1# Introduction to Universal Keystore Kit
2
3Universal Keystore Kit (referred to as HUKS) provides applications and services with unified secure key operations, including key management (key generation/destruction, key import, key attestation, key agreement, and key derivation) and key use (encryption/decryption, signing/signature verification, and access control).
4
5The keys managed by HUKS can be imported by a service or an application or generated by invoking HUKS APIs. HUKS also provides the key access control, which ensures secure and authorized access to the keys in HUKS.
6
7## HUKS Architecture
8
9The HUKS module consists of the following:
10
11- SDK: provides key management APIs. You can use ArkTS or C APIs based on your services.
12
13- HUKS service layer: implements key session management and storage management.
14
15- HUKS core layer: implements core functionalities, including cryptographic operations, encryption and decryption, and key access control.
16  > **NOTE**
17  > The HUKS core layer must run in a secure environment, such as the [TEE](huks-concepts.md) or secure chipset of a system or device. The secure environment depends on the hardware. The implementation in the open source repository is simulated, and subject to adaptation by OEM vendors.
18
19![en_image_0000001736030930](figures/huks_architecture.png)
20
21
22## Core Functionalities
23
24HUKS provides the following key management functionalities throughout their lifecycle.
25
26
27### Key Generation
28
29| Functionality| Description|
30| -------- | -------- |
31| [Key generation](huks-key-generation-overview.md) | Generates a key randomly. During the lifecycle of the key, the plaintext of the key can be accessed only in the secure environment and cannot be exposed out of the secure environment.|
32| [Key import](huks-key-import-overview.md) | Imports an externally generated key to HUKS for management.|
33
34
35### Key Use
36
37| Functionality| Description|
38| -------- | -------- |
39| [Encryption and decryption](huks-encryption-decryption-overview.md) | Encrypts plaintext into ciphertext using a key, or decrypts ciphertext into plaintext using a key.|
40| [Signing and signature verification](huks-signing-signature-verification-overview.md) | Generates a digital signature, which confirms the data authenticity (the message came from the stated sender).|
41| [Key agreement](huks-key-agreement-overview.md) | Allows two or more parties to jointly establish a shared key in a non-secure environment.|
42| [Key derivation](huks-key-derivation-overview.md) | Derives one or more secrete keys from a key.|
43| [Key access control](huks-identity-authentication-overview.md) | Prevents unauthorized access to the keys in HUKS.|
44
45
46### Key Deletion
47
48| Functionality| Description|
49| -------- | -------- |
50| [Key deletion](huks-delete-key-arkts.md) | Securely deletes key data from HUKS.|
51
52
53### Key Attestation
54
55| Functionality| Description|
56| -------- | -------- |
57| [Key attestation](huks-key-attestation-overview.md) | Issues a certificate for the public key in an asymmetric key pair stored in HUKS to prove the validity of the key (the key is generated in a secure environment).|
58
59
60## Related Kits
61
62[Key access control](huks-identity-authentication-overview.md) depends on [User Authentication Kit](../UserAuthenticationKit/user-authentication-overview.md).
63
64