加密導(dǎo)入密鑰(ArkTS)
以加密導(dǎo)入ECDH密鑰對為例,涉及業(yè)務(wù)側(cè)加密密鑰的[密鑰生成]、[協(xié)商])等操作不在本示例中體現(xiàn)。
開發(fā)步驟
- 設(shè)備A(導(dǎo)入設(shè)備)將待導(dǎo)入密鑰轉(zhuǎn)換成[HUKS密鑰材料格式]To_Import_Key(僅針對非對稱密鑰,若待導(dǎo)入密鑰是對稱密鑰則可省略此步驟)。
- 設(shè)備B(被導(dǎo)入設(shè)備)生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Wrapping_Key(公鑰Wrapping_Pk,私鑰Wrapping_Sk),其密鑰用途設(shè)置為unwrap,導(dǎo)出Wrapping_Key的公鑰材料Wrapping_Pk并保存。
- 設(shè)備A使用和設(shè)備B同樣的算法,生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Caller_Key(公鑰Caller_Pk,私鑰Caller_Sk),導(dǎo)出Caller_Key的公鑰材料Caller_Pk并保存。
- 設(shè)備A生成一個(gè)對稱密鑰Caller_Kek,該密鑰后續(xù)將用于加密To_Import_Key。
- 設(shè)備A基于Caller_Key的私鑰Caller_Sk和設(shè)備B Wrapping_Key的公鑰Wrapping_Pk,協(xié)商出Shared_Key。
- 設(shè)備A使用Caller_Kek加密To_Import_Key,生成To_Import_Key_Enc。
- 設(shè)備A使用Shared_Key加密Caller_Kek,生成Caller_Kek_Enc。
- 設(shè)備A封裝Caller_Pk、Caller_Kek_Enc、To_Import_Key_Enc等加密導(dǎo)入的密鑰材料并發(fā)送給設(shè)備B,加密導(dǎo)入密鑰材料格式見[加密導(dǎo)入密鑰材料格式]。
- 設(shè)備B導(dǎo)入封裝的加密密鑰材料。
- 設(shè)備A、B刪除用于加密導(dǎo)入的密鑰。
- 開發(fā)前請熟悉鴻蒙開發(fā)指導(dǎo)文檔 :[
gitee.com/li-shizhen-skin/harmony-os/blob/master/README.md
]
import { huks } from "@kit.UniversalKeystoreKit";
let IV = '0000000000000000';
let AAD = "abababababababab";
let NONCE = "hahahahahaha";
let TAG_SIZE = 16;
let FILED_LENGTH = 4;
let importedAes192PlainKey = "The aes192 key to import";
let callerAes256Kek = "The is kek to encrypt aes192 key";
let callerKeyAlias = "test_caller_key_ecdh_aes192";
let callerKekAliasAes256 = "test_caller_kek_ecdh_aes256";
let callerAgreeKeyAliasAes256 = "test_caller_agree_key_ecdh_aes256";
let importedKeyAliasAes192 = "test_import_key_ecdh_aes192";
let huksPubKey: Uint8Array;
let callerSelfPublicKey: Uint8Array;
let outSharedKey: Uint8Array;
let outPlainKeyEncData: Uint8Array;
let outKekEncData: Uint8Array;
let outKekEncTag: Uint8Array;
let outAgreeKeyEncTag: Uint8Array;
let mask = [0x000000FF, 0x0000FF00, 0x00FF0000, 0xFF000000];
function subUint8ArrayOf(arrayBuf: Uint8Array, start: number, end: number) {
let arr: number[] = [];
for (let i = start; i < end && i < arrayBuf.length; ++i) {
arr.push(arrayBuf[i]);
}
return new Uint8Array(arr);
}
function stringToUint8Array(str: string) {
let arr: number[] = [];
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function assignLength(length: number, arrayBuf: Uint8Array, startIndex: number) {
let index = startIndex;
for (let i = 0; i < 4; i++) {
arrayBuf[index++] = (length & mask[i]) > > (i * 8);
}
return 4;
}
function assignData(data: Uint8Array, arrayBuf: Uint8Array, startIndex: number) {
let index = startIndex;
for (let i = 0; i < data.length; i++) {
arrayBuf[index++] = data[i];
}
return data.length;
}
let genWrappingKeyParams: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
}
)
}
let genCallerEcdhParams:huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECC
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
}
)
}
let importParamsCallerKek: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_GCM
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_IV,
value: stringToUint8Array(IV)
}
),
inData: stringToUint8Array(callerAes256Kek)
}
let importParamsAgreeKey: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_GCM
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_IV,
value: stringToUint8Array(IV)
}
),
}
let callerAgreeParams: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_ECDH
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
}
)
}
let encryptKeyCommonParams: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_GCM
},
{
tag: huks.HuksTag.HUKS_TAG_NONCE,
value: stringToUint8Array(NONCE)
},
{
tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA,
value: stringToUint8Array(AAD)
}
),
}
let importWrappedAes192Params: huks.HuksOptions = {
properties: new Array< huks.HuksParam >(
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
},
{
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
},
{
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_192
},
{
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
},
{
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
},
{
tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
},
{
tag: huks.HuksTag.HUKS_TAG_IV,
value: stringToUint8Array(IV)
}
)
}
async function publicGenerateItemFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
console.info(`enter promise generateKeyItem`);
try {
await huks.generateKeyItem(keyAlias, huksOptions)
.then(data = > {
console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch((err: Error) = > {
console.error(`promise: generateKeyItem failed, ${JSON.stringify(err)}`);
})
} catch (err) {
console.error(`promise: generateKeyItem invalid, ${JSON.stringify(err)}`);
}
}
async function publicImportKeyItemFunc(keyAlias: string, HuksOptions: huks.HuksOptions) {
console.info(`enter promise importKeyItem`);
try {
await huks.importKeyItem(keyAlias, HuksOptions)
.then(data = > {
console.info(`promise: importKeyItem success, data = ${JSON.stringify(data)}`);
}).catch((err: Error) = > {
console.error(`promise: importKeyItem failed, ${JSON.stringify(err)}`);
})
} catch (err) {
console.error(`promise: importKeyItem input arg invalid, ${JSON.stringify(err)}`);
}
}
async function publicDeleteKeyItemFunc(KeyAlias: string, HuksOptions: huks.HuksOptions) {
console.info(`enter promise deleteKeyItem`);
try {
await huks.deleteKeyItem(KeyAlias, HuksOptions)
.then(data = > {
console.info(`promise: deleteKeyItem key success, data = ${JSON.stringify(data)}`);
})
.catch((err: Error) = > {
console.error(`promise: deleteKeyItem failed, ${JSON.stringify(err)}`);
})
} catch (err) {
console.error(`promise: deleteKeyItem input arg invalid, ${JSON.stringify(err)}`);
}
}
function importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
return new Promise< void >((resolve, reject) = > {
try {
huks.importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions, (error, data) = > {
if (error) {
reject(error);
} else {
resolve(data);
}
});
} catch (error) {
}
});
}
async function publicImportWrappedKeyFunc(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
console.info(`enter promise importWrappedKeyItem`);
for (let i = 0; i < huksOptions.inData!.length; i++) {
console.error(`${i}: ${huksOptions.inData![i]}`);
}
try {
await importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions)
.then((data) = > {
console.info(`promise: importWrappedKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) = > {
console.error(`promise: importWrappedKeyItem failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: importWrappedKeyItem input arg invalid, ${JSON.stringify(error)}`);
}
async function publicImportWrappedKeyPromise(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
console.info(`enter promise importWrappedKeyItem`);
try {
await huks.importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions)
.then((data) = > {
console.info(`promise: importWrappedKeyItem success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) = > {
console.error(`promise: importWrappedKeyItem failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: importWrappedKeyItem input arg invalid, ${JSON.stringify(error)}`);
}
}
async function publicInitFunc(srcKeyAlias: string, HuksOptions: huks.HuksOptions) {
let handle: number = 0;
console.info(`enter promise doInit`);
try {
await huks.initSession(srcKeyAlias, HuksOptions)
.then((data) = > {
console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
handle = data.handle;
})
.catch((error: Error) = > {
console.error(`promise: doInit key failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
}
return handle;
}
async function publicUpdateSessionFunction(handle: number, HuksOptions: huks.HuksOptions) {
const maxUpdateSize = 64;
const inData = HuksOptions.inData!;
const lastInDataPosition = inData.length - 1;
let inDataSegSize = maxUpdateSize;
let inDataSegPosition = 0;
let isFinished = false;
let outData: number[] = [];
while (inDataSegPosition <= lastInDataPosition) {
if (inDataSegPosition + maxUpdateSize > lastInDataPosition) {
isFinished = true;
inDataSegSize = lastInDataPosition - inDataSegPosition + 1;
console.info(`enter promise doUpdate`);
break;
}
HuksOptions.inData = new Uint8Array(
Array.from(inData).slice(inDataSegPosition, inDataSegPosition + inDataSegSize)
);
console.info(`enter promise doUpdate`);
try {
await huks.updateSession(handle, HuksOptions)
.then((data) = > {
console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
outData = outData.concat(Array.from(data.outData!));
})
.catch((error: Error) = > {
console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
}
if ((!isFinished) && (inDataSegPosition + maxUpdateSize > lastInDataPosition)) {
console.error(`update size invalid isFinished = ${isFinished}`);
console.error(`inDataSegPosition = ${inDataSegPosition}`);
console.error(`lastInDataPosition = ${lastInDataPosition}`);
return;
}
inDataSegPosition += maxUpdateSize;
}
return outData;
}
async function publicFinishSession(handle: number, HuksOptions: huks.HuksOptions, inData: number[]) {
let outData: number[] = [];
console.info(`enter promise doFinish`);
try {
await huks.finishSession(handle, HuksOptions)
.then((data) = > {
console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`);
outData = inData.concat(Array.from(data.outData!));
})
.catch((error: Error) = > {
console.error(`promise: doFinish key failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: doFinish input arg invalid, ${JSON.stringify(error)}`);
}
return new Uint8Array(outData);
}
async function cipherFunction(keyAlias: string, HuksOptions: huks.HuksOptions) {
let handle = await publicInitFunc(keyAlias, HuksOptions);
let tmpData = await publicUpdateSessionFunction(handle, HuksOptions);
let outData = await publicFinishSession(handle, HuksOptions, tmpData!);
return outData;
}
async function agreeFunction(keyAlias: string, HuksOptions: huks.HuksOptions, huksPublicKey: Uint8Array) {
let handle = await publicInitFunc(keyAlias, HuksOptions);
let outSharedKey: Uint8Array = new Uint8Array;
HuksOptions.inData = huksPublicKey;
console.info(`enter promise doUpdate`);
try {
await huks.updateSession(handle, HuksOptions)
.then((data) = > {
console.error(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
})
.catch((error: Error) = > {
console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
}
console.info(`enter promise doInit`);
try {
await huks.finishSession(handle, HuksOptions)
.then((data) = > {
console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
outSharedKey = data.outData as Uint8Array;
})
.catch((error: Error) = > {
console.error(`promise: doInit key failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
}
return outSharedKey;
}
async function ImportKekAndAgreeSharedSecret(callerKekAlias: string, importKekParams: huks.HuksOptions, callerKeyAlias: string, huksPublicKey: Uint8Array, agreeParams: huks.HuksOptions) {
await publicImportKeyItemFunc(callerKekAlias, importKekParams);
outSharedKey = await agreeFunction(callerKeyAlias, agreeParams, huksPublicKey);
importParamsAgreeKey.inData = outSharedKey;
await publicImportKeyItemFunc(callerAgreeKeyAliasAes256, importParamsAgreeKey);
}
async function generateAndExportPublicKey(keyAlias: string, HuksOptions: huks.HuksOptions, caller: Boolean) {
await publicGenerateItemFunc(keyAlias, HuksOptions);
try {
await huks.exportKeyItem(keyAlias, HuksOptions)
.then((data) = > {
console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`);
if (caller) {
callerSelfPublicKey = data.outData as Uint8Array;
} else {
huksPubKey = data.outData as Uint8Array;
}
})
.catch((error: Error) = > {
console.error(`promise: exportKeyItem failed, ${JSON.stringify(error)}`);
});
} catch (error) {
console.error(`promise: generate pubKey failed, ${JSON.stringify(error)}`);
}
}
async function EncryptImportedPlainKeyAndKek(keyAlias: string) {
encryptKeyCommonParams.inData = stringToUint8Array(keyAlias)
let plainKeyEncData = await cipherFunction(callerKekAliasAes256, encryptKeyCommonParams);
outKekEncTag = subUint8ArrayOf(plainKeyEncData, plainKeyEncData.length - TAG_SIZE, plainKeyEncData.length)
outPlainKeyEncData = subUint8ArrayOf(plainKeyEncData, 0, plainKeyEncData.length - TAG_SIZE)
encryptKeyCommonParams.inData = stringToUint8Array(callerAes256Kek)
let kekEncData = await cipherFunction(callerAgreeKeyAliasAes256, encryptKeyCommonParams)
outAgreeKeyEncTag = subUint8ArrayOf(kekEncData, kekEncData.length - TAG_SIZE, kekEncData.length)
outKekEncData = subUint8ArrayOf(kekEncData, 0, kekEncData.length - TAG_SIZE)
}
async function BuildWrappedDataAndImportWrappedKey(plainKey: string) {
let plainKeySizeBuff = new Uint8Array(4);
assignLength(plainKey.length, plainKeySizeBuff, 0);
let wrappedData = new Uint8Array(
FILED_LENGTH + huksPubKey.length +
FILED_LENGTH + AAD.length +
FILED_LENGTH + NONCE.length +
FILED_LENGTH + TAG_SIZE +
FILED_LENGTH + outKekEncData.length +
FILED_LENGTH + AAD.length +
FILED_LENGTH + NONCE.length +
FILED_LENGTH + TAG_SIZE +
FILED_LENGTH + plainKeySizeBuff.length +
FILED_LENGTH + outPlainKeyEncData.length
);
let index = 0;
let AADUint8Array = stringToUint8Array(AAD);
let NonceArray = stringToUint8Array(NONCE);
index += assignLength(callerSelfPublicKey.length, wrappedData, index); // 4
index += assignData(callerSelfPublicKey, wrappedData, index); // 91
index += assignLength(AADUint8Array.length, wrappedData, index); // 4
index += assignData(AADUint8Array, wrappedData, index); // 16
index += assignLength(NonceArray.length, wrappedData, index); // 4
index += assignData(NonceArray, wrappedData, index); // 12
index += assignLength(outAgreeKeyEncTag.length, wrappedData, index); // 4
index += assignData(outAgreeKeyEncTag, wrappedData, index); // 16
index += assignLength(outKekEncData.length, wrappedData, index); // 4
index += assignData(outKekEncData, wrappedData, index); // 32
index += assignLength(AADUint8Array.length, wrappedData, index); // 4
index += assignData(AADUint8Array, wrappedData, index); // 16
index += assignLength(NonceArray.length, wrappedData, index); // 4
index += assignData(NonceArray, wrappedData, index); // 12
index += assignLength(outKekEncTag.length, wrappedData, index); // 4
index += assignData(outKekEncTag, wrappedData, index); // 16
index += assignLength(plainKeySizeBuff.length, wrappedData, index); // 4
index += assignData(plainKeySizeBuff, wrappedData, index); // 4
index += assignLength(outPlainKeyEncData.length, wrappedData, index); // 4
index += assignData(outPlainKeyEncData, wrappedData, index); // 24
return wrappedData;
}
/* 模擬加密導(dǎo)入密鑰場景,設(shè)備A為遠(yuǎn)端設(shè)備(導(dǎo)入設(shè)備),設(shè)備B為本端設(shè)備(被導(dǎo)入設(shè)備) */
async function ImportWrappedKey() {
/**
* 1.設(shè)備A將待導(dǎo)入密鑰轉(zhuǎn)換成HUKS密鑰材料格式To_Import_Key(僅針對非對稱密鑰,若待導(dǎo)入密鑰是對稱密鑰則可省略此步驟),
* 本示例使用importedAes256PlainKey(對稱密鑰)作為模擬
*/
/* 2.設(shè)備B生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Wrapping_Key(公鑰Wrapping_Pk,私鑰Wrapping_Sk),其密鑰用途設(shè)置為unwrap,導(dǎo)出Wrapping_Key公鑰Wrapping_Pk存放在變量huksPubKey中 */
const srcKeyAliasWrap = 'HUKS_Basic_Capability_Import_0200';
await generateAndExportPublicKey(srcKeyAliasWrap, genWrappingKeyParams, false);
/* 3.設(shè)備A使用和設(shè)備B同樣的算法,生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Caller_Key(公鑰Caller_Pk,私鑰Caller_Sk),導(dǎo)出Caller_Key公鑰Caller_Pk存放在變量callerSelfPublicKey中 */
await generateAndExportPublicKey(callerKeyAlias, genCallerEcdhParams, true);
/**
* 4.設(shè)備A生成一個(gè)對稱密鑰Caller_Kek,該密鑰后續(xù)將用于加密To_Import_Key
* 5.設(shè)備A基于Caller_Key的私鑰Caller_Sk和Wrapping_Key的公鑰Wrapping_Pk,協(xié)商出Shared_Key
*/
await ImportKekAndAgreeSharedSecret(callerKekAliasAes256, importParamsCallerKek, callerKeyAlias, huksPubKey, callerAgreeParams);
/**
* 6.設(shè)備A使用Caller_Kek加密To_Import_Key,生成To_Import_Key_Enc
* 7.設(shè)備A使用Shared_Key加密Caller_Kek,生成Caller_Kek_Enc
*/
await EncryptImportedPlainKeyAndKek(importedAes192PlainKey);
/* 8.設(shè)備A封裝Caller_Pk、To_Import_Key_Enc、Caller_Kek_Enc等加密導(dǎo)入的材料并發(fā)送給設(shè)備B。本示例作為變量存放在callerSelfPublicKey,PlainKeyEncData,KekEncData */
let wrappedData = await BuildWrappedDataAndImportWrappedKey(importedAes192PlainKey);
importWrappedAes192Params.inData = wrappedData;
/* 9.設(shè)備B導(dǎo)入封裝的加密密鑰材料 */
await publicImportWrappedKeyFunc(importedKeyAliasAes192, srcKeyAliasWrap, importWrappedAes192Params);
/* 10.設(shè)備A、B刪除用于加密導(dǎo)入的密鑰 */
await publicDeleteKeyItemFunc(srcKeyAliasWrap, genWrappingKeyParams);
await publicDeleteKeyItemFunc(callerKeyAlias, genCallerEcdhParams);
await publicDeleteKeyItemFunc(importedKeyAliasAes192, importWrappedAes192Params);
await publicDeleteKeyItemFunc(callerKekAliasAes256, callerAgreeParams);
}
調(diào)測驗(yàn)證
調(diào)用[huks.isKeyItemExist]驗(yàn)證密鑰是否存在,如密鑰存在即表示密鑰導(dǎo)入成功。
`HarmonyOS與OpenHarmony鴻蒙文檔籽料:mau123789是v直接拿`
import { huks } from "@kit.UniversalKeystoreKit";
/*
* 確定密鑰別名和封裝密鑰屬性參數(shù)集
*/
let keyAlias = 'test_import_key_ecdh_aes192';
let isKeyExist:Boolean;
let keyProperties: Array< huks.HuksParam > = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES,
}];
let huksOptions:huks.HuksOptions = {
properties: keyProperties, // 非空填充
inData: new Uint8Array(new Array()) // 非空填充
}
try {
huks.isKeyItemExist(keyAlias, huksOptions, (error, data)= > {
if (error) {
console.error(`callback: isKeyItemExist failed, ${JSON.stringify(error)}`);
} else {
if (data !== null && data.valueOf() !== null) {
isKeyExist = data.valueOf();
console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`);
}
}
});
} catch (error) {
console.error(`callback: isKeyItemExist input arg invalid, ${JSON.stringify(error)}`);
}
審核編輯 黃宇
聲明:本文內(nèi)容及配圖由入駐作者撰寫或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人,不代表電子發(fā)燒友網(wǎng)立場。文章及其配圖僅供工程師學(xué)習(xí)之用,如有內(nèi)容侵權(quán)或者其他違規(guī)問題,請聯(lián)系本站處理。
舉報(bào)投訴
-
密鑰
+關(guān)注
關(guān)注
1文章
134瀏覽量
19658 -
鴻蒙
+關(guān)注
關(guān)注
56文章
2267瀏覽量
42489
發(fā)布評論請先 登錄
相關(guān)推薦
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù)簡介
Universal Keystore Kit(密鑰管理服務(wù),下述簡稱為HUKS)向業(yè)務(wù)/應(yīng)用提供
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù) 密鑰導(dǎo)入介紹及算法規(guī)格
如果業(yè)務(wù)在HUKS外部生成密鑰(比如應(yīng)用間協(xié)商生成、服務(wù)器端生成),業(yè)務(wù)可以將密鑰導(dǎo)入到HUKS中由HUKS進(jìn)行管理。
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù) 明文導(dǎo)入密鑰 ArkTS
分別以導(dǎo)入AES256與RSA2048密鑰為例,具體的場景介紹及支持的算法規(guī)格
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù) 加密導(dǎo)入密鑰C、C++
以加密導(dǎo)入ECDH密鑰對為例,涉及業(yè)務(wù)側(cè)加密密鑰的[密鑰生成]、[協(xié)商]等操作不在本示例中體現(xiàn)。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 密鑰使用介紹及通用流程
為了實(shí)現(xiàn)對數(shù)據(jù)機(jī)密性、完整性等保護(hù),可使用生成/導(dǎo)入的密鑰,對數(shù)據(jù)進(jìn)行密鑰操作
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 密鑰協(xié)商ArkTS
以協(xié)商密鑰類型為X25519 256,并密鑰僅在HUKS內(nèi)使用為例,完成密鑰協(xié)商。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 密鑰協(xié)商 C、C++
以協(xié)商密鑰類型為ECDH,并密鑰僅在HUKS內(nèi)使用為例,完成密鑰協(xié)商。具體的場景介紹及支持的算法規(guī)格,請參考[密鑰生成支持的算法]。
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù) 密鑰派生C、C++
以HKDF256密鑰為例,完成密鑰派生。具體的場景介紹及支持的算法規(guī)格,請參考[密鑰生成支持的算法]。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) HMAC ArkTS
HMAC是密鑰相關(guān)的哈希運(yùn)算消息認(rèn)證碼(Hash-based Message Authentication Code),是一種基于Hash函數(shù)和密鑰進(jìn)行消息認(rèn)證的方法。
鴻蒙開發(fā):Universal Keystore Kit密鑰管理服務(wù) 密鑰刪除ArkTS
為保證數(shù)據(jù)安全性,當(dāng)不需要使用該密鑰時(shí),應(yīng)該刪除密鑰。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 獲取密鑰屬性ArkTS
HUKS提供了接口供業(yè)務(wù)獲取指定密鑰的相關(guān)屬性。在獲取指定密鑰屬性前,需要確保已在HUKS中生成或導(dǎo)入持久化存儲(chǔ)的密鑰。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 獲取密鑰屬性C C++
HUKS提供了接口供業(yè)務(wù)獲取指定密鑰的相關(guān)屬性。在獲取指定密鑰屬性前,需要確保已在HUKS中生成或導(dǎo)入持久化存儲(chǔ)的密鑰。
鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 查詢密鑰別名集 ArkTS
HUKS提供了接口供應(yīng)用查詢密鑰別名集。
評論