1# Security Subsystem Changelog
2
3## cl.security.1 Change of setSeed() from Asynchronous to Synchronous
4
5**Change Impact**
6
7Behavior of released JavaScript APIs will be changed.
8The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
9
10**Key API/Component Changes**
11API before the change:
12setSeed(seed : DataBlob, callback : AsyncCallback\<void>) : void;
13setSeed(seed : DataBlob) : Promise\<void>;
14API after the change:
15setSeed(seed : DataBlob) : void;
16
17**Adaptation Guide**
18See **setSeed()** in the following:
19[Crypto Framework](../../../application-dev/reference/apis/js-apis-cryptoFramework.md)
20
21
22## cl.security.2 Move of DataArray from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
23**Change Impact**
24
25Behavior of released JavaScript APIs will be changed.
26The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
27
28**Key API/Component Changes**
29Moved **DataArray** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
30
31**Adaptation Guide**
32Import and use the new .d.ts file:
33import cryptoCert from '@ohos.security.cert';
34See the following API reference:
35[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
36
37
38## cl.security.3 Move of EncodingFormat from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
39**Change Impact**
40
41Behavior of released JavaScript APIs will be changed.
42The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
43
44**Key API/Component Changes**
45Moved **EncodingFormat** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
46
47**Adaptation Guide**
48Import and use the new .d.ts file:
49import cryptoCert from '@ohos.security.cert';
50See the following API reference:
51[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
52
53
54## cl.security.4 Move of EncodingBlob from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
55**Change Impact**
56
57Behavior of released JavaScript APIs will be changed.
58The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
59
60**Key API/Component Changes**
61Moved **EncodingBlob** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
62
63**Adaptation Guide**
64Import and use the new .d.ts file:
65import cryptoCert from '@ohos.security.cert';
66See the following API reference:
67[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
68
69
70## cl.security.5 Move of CertChainData from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
71**Change Impact**
72
73Behavior of released JavaScript APIs will be changed.
74The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
75
76**Key API/Component Changes**
77Moved **interface CertChainData** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
78
79**Adaptation Guide**
80Import and use the new .d.ts file:
81import cryptoCert from '@ohos.security.cert';
82See the following API reference:
83[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
84
85
86## cl.security.6 Move of X509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
87**Change Impact**
88
89Behavior of released JavaScript APIs will be changed.
90The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
91
92**Key API/Component Changes**
93Moved **X509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
94
95**Adaptation Guide**
96Import and use the new .d.ts file:
97import cryptoCert from '@ohos.security.cert';
98See the following API reference:
99[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
100
101
102## cl.security.7 Move of createX509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
103**Change Impact**
104
105Behavior of released JavaScript APIs will be changed.
106The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
107
108**Key API/Component Changes**
109Moved **createX509Cert** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
110
111**Adaptation Guide**
112Import and use the new .d.ts file:
113import cryptoCert from '@ohos.security.cert';
114See the following API reference:
115[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
116
117
118## cl.security.8 Move of X509CrlEntry from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
119**Change Impact**
120
121Behavior of released JavaScript APIs will be changed.
122The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
123
124**Key API/Component Changes**
125Moved **X509CrlEntry** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
126
127**Adaptation Guide**
128Import and use the new .d.ts file:
129import cryptoCert from '@ohos.security.cert';
130See the following API reference:
131[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
132
133
134## cl.security.9 Move of X509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
135**Change Impact**
136
137Behavior of released JavaScript APIs will be changed.
138The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
139
140**Key API/Component Changes**
141Moved **X509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
142
143**Adaptation Guide**
144Import and use the new .d.ts file:
145import cryptoCert from '@ohos.security.cert';
146See the following API reference:
147[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
148
149
150## cl.security.10 Move of createX509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
151**Change Impact**
152
153Behavior of released JavaScript APIs will be changed.
154The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
155
156**Key API/Component Changes**
157Moved **createX509Crl** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
158
159**Adaptation Guide**
160Import and use the new .d.ts file:
161import cryptoCert from '@ohos.security.cert';
162See the following API reference:
163[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
164
165
166## cl.security.11 Move of CertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
167**Change Impact**
168
169Behavior of released JavaScript APIs will be changed.
170The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
171
172**Key API/Component Changes**
173Moved **CertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
174
175**Adaptation Guide**
176Import and use the new .d.ts file:
177import cryptoCert from '@ohos.security.cert';
178See the following API reference:
179[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
180
181
182## cl.security.12 Move of createCertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
183**Change Impact**
184
185Behavior of released JavaScript APIs will be changed.
186The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
187
188**Key API/Component Changes**
189Moved **createCertChainValidator** from **@ohos.security.cryptoFramework.d.ts** to **@ohos.security.cert.d.ts**.
190
191**Adaptation Guide**
192Import and use the new .d.ts file:
193import cryptoCert from '@ohos.security.cert';
194See the following API reference:
195[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
196
197
198## cl.security.13 Change of getPublicKey() of X509Cert from Asynchronous to Synchronous
199**Change Impact**
200
201Behavior of released JavaScript APIs will be changed.
202The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
203
204**Key API/Component Changes**
205API before the change:
206getPublicKey(callback : AsyncCallback\<PubKey>) : void;
207getPublicKey() : Promise\<PubKey>;
208API after the change:
209getPublicKey() : cryptoFramework.PubKey;
210
211**Adaptation Guide**
212See the following API reference:
213[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
214
215
216## cl.security.14 Change of checkValidityWithDate of X509Cert from Asynchronous to Synchronous
217**Change Impact**
218
219Behavior of released JavaScript APIs will be changed.
220The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
221
222**Key API/Component Changes**
223API before the change:
224checkValidityWithDate(date: string, callback : AsyncCallback\<void>) : void;
225checkValidityWithDate(date: string) : Promise\<void>;
226API after the change:
227checkValidityWithDate(date: string) : void;
228
229**Adaptation Guide**
230See the following API reference:
231[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
232
233
234## cl.security.15 Change of getCertIssuer of X509CrlEntry from Asynchronous to Synchronous
235**Change Impact**
236
237Behavior of released JavaScript APIs will be changed.
238The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
239
240**Key API/Component Changes**
241API before the change:
242getCertIssuer(callback : AsyncCallback\<DataBlob>) : void;
243getCertIssuer() : Promise\<DataBlob>;
244
245API after the change:
246getCertIssuer() : DataBlob;
247
248**Adaptation Guide**
249See the following API reference:
250[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
251
252
253## cl.security.16 Change of getRevocationDate of X509CrlEntry from Asynchronous to Synchronous
254**Change Impact**
255
256Behavior of released JavaScript APIs will be changed.
257The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
258
259**Key API/Component Changes**
260API before the change:
261getRevocationDate(callback : AsyncCallback\<string>) : void;
262getRevocationDate() : Promise\<string>;
263
264API after the change:
265getRevocationDate() : string;
266
267**Adaptation Guide**
268See the following API reference:
269[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
270
271
272## cl.security.17 Change of isRevoked of X509Crl from Asynchronous to Synchronous
273**Change Impact**
274
275Behavior of released JavaScript APIs will be changed.
276The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
277
278**Key API/Component Changes**
279API before the change:
280isRevoked(cert : X509Cert, callback : AsyncCallback\<boolean>) : void;
281isRevoked(cert : X509Cert) : Promise\<boolean>;
282
283API after the change:
284isRevoked(cert : X509Cert) : boolean;
285
286**Adaptation Guide**
287See the following API reference:
288[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
289
290
291## cl.security.18 Change of getRevokedCert of X509Crl from Asynchronous to Synchronous
292**Change Impact**
293
294Behavior of released JavaScript APIs will be changed.
295The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
296
297**Key API/Component Changes**
298API before the change:
299getRevokedCert(serialNumber : number, callback : AsyncCallback\<X509CrlEntry>) : void;
300getRevokedCert(serialNumber : number) : Promise\<X509CrlEntry>;
301
302API after the change:
303getRevokedCert(serialNumber : number) : X509CrlEntry;
304
305**Adaptation Guide**
306See the following API reference:
307[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
308
309
310## cl.security.19 Change of getRevokedCertWithCert of X509Crl from Asynchronous to Synchronous
311**Change Impact**
312
313Behavior of released JavaScript APIs will be changed.
314The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
315
316**Key API/Component Changes**
317API before the change:
318getRevokedCertWithCert(cert : X509Cert, callback : AsyncCallback\<X509CrlEntry>) : void;
319getRevokedCertWithCert(cert : X509Cert) : Promise\<X509CrlEntry>;
320
321API after the change:
322getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry;
323
324**Adaptation Guide**
325See the following API reference:
326[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
327
328
329## cl.security.20 Change of getTbsInfo of X509Crl from Asynchronous to Synchronous
330**Change Impact**
331
332Behavior of released JavaScript APIs will be changed.
333The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
334
335**Key API/Component Changes**
336API before the change:
337getTbsInfo(callback : AsyncCallback\<DataBlob>) : void;
338getTbsInfo() : Promise\<DataBlob>;
339
340API after the change:
341getTbsInfo() : DataBlob;
342
343**Adaptation Guide**
344See the following API reference:
345[Certificate](../../../application-dev/reference/apis/js-apis-cert.md)
346
347## cl.security.21 Support of No-Hash Signing Mode for HUKS
348
349Before the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS uses **huks.HuksKeyDigest.HUKS_DIGEST_SHA256** for processing by default. After the change, the application passes **huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE** and HUKS does not generate a digest by default. Instead, the service performs a hash operation on the original data and then passes a hashed digest to HUKS for signing or signature verification.
350
351**Change Impact**
352
353Behavior of released JavaScript APIs will be changed.
354The application needs to adapt these APIs so that the signing or signature verification result can be passed before and after the change.
355
356**Key API/Component Changes**
357
358Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed.
359
360The service uses the No-Hash signing mode, and hashes the original data and then passes a hashed digest to the signing or signature verification API of HUKS. In addition, the **huks.HuksTag.HUKS_TAG_DIGEST** parameter is set to **huks.HuksKeyDigest.HUKS_DIGEST_NONE**.
361
362**Adaptation Guide**
363
364The following uses signing as an example.
365
366```js
367import huks from '@ohos.security.huks';
368
369let keyAlias = 'rsa_Key';
370/* Digest value after SHA-256 encryption */
371let inDataAfterSha256 = new Uint8Array(
372    0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF,
373    0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3,
374);
375/* Signing parameters */
376let signProperties = new Array();
377signProperties[0] = {
378    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
379    value: huks.HuksKeyAlg.HUKS_ALG_RSA,
380}
381signProperties[1] = {
382    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
383    value:
384    huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN
385}
386signProperties[2] = {
387    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
388    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048,
389}
390signProperties[3] = {
391    tag: huks.HuksTag.HUKS_TAG_DIGEST,
392    value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, // Set digest-none.
393}
394let signOptions = {
395    properties: signProperties,
396    inData: inDataAfterSha256 // Set the value after hashing.
397}
398
399huks.initSession(keyAlias, signOptions);
400```
401
402For for information about the sample code, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
403
404## cl.security.22 Support for Key Calculation Parameter Specifications During Key Usage
405
406Before the change, all parameters for key calculation must be specified when the application generates a key. After the change, only mandatory parameters need to be specified when the application generates a key, and other parameters can be passed in when the key is used. The application can specify key calculation parameters more flexibly.
407
408**Change Impact**
409
410Behavior of released JavaScript APIs will be changed.
411
412The application can specify only mandatory parameters when creating a key and specify other optional parameters when using the key.
413
414**Key API/Component Changes**
415
416Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed and parameters are classified into mandatory parameters and optional parameters. For details, see [HUKS Development](../../../application-dev/security/huks-guidelines.md).
417
418huks.generateKeyItem
419
420huks.importKeyItem
421
422huks.importWrappedKeyItem
423
424huks.initSession
425
426huks.updateSession
427
428huks.finishSession
429
430**Adaptation Guide**
431
432The following uses the key generation process as an example.
433
434```js
435let keyAlias = 'keyAlias';
436let properties = new Array();
437// Mandatory parameter.
438properties[0] = {
439    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
440    value: huks.HuksKeyAlg.HUKS_ALG_RSA
441};
442// Mandatory parameter.
443properties[1] = {
444    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
445    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
446};
447// Mandatory parameter.
448properties[2] = {
449    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
450    value:
451    huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN |
452    huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
453};
454// Optional parameter. If this parameter is not specified when a key is generated, it must be specified when the key is used.
455properties[3] = {
456    tag: huks.HuksTag.HUKS_TAG_DIGEST,
457    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
458};
459let options = {
460    properties: properties
461};
462try {
463    huks.generateKeyItem(keyAlias, options, function (error, data) {
464        if (error) {
465            console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
466        } else {
467            console.info(`callback: generateKeyItem key success`);
468        }
469    });
470} catch (error) {
471    console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
472}
473```
474
475For for information about the sample code, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
476