1# 匿名密钥证明(ArkTS) 2 3在使用本功能时,需确保网络通畅。 4 5## 开发步骤 6 71. 确定密钥别名keyAlias,密钥别名最大长度为128字节。 8 92. 初始化参数集。 10 11 [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。 12 133. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。 14 154. 将密钥别名与参数集作为参数传入[huks.anonAttestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksanonattestkeyitem11)方法中,即可证明密钥。 16 17```ts 18/* 19 * 以下以anonAttestKey的Promise接口操作验证为例 20 */ 21import { huks } from '@kit.UniversalKeystoreKit'; 22 23/* 1.确定密钥别名 */ 24let keyAliasString = "key anon attest"; 25let aliasString = keyAliasString; 26let aliasUint8 = StringToUint8Array(keyAliasString); 27let securityLevel = StringToUint8Array('sec_level'); 28let challenge = StringToUint8Array('challenge_data'); 29let versionInfo = StringToUint8Array('version_info'); 30let anonAttestCertChain: Array<string>; 31 32class throwObject { 33 isThrow: boolean = false; 34} 35 36/* 封装生成时的密钥参数集 */ 37let genKeyProperties: Array<huks.HuksParam> = [ 38 { 39 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 40 value: huks.HuksKeyAlg.HUKS_ALG_RSA 41 }, 42 { 43 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 44 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 45 }, 46 { 47 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 48 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 49 }, 50 { 51 tag: huks.HuksTag.HUKS_TAG_DIGEST, 52 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 53 }, 54 { 55 tag: huks.HuksTag.HUKS_TAG_PADDING, 56 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 57 }, 58 { 59 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 60 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 61 }, 62 { 63 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 64 value: huks.HuksCipherMode.HUKS_MODE_ECB 65 } 66] 67let genOptions: huks.HuksOptions = { 68 properties: genKeyProperties 69}; 70 71/* 2.封装证明密钥的参数集 */ 72let anonAttestKeyProperties: Array<huks.HuksParam> = [ 73 { 74 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 75 value: securityLevel 76 }, 77 { 78 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 79 value: challenge 80 }, 81 { 82 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 83 value: versionInfo 84 }, 85 { 86 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 87 value: aliasUint8 88 } 89] 90let huksOptions: huks.HuksOptions = { 91 properties: anonAttestKeyProperties 92}; 93 94function StringToUint8Array(str: string) { 95 let arr: number[] = []; 96 for (let i = 0, j = str.length; i < j; ++i) { 97 arr.push(str.charCodeAt(i)); 98 } 99 return new Uint8Array(arr); 100} 101 102function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 103 return new Promise<void>((resolve, reject) => { 104 try { 105 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 106 if (error) { 107 reject(error); 108 } else { 109 resolve(data); 110 } 111 }); 112 } catch (error) { 113 throwObject.isThrow = true; 114 throw (error as Error); 115 } 116 }); 117} 118 119/* 3.生成密钥 */ 120async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 121 console.info(`enter promise generateKeyItem`); 122 let throwObject: throwObject = { isThrow: false }; 123 try { 124 await generateKeyItem(keyAlias, huksOptions, throwObject) 125 .then((data) => { 126 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 127 }) 128 .catch((error: Error) => { 129 if (throwObject.isThrow) { 130 throw (error as Error); 131 } else { 132 console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`); 133 } 134 }); 135 } catch (error) { 136 console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`); 137 } 138} 139 140/* 4.证明密钥 */ 141function anonAttestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 142 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 143 try { 144 huks.anonAttestKeyItem(keyAlias, huksOptions, (error, data) => { 145 if (error) { 146 reject(error); 147 } else { 148 resolve(data); 149 } 150 }); 151 } catch (error) { 152 throwObject.isThrow = true; 153 throw (error as Error); 154 } 155 }); 156} 157 158async function publicAnonAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 159 console.info(`enter promise anonAttestKeyItem`); 160 let throwObject: throwObject = { isThrow: false }; 161 try { 162 await anonAttestKeyItem(keyAlias, huksOptions, throwObject) 163 .then((data) => { 164 console.info(`promise: anonAttestKeyItem success, data = ${JSON.stringify(data)}`); 165 if (data !== null && data.certChains !== null) { 166 anonAttestCertChain = data.certChains as string[]; 167 } 168 }) 169 .catch((error: Error) => { 170 if (throwObject.isThrow) { 171 throw (error as Error); 172 } else { 173 console.error(`promise: anonAttestKeyItem failed, ${JSON.stringify(error)}`); 174 } 175 }); 176 } catch (error) { 177 console.error(`promise: anonAttestKeyItem input arg invalid, ${JSON.stringify(error)}`); 178 } 179} 180 181async function AnonAttestKeyTest() { 182 await publicGenKeyFunc(aliasString, genOptions); 183 await publicAnonAttestKey(aliasString, huksOptions); 184 console.info('anon attest certChain data: ' + anonAttestCertChain) 185} 186``` 187