harmony 鸿蒙Specifying the User for Key Operations (for System Applications Only)

2025-06-12
浏览 (18)

Specifying the User for Key Operations (for System Applications Only)

To implement isolation and access control for key data, HUKS provides APIs with the user ID specified for concurrent key operations initiated by multiple users. >NOTE
> The mini-system devices do not support the operation described in this topic.

Constraints

The range of the caller’s user ID is 0 to 99, including 0 and 99.
The APIs are available only for system applications.

Available APIs

APIs with the userId parameter are provided as enhancement to existing APIs.

When using these APIs, observe the following:

You can pass in HUKS_TAG_AUTH_STORAGE_LEVEL in options to specify the security level for the key stored.
If HUKS_TAG_AUTH_STORAGE_LEVEL is not specified in options, the key can be accessed only after the first unlock of the device by default, which is equivalent to passing in HUKS_AUTH_STORAGE_LEVEL_CE.

The algorithm specifications and the usage of the APIs are the same as those of the APIs without userId.

API with userId	Description	API Without userId
generateKeyItemAsUser	Generates a key.	generateKeyItem
deleteKeyItemAsUser	Deletes a key.	deleteKeyItem
importKeyItemAsUser	Imports a key in plaintext.	importKeyItem
importWrappedKeyItemAsUser	Imports an encrypted key.	importWrappedKeyItem
exportKeyItemAsUser	Exports a key.	exportKeyItem
getKeyItemPropertiesAsUser	Obtains key properties.	getKeyItemProperties
hasKeyItemAsUser	Checks whether a key exists.	hasKeyItem
initSessionAsUser	Initializes a key session.	initSession in encryption and decryption, signing and signature verification, key agreement, and key derivation
attestKeyItemAsUser	Performs non-anonymous key attestation.	attestKeyItem
anonAttestKeyItemAsUser	Performs anonymous key attestation.	anonAttestKeyItem