1# Security Subsystem - Key Management Service Changelog 2 3## cl.security.1 Permission Change on the Key Attestation APIs 4 5**Access Level** 6 7Public API 8 9**Reason for Change** 10 11The public key of the end-entity certificate (device certificate) in the certificate chain obtained by using the key attestation API can be used as the unique identifier of a device, which imposes privacy leakage risks. For security purposes, a permission is required for calling these APIs. 12 13**Change Impact** 14 15This change is a non-compatible change. Adaptation is required. 16 17**API level** 18 199 20 21**Change Since** 22 23OpenHarmony SDK 4.1.5.3 24 25**Key API/Component Changes** 26 27| Involved APIs| Before the Change| After the Change| 28| ------- | ----- | ------ | 29| attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>) : void | No permission is required. | The ohos.permission.ATTEST_KEY permission is required.| 30| attestKeyItem(keyAlias: string, options: HuksOptions) : Promise<HuksReturnResult> | No permission is required. | The ohos.permission.ATTEST_KEY permission is required.| 31| struct OH_Huks_Result OH_Huks_AttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain) | No permission is required. | The ohos.permission.ATTEST_KEY permission is required.| 32 33**Adaptation Guide** 34 35Method 1: Use the following APIs for key attestation. 36| API| 37| ------- | 38| anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback<HuksReturnResult>): void; | 39| anonAttestKeyItem(keyAlias: string, options: HuksOptions): Promise<HuksReturnResult> | 40| struct OH_Huks_Result OH_Huks_AnonAttestKeyItem(const struct OH_Huks_Blob *keyAlias, const struct OH_Huks_ParamSet *paramSet, struct OH_Huks_CertChain *certChain) | 41 42Method 2: Request the ohos.permission.ATTEST_KEY permission for your application. This permission is available only to system applications. 43 44