestKeyItem(keyAlias, huksOptions, throwObject) 163 .then((data) => { 164 console.info(`promise: attestKeyItem success, data = ${JSON.stringify(data)}`); 165 if (data !== null && data.certChains !== null) { 166 attestCertChain = data.certChains as string[]; 167 } 168 }) 169 .catch((error: Error) => { 170 if (throwObject.isThrow) { 171 throw (error as Error); 172 } else { 173 console.error(`promise: attestKeyItem failed, ${JSON.stringify(error)}`); 174 } 175 }); 176 } catch (error) { 177 console.error(`promise: attestKeyItem input arg invalid, ${JSON.stringify(error)}`); 178 } 179} 180 181async function AttestKeyTest() { 182 await publicGenKeyFunc(aliasString, genOptions); 183 await publicAttestKey(aliasString, huksOptions); 184 console.info('attest certChain data: ' + attestCertChain) 185} 186``` 187