1# HUKS Changelog
2
3## cl.huks.1 HUKS Supports RsaPssSaltLengthType
4
5Before the change, the HUKS uses **RSA_PSS_SALT_LEN_MAX** for signing or signature verification by default.
6
7After the change, the type defined by **HuksRsaPssSaltLenType** is passed in for signature or signature verification. If **HuksRsaPssSaltLenType** is not passed in, **RSA_PSS_SALT_LEN_MAX** is used by default.
8
9**Change Impact**
10
11Behaviors of released JavaScript APIs have been changed.
12
13**Key API/Component Changes**
14
15Released JavaScript APIs remain unchanged, but the parameter set passed to the APIs are changed.
16
17**Adaptation Guide**
18
19The following uses RSA signing as an example.
20
21```js
22import huks from '@ohos.security.huks';
23
24let keyAlias = 'rsa_Key';
25let inData = new Uint8Array(
26    0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF,
27    0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3,
28);
29/* Parameters for signing */
30let signProperties = new Array();
31signProperties[0] = {
32    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
33    value: huks.HuksKeyAlg.HUKS_ALG_RSA,
34}
35signProperties[1] = {
36    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
37    value:
38    huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN
39}
40signProperties[2] = {
41    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
42    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048,
43}
44signProperties[3] = {
45    tag: huks.HuksTag.HUKS_TAG_PADDING,
46    value: huks.HuksKeyPadding.HUKS_PADDING_PSS,
47}
48signProperties[4] = {
49    tag: huks.HuksTag.HUKS_TAG_DIGEST,
50    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA1,
51}
52signProperties[5] = {
53    tag: huks.HuksTag.HUKS_TAG_RSA_PSS_SALT_LEN_TYPE,
54    value: huks.HuksRsaPssSaltLenType.HUKS_RSA_PSS_SALT_LEN_MAX,
55}
56let signOptions = {
57    properties: signProperties,
58    inData: inData
59}
60
61huks.initSession(keyAlias, signOptions);
62```
63
64For more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
65
66## cl.huks.2 Resolved the Issues in Storage or Export of Derived or Agreed Keys
67
68Before the change, the HUKS supports storage and export of derived keys and agreed keys, which poses security risks.
69
70After the change, the application needs to pass in **HuksKeyStorageType** for key derivation or key agreement. Only storage or export is allowed at a time. If this parameter is not passed in, both storage and export are supported by default, which poses security risks and is not recommended.
71
72**Change Impact**
73
74Behaviors of released JavaScript APIs have been changed.
75
76**Key API/Component Changes**
77
78Released JavaScript APIs remain unchanged, but the parameter set passed to the APIs are changed.
79
80**Adaptation Guide**
81
82For more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
83
84## cl.huks.3 Adding Tags for Fine-grained User Identity Access Control
85
86Added **HUKS_TAG_KEY_AUTH_PURPOSE** to **HuksTag** for fine-grained user identity access control. This tag specifies the user identity authentication used for specific algorithm.
87
88**Change Impact**
89
90The new HuksTag does not affect existing APIs.
91
92**Key API/Component Changes**
93
94**HuksTag** is added with **HUKS_TAG_KEY_AUTH_PURPOSE** to support fine-grained user identity access control.
95
96**Adaptation Guide**
97
98For more information, see [Fine-grained User Identity Authentication](../../../application-dev/security/huks-guidelines.md#fine-grained-user-identity-authentication) and [HuksTag](../../../application-dev/reference/apis/js-apis-huks.md#hukstag).
99