HUKS用户认证通过PIN生成密钥

对于HUKS用于用户认证，依赖于IAM部件的能力，因此HUKS是可以通过生物特征和密码去进行用户认证。

HarmonyOS

roseprodigal

2024-05-28 21:25:54

浏览

回答 1

按赞同

按时间

走在河边捡到鱼

使用的核心API

HuksAuthAccessType

HuksUserAuthType

核心代码解释

//密钥属性中要注意在使用生物特征验证的时候使用的是 
HuksAuthAccessType对应的属性是 
HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD //安全访问控制类型为清除密钥后密钥无效 
HuksUserAuthType对应的属性是 
HUKS_USER_AUTH_TYPE_PIN    //用户认证类型为PIN码 
import huks from '@ohos.security.huks'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let keyAlias = 'test_sm4_key_alias'; 
let properties: Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
// 指定密钥身份认证的类型：PIN 
properties[5] = { 
tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE, 
value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_PIN 
} 
// 指定密钥安全授权的类型（失效类型）：安全访问控制类型为清除密钥后密钥无效。 
properties[6] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE, 
value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD 
} 
// 指定挑战值的类型：默认类型 
properties[7] = { 
tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE, 
value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
/* 
* 生成密钥 
*/ 
class throwObject { 
isThrow:boolean = false 
} 
function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 
return new Promise<void>((resolve, reject) => { 
  try { 
    huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicGenKeyFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise generateKeyItem`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await generateKeyItem(keyAlias, huksOptions, throwObject) 
    .then((data) => { 
      console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: generateKeyItem failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: generateKeyItem input arg invalid` + error); 
} 
} 
export async function TestGenKeyForFingerprintAccessControl() { 
await publicGenKeyFunc(keyAlias, huksOptions); 
}1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.

下面代码是密钥认证的代码:

import huks from '@ohos.security.huks'; 
import userIAM_userAuth from '@ohos.userIAM.userAuth'; 
import { BusinessError } from '@ohos.base'; 
/* 
* 确定密钥别名和封装密钥属性参数集 
*/ 
let srcKeyAlias = 'sm4_key_fingerprint_access'; 
let handle : number; 
let challenge : Uint8Array; 
let fingerAuthToken : Uint8Array; 
let authType = userIAM_userAuth.UserAuthType.PIN; 
let authTrustLevel = userIAM_userAuth.AuthTrustLevel.ATL1; 
/* 集成生成密钥参数集 & 加密参数集 */ 
let properties : Array<huks.HuksParam> = new Array(); 
properties[0] = { 
tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
value: huks.HuksKeyAlg.HUKS_ALG_SM4, 
} 
properties[1] = { 
tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 
} 
properties[2] = { 
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128, 
} 
properties[3] = { 
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
value: huks.HuksCipherMode.HUKS_MODE_CBC, 
} 
properties[4] = { 
tag: huks.HuksTag.HUKS_TAG_PADDING, 
value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 
} 
let huksOptions : huks.HuksOptions = { 
properties: properties, 
inData: new Uint8Array(new Array()) 
} 
class throwObject { 
isThrow:boolean=false 
} 
function initSession(keyAlias:string, huksOptions:huks.HuksOptions, throwObject:throwObject) { 
return new Promise<huks.HuksSessionHandle>((resolve, reject) => { 
  try { 
    huks.initSession(keyAlias, huksOptions, (error, data) =>{ 
      if (error) { 
        reject(error); 
      } else { 
        resolve(data); 
      } 
    }); 
  } catch (error) { 
    throwObject.isThrow = true; 
    throw(error as Error); 
  } 
}); 
} 
async function publicInitFunc(keyAlias:string, huksOptions:huks.HuksOptions) { 
console.info(`enter promise doInit`); 
let throwObject : throwObject = {isThrow: false}; 
try { 
  await initSession(keyAlias, huksOptions, throwObject) 
    .then ((data) => { 
      console.info(`promise: doInit success, data = ${JSON.stringify(data)}`); 
      handle = data.handle; 
      challenge = data.challenge as Uint8Array; 
    }) 
    .catch((error : BusinessError) => { 
      if (throwObject.isThrow) { 
        throw(error as Error); 
      } else { 
        console.error(`promise: doInit failed` + error); 
      } 
    }); 
} catch (error) { 
  console.error(`promise: doInit input arg invalid` + error); 
} 
} 
function userIAMAuthFinger(huksChallenge:Uint8Array) { 
// 获取认证对象 
let authTypeList:userIAM_userAuth.UserAuthType[]= new Array(); 
authTypeList[0] = authType; 
const authParam:userIAM_userAuth.AuthParam = { 
  challenge: new Uint8Array([49, 49, 49, 49, 49, 49]), 
  authType: authTypeList, 
  authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1 
}; 
const widgetParam:userIAM_userAuth.WidgetParam = { 
  title: '请输入密钥', 
}; 
let auth : userIAM_userAuth.UserAuthInstance; 
try { 
  auth = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam); 
  console.log("get auth instance success"); 
} catch (error) { 
  console.error("get auth instance failed" + error); 
  return; 
} 
// 订阅认证结果 
try { 
  auth.on("result", { 
    onResult(result) { 
      console.log("[HUKS] -> [IAM] userAuthInstance callback result = " + JSON.stringify(result)); 
      fingerAuthToken = result.token; 
    } 
  }); 
  console.log("subscribe authentication event success"); 
} catch (error) { 
  console.error("subscribe authentication event failed " + error); 
} 
// 开始认证 
try { 
  auth.start(); 
  console.info("authV9 start auth success"); 
} catch (error) { 
  console.error("authV9 start auth failed, error = " + error); 
} 
} 
export async function testInitAndAuthFinger() { 
/* 初始化密钥会话获取挑战值 */ 
await publicInitFunc(srcKeyAlias, huksOptions); 
/* 调用userIAM进行身份认证 */ 
userIAMAuthFinger(challenge); 
}1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.

说明：由于用户认证方式为密钥输入，录屏中为黑屏的部分是输入密钥的时间

适配的版本信息

IDE：DevEco Studio 4.1.3.500
SDK：HarmoneyOS NEXT

2024-05-29 22:36:26

如何写精华回答，获更多曝光？

发布

51CTO

51CTO博客

51CTO学堂

HUKS用户认证通过PIN生成密钥

订阅鸿蒙技术特刊，精选内容抢先看