harmony 鸿蒙明文导入密钥(ArkTS)

  • 2025-06-16
  • 浏览 (6)

明文导入密钥(ArkTS)

分别以导入AES256与RSA2048密钥为例,具体的场景介绍及支持的算法规格,请参考密钥导入的支持的算法

开发步骤

  1. 指定密钥别名keyAlias。 密钥别名的最大长度为128字节。

  2. 封装密钥属性集和密钥材料。

  3. 调用huks.importKeyItem,传入密钥别名和密钥属性集,即可导入密钥。

    HuksParam和HuksOptions的含义参考:HuksParamHuksOptions

导入AES256密钥

/* 以下以导入AES256密钥的Callback操作使用为例 */
import { huks } from '@kit.UniversalKeystoreKit'

/* 密钥材料 */
let plainTextSize32 = new Uint8Array([
  0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca,
  0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3, 0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9
]);
/* 1.确定密钥别名 */
let keyAlias = 'AES256Alias_sample';

/* 2.封装密钥属性集和密钥材料 */
let properties: Array<huks.HuksParam> = [
  {
    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
    value: huks.HuksKeyAlg.HUKS_ALG_AES
  },
  {
    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
    value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256
  },
  {
    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
  },
]
let options: huks.HuksOptions = {
  properties: properties,
  inData: plainTextSize32
};
/* 3.明文导入密钥 */
try {
  huks.importKeyItem(keyAlias, options, (error, data) => {
    if (error) {
      console.error(`callback: importKeyItem failed` + JSON.stringify(error));
    } else {
      console.info(`callback: importKeyItem success`);
    }
  });
} catch (error) {
  console.error(`callback: importKeyItem input arg invalid` + JSON.stringify(error));
}

导入RSA2048密钥对

/* 以下以导入RSA2048密钥的Callback操作使用为例 */
import { huks } from '@kit.UniversalKeystoreKit'

let rsa2048KeyPairMaterial = new Uint8Array([
  0x01, 0x00, 0x00, 0x00, // 密钥算法(小端表示)huks.HuksKeyAlg.HUKS_ALG_RSA = 1
  0x00, 0x08, 0x00, 0x00, // 密钥大小(比特):2048
  0x00, 0x01, 0x00, 0x00, // 模数n长度(字节):256
  0x03, 0x00, 0x00, 0x00, // 公钥指数e长度(字节):3
  0x00, 0x01, 0x00, 0x00, // 私钥指数d长度(字节):256
  // 模数n
  0xc5, 0x35, 0x62, 0x48, 0xc4, 0x92, 0x87, 0x73, 0x0d, 0x42, 0x96, 0xfc, 0x7b, 0x11, 0x05, 0x06,
  0x0f, 0x8d, 0x66, 0xc1, 0x0e, 0xad, 0x37, 0x44, 0x92, 0x95, 0x2f, 0x6a, 0x55, 0xba, 0xec, 0x1d,
  0x54, 0x62, 0x0a, 0x4b, 0xd3, 0xc7, 0x05, 0xe4, 0x07, 0x40, 0xd9, 0xb7, 0xc2, 0x12, 0xcb, 0x9a,
  0x90, 0xad, 0xe3, 0x24, 0xe8, 0x5e, 0xa6, 0xf8, 0xd0, 0x6e, 0xbc, 0xd1, 0x69, 0x7f, 0x6b, 0xe4,
  0x2b, 0x4e, 0x1a, 0x65, 0xbb, 0x73, 0x88, 0x6b, 0x7c, 0xaf, 0x7e, 0xd0, 0x47, 0x26, 0xeb, 0xa5,
  0xbe, 0xd6, 0xe8, 0xee, 0x9c, 0xa5, 0x66, 0xa5, 0xc9, 0xd3, 0x25, 0x13, 0xc4, 0x0e, 0x6c, 0xab,
  0x50, 0xb6, 0x50, 0xc9, 0xce, 0x8f, 0x0a, 0x0b, 0xc6, 0x28, 0x69, 0xe9, 0x83, 0x69, 0xde, 0x42,
  0x56, 0x79, 0x7f, 0xde, 0x86, 0x24, 0xca, 0xfc, 0xaa, 0xc0, 0xf3, 0xf3, 0x7f, 0x92, 0x8e, 0x8a,
  0x12, 0x52, 0xfe, 0x50, 0xb1, 0x5e, 0x8c, 0x01, 0xce, 0xfc, 0x7e, 0xf2, 0x4f, 0x5f, 0x03, 0xfe,
  0xa7, 0xcd, 0xa1, 0xfc, 0x94, 0x52, 0x00, 0x8b, 0x9b, 0x7f, 0x09, 0xab, 0xa8, 0xa4, 0xf5, 0xb4,
  0xa5, 0xaa, 0xfc, 0x72, 0xeb, 0x17, 0x40, 0xa9, 0xee, 0xbe, 0x8f, 0xc2, 0xd1, 0x80, 0xc2, 0x0d,
  0x44, 0xa9, 0x59, 0x44, 0x59, 0x81, 0x3b, 0x5d, 0x4a, 0xde, 0xfb, 0xae, 0x24, 0xfc, 0xa3, 0xd9,
  0xbc, 0x57, 0x55, 0xc2, 0x26, 0xbc, 0x19, 0xa7, 0x9a, 0xc5, 0x59, 0xa3, 0xee, 0x5a, 0xef, 0x41,
  0x80, 0x7d, 0xf8, 0x5e, 0xc1, 0x1d, 0x32, 0x38, 0x41, 0x5b, 0xb6, 0x92, 0xb8, 0xb7, 0x03, 0x0d,
  0x3e, 0x59, 0x0f, 0x1c, 0xb3, 0xe1, 0x2a, 0x95, 0x1a, 0x3b, 0x50, 0x4f, 0xc4, 0x1d, 0xcf, 0x73,
  0x7c, 0x14, 0xca, 0xe3, 0x0b, 0xa7, 0xc7, 0x1a, 0x41, 0x4a, 0xee, 0xbe, 0x1f, 0x43, 0xdd, 0xf9,
  // 公钥指数e
  0x01, 0x00, 0x01,
  // 私钥指数d
  0x88, 0x4b, 0x82, 0xe7, 0xe3, 0xe3, 0x99, 0x75, 0x6c, 0x9e, 0xaf, 0x17, 0x44, 0x3e, 0xd9, 0x07,
  0xfd, 0x4b, 0xae, 0xce, 0x92, 0xc4, 0x28, 0x44, 0x5e, 0x42, 0x79, 0x08, 0xb6, 0xc3, 0x7f, 0x58,
  0x2d, 0xef, 0xac, 0x4a, 0x07, 0xcd, 0xaf, 0x46, 0x8f, 0xb4, 0xc4, 0x43, 0xf9, 0xff, 0x5f, 0x74,
  0x2d, 0xb5, 0xe0, 0x1c, 0xab, 0xf4, 0x6e, 0xd5, 0xdb, 0xc8, 0x0c, 0xfb, 0x76, 0x3c, 0x38, 0x66,
  0xf3, 0x7f, 0x01, 0x43, 0x7a, 0x30, 0x39, 0x02, 0x80, 0xa4, 0x11, 0xb3, 0x04, 0xd9, 0xe3, 0x57,
  0x23, 0xf4, 0x07, 0xfc, 0x91, 0x8a, 0xc6, 0xcc, 0xa2, 0x16, 0x29, 0xb3, 0xe5, 0x76, 0x4a, 0xa8,
  0x84, 0x19, 0xdc, 0xef, 0xfc, 0xb0, 0x63, 0x33, 0x0b, 0xfa, 0xf6, 0x68, 0x0b, 0x08, 0xea, 0x31,
  0x52, 0xee, 0x99, 0xef, 0x43, 0x2a, 0xbe, 0x97, 0xad, 0xb3, 0xb9, 0x66, 0x7a, 0xae, 0xe1, 0x8f,
  0x57, 0x86, 0xe5, 0xfe, 0x14, 0x3c, 0x81, 0xd0, 0x64, 0xf8, 0x86, 0x1a, 0x0b, 0x40, 0x58, 0xc9,
  0x33, 0x49, 0xb8, 0x99, 0xc6, 0x2e, 0x94, 0x70, 0xee, 0x09, 0x88, 0xe1, 0x5c, 0x4e, 0x6c, 0x22,
  0x72, 0xa7, 0x2a, 0x21, 0xdd, 0xd7, 0x1d, 0xfc, 0x63, 0x15, 0x0b, 0xde, 0x06, 0x9c, 0xf3, 0x28,
  0xf3, 0xac, 0x4a, 0xa8, 0xb5, 0x50, 0xca, 0x9b, 0xcc, 0x0a, 0x04, 0xfe, 0x3f, 0x98, 0x68, 0x81,
  0xac, 0x24, 0x53, 0xea, 0x1f, 0x1c, 0x6e, 0x5e, 0xca, 0xe8, 0x31, 0x0d, 0x08, 0x12, 0xf3, 0x26,
  0xf8, 0x5e, 0xeb, 0x10, 0x27, 0xae, 0xaa, 0xc3, 0xad, 0x6c, 0xc1, 0x89, 0xdb, 0x7d, 0x5a, 0x12,
  0x55, 0xad, 0x11, 0x19, 0xa1, 0xa9, 0x8f, 0x0b, 0x6d, 0x78, 0x8d, 0x1c, 0xdf, 0xe5, 0x63, 0x82,
  0x0b, 0x7d, 0x23, 0x04, 0xb4, 0x75, 0x8c, 0xed, 0x77, 0xfc, 0x1a, 0x85, 0x29, 0x11, 0xe0, 0x61,
]);

/* 1.确定密钥别名 */
let keyAlias = 'RSA_sample';
/* 2.封装密钥属性集和密钥材料 */
let properties: Array<huks.HuksParam> = [
  {
    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
    value: huks.HuksKeyAlg.HUKS_ALG_RSA
  },
  {
    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
  },
  {
    // 此 tag表示密钥导入后的用途,导入后将不可更改。
    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
  },
  {
    // 此 tag表示需导入的密钥类型。
    tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
    // 此 value表示导入密钥对,若改为HUKS_KEY_TYPE_PUBLIC_KEY时表示仅导入公钥。
    value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR
  },
]
let options: huks.HuksOptions = {
  properties: properties,
  inData: rsa2048KeyPairMaterial
};
/* 3.明文导入密钥 */
try {
  huks.importKeyItem(keyAlias, options, (error, data) => {
    if (error) {
      console.error(`callback: importKeyItem failed` + error);
    } else {
      console.info(`callback: importKeyItem success`);
    }
  });
} catch (error) {
  console.error(`callback: importKeyItem input arg invalid` + error);
}

导入X25519密钥公钥

/* 以下以导入X25519密钥的Callback操作使用为例 */
import { huks } from '@kit.UniversalKeystoreKit'
// X25519的公钥数据。X25519 密钥对中的私钥和公钥都是 32 字节(256 位),关于算法原理请自行参考相关密钥学资料。
let x25519KeyPubMaterial = new Uint8Array([
  0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00, 0xD2, 0x36, 0x9E, 0xCF,
  0xF0, 0x61, 0x5B, 0x73, 0xCE, 0x4F, 0xF0, 0x40, 0x2B, 0x89, 0x18, 0x3E, 0x06, 0x33, 0x60, 0xC6
]);

/* 1.确定密钥别名 */
let keyAlias = 'X25519_Pub_import_sample';
/* 2.封装密钥属性集和密钥材料 */
let properties: Array<huks.HuksParam> = [
  {
    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
    value: huks.HuksKeyAlg.HUKS_ALG_X25519
  },
  {
    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
    value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256
  },
  {
    // 此 tag表示密钥导入后的用途,导入后将不可更改。
    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
  },
  {
    // 此 tag表示需导入的密钥类型。
    tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE,
    // 此 value表示导入密钥的公钥,若改为HUKS_KEY_TYPE_KEY_PAIR时表示导入密钥对。
    value: huks.HuksImportKeyType.HUKS_KEY_TYPE_PUBLIC_KEY
  },
]
let options: huks.HuksOptions = {
  properties: properties,
  inData: x25519KeyPubMaterial
};
/* 3.明文导入密钥 */
try {
  huks.importKeyItem(keyAlias, options, (error, data) => {
    if (error) {
      console.error(`callback: importKeyItem failed` + error);
    } else {
      console.info(`callback: importKeyItem success`);
    }
  });
} catch (error) {
  console.error(`callback: importKeyItem input arg invalid` + error);
}

调测验证

调用huks.isKeyItemExist验证密钥是否存在,如密钥存在即表示密钥导入成功。

import { huks } from '@kit.UniversalKeystoreKit';

let keyAlias = 'AES256Alias_sample';
let isKeyExist = false;

let keyProperties: Array<huks.HuksParam> = [
  {
    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
    value: huks.HuksKeyAlg.HUKS_ALG_AES
  }
]
let huksOptions: huks.HuksOptions = {
  properties: keyProperties, // 非空填充。
  inData: new Uint8Array(new Array()) // 非空填充。
}
try {
  huks.isKeyItemExist(keyAlias, huksOptions, (error, data) => {
    if (error) {
      console.error(`callback: isKeyItemExist failed, ` + JSON.stringify(error));
    } else {
      if (data !== null && data.valueOf() !== null) {
        isKeyExist = data.valueOf();
        console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`);
      }
    }
  });
} catch (error) {
  console.error(`callback: isKeyItemExist input arg invalid, ` + JSON.stringify(error));
}

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Universal Keystore Kit(密钥管理服务)

harmony 鸿蒙指定用户身份操作(仅对系统应用开放)

harmony 鸿蒙查询密钥是否存在(ArkTS)

harmony 鸿蒙查询密钥是否存在(C/C++)

harmony 鸿蒙通用密钥库基础概念

harmony 鸿蒙密钥删除(ArkTS)

harmony 鸿蒙密钥删除(C/C++)

harmony 鸿蒙加解密(ArkTS)

harmony 鸿蒙加解密(C/C++)

harmony 鸿蒙加密/解密介绍及算法规格

0  赞