搜索歷史

清空
搜索熱詞
      0
      • 聊天消息
      • 系統(tǒng)消息
      • 評論與回復(fù)
      VIP于 到期 續(xù)費(fèi)
      登錄后你可以
      • 下載海量資料
      • 學(xué)習(xí)在線課程
      • 觀看技術(shù)視頻
      • 寫文章/發(fā)帖/加入社區(qū)
      會(huì)員中心
      創(chuàng)作中心
      發(fā)布
      創(chuàng)作活動(dòng)

      完善資料讓更多小伙伴認(rèn)識(shí)你,還能領(lǐng)取20積分哦,立即完善>

      3天內(nèi)不再提示

      鴻蒙開發(fā):Universal Keystore Kit 密鑰管理服務(wù) 加密導(dǎo)入密鑰 ArkTS

      jf_46214456 ? 來源:jf_46214456 ? 作者:jf_46214456 ? 2024-07-08 14:22 ? 次閱讀

      加密導(dǎo)入密鑰(ArkTS)

      以加密導(dǎo)入ECDH密鑰對為例,涉及業(yè)務(wù)側(cè)加密密鑰的[密鑰生成]、[協(xié)商])等操作不在本示例中體現(xiàn)。

      開發(fā)步驟

      1. 設(shè)備A(導(dǎo)入設(shè)備)將待導(dǎo)入密鑰轉(zhuǎn)換成[HUKS密鑰材料格式]To_Import_Key(僅針對非對稱密鑰,若待導(dǎo)入密鑰是對稱密鑰則可省略此步驟)。
      2. 設(shè)備B(被導(dǎo)入設(shè)備)生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Wrapping_Key(公鑰Wrapping_Pk,私鑰Wrapping_Sk),其密鑰用途設(shè)置為unwrap,導(dǎo)出Wrapping_Key的公鑰材料Wrapping_Pk并保存。
      3. 設(shè)備A使用和設(shè)備B同樣的算法,生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Caller_Key(公鑰Caller_Pk,私鑰Caller_Sk),導(dǎo)出Caller_Key的公鑰材料Caller_Pk并保存。
      4. 設(shè)備A生成一個(gè)對稱密鑰Caller_Kek,該密鑰后續(xù)將用于加密To_Import_Key。
      5. 設(shè)備A基于Caller_Key的私鑰Caller_Sk和設(shè)備B Wrapping_Key的公鑰Wrapping_Pk,協(xié)商出Shared_Key。
      6. 設(shè)備A使用Caller_Kek加密To_Import_Key,生成To_Import_Key_Enc。
      7. 設(shè)備A使用Shared_Key加密Caller_Kek,生成Caller_Kek_Enc。
      8. 設(shè)備A封裝Caller_Pk、Caller_Kek_Enc、To_Import_Key_Enc等加密導(dǎo)入的密鑰材料并發(fā)送給設(shè)備B,加密導(dǎo)入密鑰材料格式見[加密導(dǎo)入密鑰材料格式]。
      9. 設(shè)備B導(dǎo)入封裝的加密密鑰材料。
      10. 設(shè)備A、B刪除用于加密導(dǎo)入的密鑰。
      11. 開發(fā)前請熟悉鴻蒙開發(fā)指導(dǎo)文檔 :[gitee.com/li-shizhen-skin/harmony-os/blob/master/README.md]
      import { huks } from "@kit.UniversalKeystoreKit";
let IV = '0000000000000000';
let AAD = "abababababababab";
let NONCE = "hahahahahaha";
let TAG_SIZE = 16;
let FILED_LENGTH = 4;
let importedAes192PlainKey = "The aes192 key to import";
let callerAes256Kek = "The is kek to encrypt aes192 key";
let callerKeyAlias = "test_caller_key_ecdh_aes192";
let callerKekAliasAes256 = "test_caller_kek_ecdh_aes256";
let callerAgreeKeyAliasAes256 = "test_caller_agree_key_ecdh_aes256";
let importedKeyAliasAes192 = "test_import_key_ecdh_aes192";
let huksPubKey: Uint8Array;
let callerSelfPublicKey: Uint8Array;
let outSharedKey: Uint8Array;
let outPlainKeyEncData: Uint8Array;
let outKekEncData: Uint8Array;
let outKekEncTag: Uint8Array;
let outAgreeKeyEncTag: Uint8Array;
let mask = [0x000000FF, 0x0000FF00, 0x00FF0000, 0xFF000000];
function subUint8ArrayOf(arrayBuf: Uint8Array, start: number, end: number) {
    let arr: number[] = [];
    for (let i = start; i < end && i < arrayBuf.length; ++i) {
        arr.push(arrayBuf[i]);
    }
    return new Uint8Array(arr);
}
function stringToUint8Array(str: string) {
    let arr: number[] = [];
    for (let i = 0, j = str.length; i < j; ++i) {
        arr.push(str.charCodeAt(i));
    }
    return new Uint8Array(arr);
}
function assignLength(length: number, arrayBuf: Uint8Array, startIndex: number) {
    let index = startIndex;
    for (let i = 0; i < 4; i++) {
        arrayBuf[index++] = (length & mask[i]) > > (i * 8);
    }
    return 4;
}
function assignData(data: Uint8Array, arrayBuf: Uint8Array, startIndex: number) {
    let index = startIndex;
    for (let i = 0; i < data.length; i++) {
        arrayBuf[index++] = data[i];
    }
    return data.length;
}
let genWrappingKeyParams: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_ECC
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        }
    )
}
let genCallerEcdhParams:huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_ECC
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
        }
    )
}
let importParamsCallerKek: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_AES
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_GCM
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_IV,
            value: stringToUint8Array(IV)
        }
    ),
    inData: stringToUint8Array(callerAes256Kek)
}
let importParamsAgreeKey: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_AES
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_GCM
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_IV,
            value: stringToUint8Array(IV)
        }
    ),
}
let callerAgreeParams: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_ECDH
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
        }
    )
}
let encryptKeyCommonParams: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_AES
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_GCM
        },
        {
            tag: huks.HuksTag.HUKS_TAG_NONCE,
            value: stringToUint8Array(NONCE)
        },
        {
            tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA,
            value: stringToUint8Array(AAD)
        }
    ),
}
let importWrappedAes192Params: huks.HuksOptions = {
    properties: new Array< huks.HuksParam >(
        {
            tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
            value: huks.HuksKeyAlg.HUKS_ALG_AES
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PURPOSE,
            value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT |
            huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
        },
        {
            tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
            value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_192
        },
        {
            tag: huks.HuksTag.HUKS_TAG_PADDING,
            value: huks.HuksKeyPadding.HUKS_PADDING_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
            value: huks.HuksCipherMode.HUKS_MODE_CBC
        },
        {
            tag: huks.HuksTag.HUKS_TAG_DIGEST,
            value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
        },
        {
            tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE,
            value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING
        },
        {
            tag: huks.HuksTag.HUKS_TAG_IV,
            value: stringToUint8Array(IV)
        }
    )
}
async function publicGenerateItemFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
    console.info(`enter promise generateKeyItem`);
    try {
        await huks.generateKeyItem(keyAlias, huksOptions)
        .then(data = > {
            console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
        })
        .catch((err: Error) = > {
            console.error(`promise: generateKeyItem failed, ${JSON.stringify(err)}`);
        })
    } catch (err) {
        console.error(`promise: generateKeyItem invalid, ${JSON.stringify(err)}`);
    }
}
async function publicImportKeyItemFunc(keyAlias: string, HuksOptions: huks.HuksOptions) {
    console.info(`enter promise importKeyItem`);
    try {
        await huks.importKeyItem(keyAlias, HuksOptions)
        .then(data = > {
            console.info(`promise: importKeyItem success, data = ${JSON.stringify(data)}`);
        }).catch((err: Error) = > {
            console.error(`promise: importKeyItem failed, ${JSON.stringify(err)}`);
        })
    } catch (err) {
        console.error(`promise: importKeyItem input arg invalid, ${JSON.stringify(err)}`);
    }
}
async function publicDeleteKeyItemFunc(KeyAlias: string, HuksOptions: huks.HuksOptions) {
    console.info(`enter promise deleteKeyItem`);
    try {
        await huks.deleteKeyItem(KeyAlias, HuksOptions)
        .then(data = > {
            console.info(`promise: deleteKeyItem key success, data = ${JSON.stringify(data)}`);
        })
        .catch((err: Error) = > {
            console.error(`promise: deleteKeyItem failed, ${JSON.stringify(err)}`);
        })
    } catch (err) {
        console.error(`promise: deleteKeyItem input arg invalid, ${JSON.stringify(err)}`);
    }
}
function importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
    return new Promise< void >((resolve, reject) = > {
        try {
            huks.importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions, (error, data) = > {
                if (error) {
                    reject(error);
                } else {
                    resolve(data);
                }
            });
        } catch (error) {
        }
    });
}
async function publicImportWrappedKeyFunc(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
    console.info(`enter promise importWrappedKeyItem`);
    for (let i = 0; i < huksOptions.inData!.length; i++) {
        console.error(`${i}: ${huksOptions.inData![i]}`);
    }
    try {
        await importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions)
        .then((data) = > {
            console.info(`promise: importWrappedKeyItem success, data = ${JSON.stringify(data)}`);
        })
        .catch((error: Error) = > {
            console.error(`promise: importWrappedKeyItem failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: importWrappedKeyItem input arg invalid, ${JSON.stringify(error)}`);
}
async function publicImportWrappedKeyPromise(keyAlias: string, wrappingKeyAlias: string, huksOptions: huks.HuksOptions) {
    console.info(`enter promise importWrappedKeyItem`);
    try {
        await huks.importWrappedKeyItem(keyAlias, wrappingKeyAlias, huksOptions)
        .then((data) = > {
            console.info(`promise: importWrappedKeyItem success, data = ${JSON.stringify(data)}`);
        })
        .catch((error: Error) = > {
            console.error(`promise: importWrappedKeyItem failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: importWrappedKeyItem input arg invalid, ${JSON.stringify(error)}`);
    }
}
async function publicInitFunc(srcKeyAlias: string, HuksOptions: huks.HuksOptions) {
    let handle: number = 0;
    console.info(`enter promise doInit`);
    try {
        await huks.initSession(srcKeyAlias, HuksOptions)
        .then((data) = > {
            console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
            handle = data.handle;
        })
        .catch((error: Error) = > {
            console.error(`promise: doInit key failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
    }
    return handle;
}
async function publicUpdateSessionFunction(handle: number, HuksOptions: huks.HuksOptions) {
    const maxUpdateSize = 64;
    const inData = HuksOptions.inData!;
    const lastInDataPosition = inData.length - 1;
    let inDataSegSize = maxUpdateSize;
    let inDataSegPosition = 0;
    let isFinished = false;
    let outData: number[] = [];

    while (inDataSegPosition <= lastInDataPosition) {
        if (inDataSegPosition + maxUpdateSize > lastInDataPosition) {
            isFinished = true;
            inDataSegSize = lastInDataPosition - inDataSegPosition + 1;
            console.info(`enter promise doUpdate`);
            break;
        }
        HuksOptions.inData = new Uint8Array(
           Array.from(inData).slice(inDataSegPosition, inDataSegPosition + inDataSegSize)
        );
        console.info(`enter promise doUpdate`);
        try {
            await huks.updateSession(handle, HuksOptions)
            .then((data) = > {
                console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
                outData = outData.concat(Array.from(data.outData!));
            })
            .catch((error: Error) = > {
                console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
            });
        } catch (error) {
            console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
        }
        if ((!isFinished) && (inDataSegPosition + maxUpdateSize > lastInDataPosition)) {
            console.error(`update size invalid isFinished = ${isFinished}`);
            console.error(`inDataSegPosition = ${inDataSegPosition}`);
            console.error(`lastInDataPosition = ${lastInDataPosition}`);
            return;
        }
        inDataSegPosition += maxUpdateSize;
    }
    return outData;
}
async function publicFinishSession(handle: number, HuksOptions: huks.HuksOptions, inData: number[]) {
    let outData: number[] = [];
    console.info(`enter promise doFinish`);
    try {
        await huks.finishSession(handle, HuksOptions)
        .then((data) = > {
            console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`);
            outData = inData.concat(Array.from(data.outData!));
        })
        .catch((error: Error) = > {
            console.error(`promise: doFinish key failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: doFinish input arg invalid, ${JSON.stringify(error)}`);
    }
    return new Uint8Array(outData);
}
async function cipherFunction(keyAlias: string, HuksOptions: huks.HuksOptions) {
    let handle = await publicInitFunc(keyAlias, HuksOptions);
    let tmpData = await publicUpdateSessionFunction(handle, HuksOptions);
    let outData = await publicFinishSession(handle, HuksOptions, tmpData!);
    return outData;
}
async function agreeFunction(keyAlias: string, HuksOptions: huks.HuksOptions, huksPublicKey: Uint8Array) {
    let handle = await publicInitFunc(keyAlias, HuksOptions);
    let outSharedKey: Uint8Array = new Uint8Array;
    HuksOptions.inData = huksPublicKey;
    console.info(`enter promise doUpdate`);
    try {
        await huks.updateSession(handle, HuksOptions)
        .then((data) = > {
            console.error(`promise: doUpdate success, data = ${JSON.stringify(data)}`);
        })
        .catch((error: Error) = > {
            console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`);
    }
    console.info(`enter promise doInit`);
    try {
        await huks.finishSession(handle, HuksOptions)
        .then((data) = > {
            console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
            outSharedKey = data.outData as Uint8Array;
        })
        .catch((error: Error) = > {
            console.error(`promise: doInit key failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`);
    }
    return outSharedKey;
}
async function ImportKekAndAgreeSharedSecret(callerKekAlias: string, importKekParams: huks.HuksOptions, callerKeyAlias: string, huksPublicKey: Uint8Array, agreeParams: huks.HuksOptions) {
    await publicImportKeyItemFunc(callerKekAlias, importKekParams);
    outSharedKey = await agreeFunction(callerKeyAlias, agreeParams, huksPublicKey);
    importParamsAgreeKey.inData = outSharedKey;
    await publicImportKeyItemFunc(callerAgreeKeyAliasAes256, importParamsAgreeKey);
}
async function generateAndExportPublicKey(keyAlias: string, HuksOptions: huks.HuksOptions, caller: Boolean) {
    await publicGenerateItemFunc(keyAlias, HuksOptions);
    try {
        await huks.exportKeyItem(keyAlias, HuksOptions)
        .then((data) = > {
            console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`);
            if (caller) {
                callerSelfPublicKey = data.outData as Uint8Array;
            } else {
                huksPubKey = data.outData as Uint8Array;
            }
        })
        .catch((error: Error) = > {
            console.error(`promise: exportKeyItem failed, ${JSON.stringify(error)}`);
        });
    } catch (error) {
        console.error(`promise: generate pubKey failed, ${JSON.stringify(error)}`);
    }
}
async function EncryptImportedPlainKeyAndKek(keyAlias: string) {
    encryptKeyCommonParams.inData = stringToUint8Array(keyAlias)
    let plainKeyEncData = await cipherFunction(callerKekAliasAes256, encryptKeyCommonParams);
    outKekEncTag = subUint8ArrayOf(plainKeyEncData, plainKeyEncData.length - TAG_SIZE, plainKeyEncData.length)
    outPlainKeyEncData = subUint8ArrayOf(plainKeyEncData, 0, plainKeyEncData.length - TAG_SIZE)
    encryptKeyCommonParams.inData = stringToUint8Array(callerAes256Kek)
    let kekEncData = await cipherFunction(callerAgreeKeyAliasAes256, encryptKeyCommonParams)
    outAgreeKeyEncTag = subUint8ArrayOf(kekEncData, kekEncData.length - TAG_SIZE, kekEncData.length)
    outKekEncData = subUint8ArrayOf(kekEncData, 0, kekEncData.length - TAG_SIZE)
}
async function BuildWrappedDataAndImportWrappedKey(plainKey: string) {
    let plainKeySizeBuff = new Uint8Array(4);
    assignLength(plainKey.length, plainKeySizeBuff, 0);
    let wrappedData = new Uint8Array(
        FILED_LENGTH + huksPubKey.length +
        FILED_LENGTH + AAD.length +
        FILED_LENGTH + NONCE.length +
        FILED_LENGTH + TAG_SIZE +
        FILED_LENGTH + outKekEncData.length +
        FILED_LENGTH + AAD.length +
        FILED_LENGTH + NONCE.length +
        FILED_LENGTH + TAG_SIZE +
        FILED_LENGTH + plainKeySizeBuff.length +
        FILED_LENGTH + outPlainKeyEncData.length
    );
    let index = 0;
    let AADUint8Array = stringToUint8Array(AAD);
    let NonceArray = stringToUint8Array(NONCE);
    index += assignLength(callerSelfPublicKey.length, wrappedData, index);  // 4
    index += assignData(callerSelfPublicKey, wrappedData, index); // 91
    index += assignLength(AADUint8Array.length, wrappedData, index); // 4
    index += assignData(AADUint8Array, wrappedData, index); // 16
    index += assignLength(NonceArray.length, wrappedData, index); // 4
    index += assignData(NonceArray, wrappedData, index); // 12
    index += assignLength(outAgreeKeyEncTag.length, wrappedData, index); // 4
    index += assignData(outAgreeKeyEncTag, wrappedData, index); // 16
    index += assignLength(outKekEncData.length, wrappedData, index); // 4
    index += assignData(outKekEncData, wrappedData, index); // 32
    index += assignLength(AADUint8Array.length, wrappedData, index); // 4
    index += assignData(AADUint8Array, wrappedData, index); // 16
    index += assignLength(NonceArray.length, wrappedData, index); // 4
    index += assignData(NonceArray, wrappedData, index); // 12
    index += assignLength(outKekEncTag.length, wrappedData, index); // 4
    index += assignData(outKekEncTag, wrappedData, index); // 16
    index += assignLength(plainKeySizeBuff.length, wrappedData, index); // 4
    index += assignData(plainKeySizeBuff, wrappedData, index); // 4
    index += assignLength(outPlainKeyEncData.length, wrappedData, index); // 4
    index += assignData(outPlainKeyEncData, wrappedData, index); // 24
    return wrappedData;
}
/* 模擬加密導(dǎo)入密鑰場景,設(shè)備A為遠(yuǎn)端設(shè)備(導(dǎo)入設(shè)備),設(shè)備B為本端設(shè)備(被導(dǎo)入設(shè)備) */
async function ImportWrappedKey() {
    /**
     * 1.設(shè)備A將待導(dǎo)入密鑰轉(zhuǎn)換成HUKS密鑰材料格式To_Import_Key(僅針對非對稱密鑰,若待導(dǎo)入密鑰是對稱密鑰則可省略此步驟),
     *   本示例使用importedAes256PlainKey(對稱密鑰)作為模擬
     */

    /* 2.設(shè)備B生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Wrapping_Key(公鑰Wrapping_Pk,私鑰Wrapping_Sk),其密鑰用途設(shè)置為unwrap,導(dǎo)出Wrapping_Key公鑰Wrapping_Pk存放在變量huksPubKey中 */
    const srcKeyAliasWrap = 'HUKS_Basic_Capability_Import_0200';
    await generateAndExportPublicKey(srcKeyAliasWrap, genWrappingKeyParams, false);

    /* 3.設(shè)備A使用和設(shè)備B同樣的算法,生成一個(gè)加密導(dǎo)入用途的、用于協(xié)商的非對稱密鑰對Caller_Key(公鑰Caller_Pk,私鑰Caller_Sk),導(dǎo)出Caller_Key公鑰Caller_Pk存放在變量callerSelfPublicKey中 */
    await generateAndExportPublicKey(callerKeyAlias, genCallerEcdhParams, true);

    /**
     * 4.設(shè)備A生成一個(gè)對稱密鑰Caller_Kek,該密鑰后續(xù)將用于加密To_Import_Key
     * 5.設(shè)備A基于Caller_Key的私鑰Caller_Sk和Wrapping_Key的公鑰Wrapping_Pk,協(xié)商出Shared_Key
     */
    await ImportKekAndAgreeSharedSecret(callerKekAliasAes256, importParamsCallerKek, callerKeyAlias, huksPubKey, callerAgreeParams);

    /**
     * 6.設(shè)備A使用Caller_Kek加密To_Import_Key,生成To_Import_Key_Enc
     * 7.設(shè)備A使用Shared_Key加密Caller_Kek,生成Caller_Kek_Enc
     */
    await EncryptImportedPlainKeyAndKek(importedAes192PlainKey);

    /* 8.設(shè)備A封裝Caller_Pk、To_Import_Key_Enc、Caller_Kek_Enc等加密導(dǎo)入的材料并發(fā)送給設(shè)備B。本示例作為變量存放在callerSelfPublicKey,PlainKeyEncData,KekEncData */
    let wrappedData = await BuildWrappedDataAndImportWrappedKey(importedAes192PlainKey);
    importWrappedAes192Params.inData = wrappedData;

    /* 9.設(shè)備B導(dǎo)入封裝的加密密鑰材料 */
    await publicImportWrappedKeyFunc(importedKeyAliasAes192, srcKeyAliasWrap, importWrappedAes192Params);

    /* 10.設(shè)備A、B刪除用于加密導(dǎo)入的密鑰 */
    await publicDeleteKeyItemFunc(srcKeyAliasWrap, genWrappingKeyParams);
    await publicDeleteKeyItemFunc(callerKeyAlias, genCallerEcdhParams);
    await publicDeleteKeyItemFunc(importedKeyAliasAes192, importWrappedAes192Params);
    await publicDeleteKeyItemFunc(callerKekAliasAes256, callerAgreeParams);
}

      調(diào)測驗(yàn)證

      調(diào)用[huks.isKeyItemExist]驗(yàn)證密鑰是否存在,如密鑰存在即表示密鑰導(dǎo)入成功。

      QQ截圖20240705210937.png

      `HarmonyOSOpenHarmony鴻蒙文檔籽料:mau123789是v直接拿`

import { huks } from "@kit.UniversalKeystoreKit";
/*
 * 確定密鑰別名和封裝密鑰屬性參數(shù)集
 */
let keyAlias = 'test_import_key_ecdh_aes192';
let isKeyExist:Boolean;
let keyProperties: Array< huks.HuksParam > = [{
    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
    value: huks.HuksKeyAlg.HUKS_ALG_AES,
}];
let huksOptions:huks.HuksOptions = {
    properties: keyProperties, // 非空填充
    inData: new Uint8Array(new Array()) // 非空填充
}
try {
    huks.isKeyItemExist(keyAlias, huksOptions, (error, data)= > {
        if (error) {
            console.error(`callback: isKeyItemExist failed, ${JSON.stringify(error)}`);
        } else {
            if (data !== null && data.valueOf() !== null) {
                isKeyExist = data.valueOf();
                console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`);
            }
        }
    });
} catch (error) {
    console.error(`callback: isKeyItemExist input arg invalid, ${JSON.stringify(error)}`);
}

      審核編輯 黃宇

      聲明:本文內(nèi)容及配圖由入駐作者撰寫或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人,不代表電子發(fā)燒友網(wǎng)立場。文章及其配圖僅供工程師學(xué)習(xí)之用,如有內(nèi)容侵權(quán)或者其他違規(guī)問題,請聯(lián)系本站處理。 舉報(bào)投訴
      • 密鑰
        +關(guān)注

        關(guān)注

        1

        文章

        134

        瀏覽量

        19658
      • 鴻蒙
        +關(guān)注

        關(guān)注

        56

        文章

        2267

        瀏覽量

        42489
      收藏 人收藏

        評論

        相關(guān)推薦

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù)簡介

        Universal Keystore Kit密鑰管理服務(wù),下述簡稱為HUKS)向業(yè)務(wù)/應(yīng)用提供
        的頭像 發(fā)表于 07-04 14:20 ?195次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b>簡介

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 生成密鑰ArkTS

        以生成DH密鑰為例,生成隨機(jī)密鑰。具體的場景介紹及支持的算法規(guī)格
        的頭像 發(fā)表于 07-05 15:17 ?212次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> 生成<b class='flag-5'>密鑰</b><b class='flag-5'>ArkTS</b>

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 密鑰導(dǎo)入介紹及算法規(guī)格

        如果業(yè)務(wù)在HUKS外部生成密鑰(比如應(yīng)用間協(xié)商生成、服務(wù)器端生成),業(yè)務(wù)可以將密鑰導(dǎo)入到HUKS中由HUKS進(jìn)行管理。
        的頭像 發(fā)表于 07-06 10:45 ?548次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>密鑰</b><b class='flag-5'>導(dǎo)入</b>介紹及算法規(guī)格

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 明文導(dǎo)入密鑰 ArkTS

        分別以導(dǎo)入AES256與RSA2048密鑰為例,具體的場景介紹及支持的算法規(guī)格
        的頭像 發(fā)表于 07-08 10:22 ?250次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> 明文<b class='flag-5'>導(dǎo)入</b><b class='flag-5'>密鑰</b> <b class='flag-5'>ArkTS</b>

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 明文導(dǎo)入密鑰C、C++

        以明文導(dǎo)入ECC密鑰為例。具體的場景介紹及支持的算法規(guī)格
        的頭像 發(fā)表于 07-08 10:01 ?213次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> 明文<b class='flag-5'>導(dǎo)入</b><b class='flag-5'>密鑰</b>C、C++

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 加密導(dǎo)入密鑰C、C++

        加密導(dǎo)入ECDH密鑰對為例,涉及業(yè)務(wù)側(cè)加密密鑰的[密鑰生成]、[協(xié)商]等操作不在本示例中體現(xiàn)。
        的頭像 發(fā)表于 07-08 15:26 ?241次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>加密</b><b class='flag-5'>導(dǎo)入</b><b class='flag-5'>密鑰</b>C、C++

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 密鑰使用介紹及通用流程

        為了實(shí)現(xiàn)對數(shù)據(jù)機(jī)密性、完整性等保護(hù),可使用生成/導(dǎo)入密鑰,對數(shù)據(jù)進(jìn)行密鑰操作
        的頭像 發(fā)表于 07-09 11:56 ?292次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b> <b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>密鑰</b>使用介紹及通用流程

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 密鑰協(xié)商ArkTS

        以協(xié)商密鑰類型為X25519 256,并密鑰僅在HUKS內(nèi)使用為例,完成密鑰協(xié)商。
        的頭像 發(fā)表于 07-10 09:22 ?211次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b> <b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>密鑰</b>協(xié)商<b class='flag-5'>ArkTS</b>

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 密鑰協(xié)商 C、C++

        以協(xié)商密鑰類型為ECDH,并密鑰僅在HUKS內(nèi)使用為例,完成密鑰協(xié)商。具體的場景介紹及支持的算法規(guī)格,請參考[密鑰生成支持的算法]。
        的頭像 發(fā)表于 07-10 14:27 ?217次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b> <b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>密鑰</b>協(xié)商 C、C++

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 密鑰派生C、C++

        以HKDF256密鑰為例,完成密鑰派生。具體的場景介紹及支持的算法規(guī)格,請參考[密鑰生成支持的算法]。
        的頭像 發(fā)表于 07-11 14:28 ?186次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b><b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> <b class='flag-5'>密鑰</b>派生C、C++

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) HMAC ArkTS

        HMAC是密鑰相關(guān)的哈希運(yùn)算消息認(rèn)證碼(Hash-based Message Authentication Code),是一種基于Hash函數(shù)和密鑰進(jìn)行消息認(rèn)證的方法。
        的頭像 發(fā)表于 07-12 18:22 ?503次閱讀

        鴻蒙開發(fā)Universal Keystore Kit密鑰管理服務(wù) 密鑰刪除ArkTS

        為保證數(shù)據(jù)安全性,當(dāng)不需要使用該密鑰時(shí),應(yīng)該刪除密鑰。
        的頭像 發(fā)表于 07-12 14:56 ?195次閱讀

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 獲取密鑰屬性ArkTS

        HUKS提供了接口供業(yè)務(wù)獲取指定密鑰的相關(guān)屬性。在獲取指定密鑰屬性前,需要確保已在HUKS中生成或導(dǎo)入持久化存儲(chǔ)的密鑰
        的頭像 發(fā)表于 07-17 10:46 ?216次閱讀

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 獲取密鑰屬性C C++

        HUKS提供了接口供業(yè)務(wù)獲取指定密鑰的相關(guān)屬性。在獲取指定密鑰屬性前,需要確保已在HUKS中生成或導(dǎo)入持久化存儲(chǔ)的密鑰。
        的頭像 發(fā)表于 07-17 09:47 ?204次閱讀
        <b class='flag-5'>鴻蒙</b><b class='flag-5'>開發(fā)</b>:<b class='flag-5'>Universal</b> <b class='flag-5'>Keystore</b> <b class='flag-5'>Kit</b> <b class='flag-5'>密鑰</b><b class='flag-5'>管理</b><b class='flag-5'>服務(wù)</b> 獲取<b class='flag-5'>密鑰</b>屬性C C++

        鴻蒙開發(fā)Universal Keystore Kit 密鑰管理服務(wù) 查詢密鑰別名集 ArkTS

        HUKS提供了接口供應(yīng)用查詢密鑰別名集。
        的頭像 發(fā)表于 07-18 09:34 ?207次閱讀