1# Security Subsystem - Key Management Service Changelog
2
3## cl.security.1 Permission Change on the Key Attestation APIs
4
5**Access Level**
6
7Public API
8
9**Reason for Change**
10
11The public key of the end-entity certificate (device certificate) in the certificate chain obtained by using the key attestation API can be used as the unique identifier of a device, which imposes privacy leakage risks. For security purposes, a permission is required for calling these APIs.
12
13**Change Impact**
14
15This change is a non-compatible change. Adaptation is required.
16
17**API level**
18
199
20
21**Change Since**
22
23OpenHarmony SDK 4.1.5.3
24
25**Key API/Component Changes**
26
27| Involved APIs| Before the Change| After the Change|
28| ------- | ----- | ------ |
29| attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void | No permission    is required. | The ohos.permission.ATTEST_KEY permission is required.|
30| attestKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult> | No permission    is required. | The ohos.permission.ATTEST_KEY permission is required.|
31| struct OH_Huks_Result OH_Huks_AttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain) | No permission    is required. | The ohos.permission.ATTEST_KEY permission is required.|
32
33**Adaptation Guide**
34
35Method 1: Use the following APIs for key attestation.
36| API|
37| ------- |
38| anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>): void; |
39| anonAttestKeyItem(keyAlias: string, options: HuksOptions): Promise<HuksReturnResult> |
40| struct OH_Huks_Result OH_Huks_AnonAttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain) |
41
42Method 2: Request the ohos.permission.ATTEST_KEY permission for your application. This permission is available only to system applications.
43
44