1# 匿名密钥证明(ArkTS)
2
3在使用本功能时,需确保网络通畅。
4
5## 开发步骤
6
71. 确定密钥别名keyAlias,密钥别名最大长度为128字节。
8
92. 初始化参数集。
10
11   [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。
12
133. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。
14
154. 将密钥别名与参数集作为参数传入[huks.anonAttestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksanonattestkeyitem11)方法中,即可证明密钥。
16
17```ts
18/*
19 * 以下以anonAttestKey的Promise接口操作验证为例
20 */
21import { huks } from '@kit.UniversalKeystoreKit';
22
23/* 1.确定密钥别名 */
24let keyAliasString = "key anon attest";
25let aliasString = keyAliasString;
26let aliasUint8 = StringToUint8Array(keyAliasString);
27let securityLevel = StringToUint8Array('sec_level');
28let challenge = StringToUint8Array('challenge_data');
29let versionInfo = StringToUint8Array('version_info');
30let anonAttestCertChain: Array<string>;
31
32class throwObject {
33  isThrow: boolean = false;
34}
35
36/* 封装生成时的密钥参数集 */
37let genKeyProperties: Array<huks.HuksParam> = [
38  {
39    tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
40    value: huks.HuksKeyAlg.HUKS_ALG_RSA
41  },
42  {
43    tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
44    value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
45  },
46  {
47    tag: huks.HuksTag.HUKS_TAG_PURPOSE,
48    value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
49  },
50  {
51    tag: huks.HuksTag.HUKS_TAG_DIGEST,
52    value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
53  },
54  {
55    tag: huks.HuksTag.HUKS_TAG_PADDING,
56    value: huks.HuksKeyPadding.HUKS_PADDING_PSS
57  },
58  {
59    tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE,
60    value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT
61  },
62  {
63    tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
64    value: huks.HuksCipherMode.HUKS_MODE_ECB
65  }
66]
67let genOptions: huks.HuksOptions = {
68  properties: genKeyProperties
69};
70
71/* 2.封装证明密钥的参数集 */
72let anonAttestKeyProperties: Array<huks.HuksParam> = [
73  {
74    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
75    value: securityLevel
76  },
77  {
78    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE,
79    value: challenge
80  },
81  {
82    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO,
83    value: versionInfo
84  },
85  {
86    tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS,
87    value: aliasUint8
88  }
89]
90let huksOptions: huks.HuksOptions = {
91  properties: anonAttestKeyProperties
92};
93
94function StringToUint8Array(str: string) {
95  let arr: number[] = [];
96  for (let i = 0, j = str.length; i < j; ++i) {
97    arr.push(str.charCodeAt(i));
98  }
99  return new Uint8Array(arr);
100}
101
102function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) {
103  return new Promise<void>((resolve, reject) => {
104    try {
105      huks.generateKeyItem(keyAlias, huksOptions, (error, data) => {
106        if (error) {
107          reject(error);
108        } else {
109          resolve(data);
110        }
111      });
112    } catch (error) {
113      throwObject.isThrow = true;
114      throw (error as Error);
115    }
116  });
117}
118
119/* 3.生成密钥 */
120async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) {
121  console.info(`enter promise generateKeyItem`);
122  let throwObject: throwObject = { isThrow: false };
123  try {
124    await generateKeyItem(keyAlias, huksOptions, throwObject)
125      .then((data) => {
126        console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
127      })
128      .catch((error: Error) => {
129        if (throwObject.isThrow) {
130          throw (error as Error);
131        } else {
132          console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`);
133        }
134      });
135  } catch (error) {
136    console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`);
137  }
138}
139
140/* 4.证明密钥 */
141function anonAttestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) {
142  return new Promise<huks.HuksReturnResult>((resolve, reject) => {
143    try {
144      huks.anonAttestKeyItem(keyAlias, huksOptions, (error, data) => {
145        if (error) {
146          reject(error);
147        } else {
148          resolve(data);
149        }
150      });
151    } catch (error) {
152      throwObject.isThrow = true;
153      throw (error as Error);
154    }
155  });
156}
157
158async function publicAnonAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) {
159  console.info(`enter promise anonAttestKeyItem`);
160  let throwObject: throwObject = { isThrow: false };
161  try {
162    await anonAttestKeyItem(keyAlias, huksOptions, throwObject)
163      .then((data) => {
164        console.info(`promise: anonAttestKeyItem success, data = ${JSON.stringify(data)}`);
165        if (data !== null && data.certChains !== null) {
166          anonAttestCertChain = data.certChains as string[];
167        }
168      })
169      .catch((error: Error) => {
170        if (throwObject.isThrow) {
171          throw (error as Error);
172        } else {
173          console.error(`promise: anonAttestKeyItem failed, ${JSON.stringify(error)}`);
174        }
175      });
176  } catch (error) {
177    console.error(`promise: anonAttestKeyItem input arg invalid, ${JSON.stringify(error)}`);
178  }
179}
180
181async function AnonAttestKeyTest() {
182  await publicGenKeyFunc(aliasString, genOptions);
183  await publicAnonAttestKey(aliasString, huksOptions);
184  console.info('anon attest certChain data: ' + anonAttestCertChain)
185}
186```
187