harmony 鸿蒙Security Subsystem Changelog
Security Subsystem Changelog
cl.security.1 Change of setSeed() from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: setSeed(seed : DataBlob, callback : AsyncCallback<void>) : void; setSeed(seed : DataBlob) : Promise<void>; API after the change: setSeed(seed : DataBlob) : void;
Adaptation Guide See setSeed() in the following: Crypto Framework
cl.security.2 Move of DataArray from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved DataArray from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.3 Move of EncodingFormat from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved EncodingFormat from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.4 Move of EncodingBlob from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved EncodingBlob from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.5 Move of CertChainData from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved interface CertChainData from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.6 Move of X509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved X509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.7 Move of createX509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved createX509Cert from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.8 Move of X509CrlEntry from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved X509CrlEntry from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.9 Move of X509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved X509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.10 Move of createX509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved createX509Crl from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.11 Move of CertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved CertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.12 Move of createCertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes Moved createCertChainValidator from @ohos.security.cryptoFramework.d.ts to @ohos.security.cert.d.ts.
Adaptation Guide Import and use the new .d.ts file: import cryptoCert from ‘@ohos.security.cert’; See the following API reference: Certificate
cl.security.13 Change of getPublicKey() of X509Cert from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getPublicKey(callback : AsyncCallback<PubKey>) : void; getPublicKey() : Promise<PubKey>; API after the change: getPublicKey() : cryptoFramework.PubKey;
Adaptation Guide See the following API reference: Certificate
cl.security.14 Change of checkValidityWithDate of X509Cert from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: checkValidityWithDate(date: string, callback : AsyncCallback<void>) : void; checkValidityWithDate(date: string) : Promise<void>; API after the change: checkValidityWithDate(date: string) : void;
Adaptation Guide See the following API reference: Certificate
cl.security.15 Change of getCertIssuer of X509CrlEntry from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getCertIssuer(callback : AsyncCallback<DataBlob>) : void; getCertIssuer() : Promise<DataBlob>;
API after the change: getCertIssuer() : DataBlob;
Adaptation Guide See the following API reference: Certificate
cl.security.16 Change of getRevocationDate of X509CrlEntry from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getRevocationDate(callback : AsyncCallback<string>) : void; getRevocationDate() : Promise<string>;
API after the change: getRevocationDate() : string;
Adaptation Guide See the following API reference: Certificate
cl.security.17 Change of isRevoked of X509Crl from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: isRevoked(cert : X509Cert, callback : AsyncCallback<boolean>) : void; isRevoked(cert : X509Cert) : Promise<boolean>;
API after the change: isRevoked(cert : X509Cert) : boolean;
Adaptation Guide See the following API reference: Certificate
cl.security.18 Change of getRevokedCert of X509Crl from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getRevokedCert(serialNumber : number, callback : AsyncCallback<X509CrlEntry>) : void; getRevokedCert(serialNumber : number) : Promise<X509CrlEntry>;
API after the change: getRevokedCert(serialNumber : number) : X509CrlEntry;
Adaptation Guide See the following API reference: Certificate
cl.security.19 Change of getRevokedCertWithCert of X509Crl from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getRevokedCertWithCert(cert : X509Cert, callback : AsyncCallback<X509CrlEntry>) : void; getRevokedCertWithCert(cert : X509Cert) : Promise<X509CrlEntry>;
API after the change: getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry;
Adaptation Guide See the following API reference: Certificate
cl.security.20 Change of getTbsInfo of X509Crl from Asynchronous to Synchronous
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that it can be properly compiled in the SDK environment of the new version.
Key API/Component Changes API before the change: getTbsInfo(callback : AsyncCallback<DataBlob>) : void; getTbsInfo() : Promise<DataBlob>;
API after the change: getTbsInfo() : DataBlob;
Adaptation Guide See the following API reference: Certificate
cl.security.21 Support of No-Hash Signing Mode for HUKS
Before the change, the application passes huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE and HUKS uses huks.HuksKeyDigest.HUKS_DIGEST_SHA256 for processing by default. After the change, the application passes huks.HuksTag.HUKS_TAG_DIGEST = huks.HuksKeyDigest.HUKS_DIGEST_NONE and HUKS does not generate a digest by default. Instead, the service performs a hash operation on the original data and then passes a hashed digest to HUKS for signing or signature verification.
Change Impact
Behavior of released JavaScript APIs will be changed. The application needs to adapt these APIs so that the signing or signature verification result can be passed before and after the change.
Key API/Component Changes
Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed.
The service uses the No-Hash signing mode, and hashes the original data and then passes a hashed digest to the signing or signature verification API of HUKS. In addition, the huks.HuksTag.HUKS_TAG_DIGEST parameter is set to huks.HuksKeyDigest.HUKS_DIGEST_NONE.
Adaptation Guide
The following uses signing as an example.
import huks from '@ohos.security.huks';
let keyAlias = 'rsa_Key';
/* Digest value after SHA-256 encryption */
let inDataAfterSha256 = new Uint8Array(
0x4B, 0x1E, 0x22, 0x64, 0xA9, 0x89, 0x60, 0x1D, 0xEC, 0x78, 0xC0, 0x5D, 0xBE, 0x46, 0xAD, 0xCF,
0x1C, 0x35, 0x16, 0x11, 0x34, 0x01, 0x4E, 0x9B, 0x7C, 0x00, 0x66, 0x0E, 0xCA, 0x09, 0xC0, 0xF3,
);
/* Signing parameters */
let signProperties = new Array();
signProperties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA,
}
signProperties[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN
}
signProperties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048,
}
signProperties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, // Set digest-none.
}
let signOptions = {
properties: signProperties,
inData: inDataAfterSha256 // Set the value after hashing.
}
huks.initSession(keyAlias, signOptions);
For for information about the sample code, see HUKS Development and HUKS.
cl.security.22 Support for Key Calculation Parameter Specifications During Key Usage
Before the change, all parameters for key calculation must be specified when the application generates a key. After the change, only mandatory parameters need to be specified when the application generates a key, and other parameters can be passed in when the key is used. The application can specify key calculation parameters more flexibly.
Change Impact
Behavior of released JavaScript APIs will be changed.
The application can specify only mandatory parameters when creating a key and specify other optional parameters when using the key.
Key API/Component Changes
Released JavaScript APIs remain unchanged, but parameter sets passed to the APIs are changed and parameters are classified into mandatory parameters and optional parameters. For details, see HUKS Development.
huks.generateKeyItem
huks.importKeyItem
huks.importWrappedKeyItem
huks.initSession
huks.updateSession
huks.finishSession
Adaptation Guide
The following uses the key generation process as an example.
let keyAlias = 'keyAlias';
let properties = new Array();
// Mandatory parameter.
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
};
// Mandatory parameter.
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
};
// Mandatory parameter.
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value:
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY
};
// Optional parameter. If this parameter is not specified when a key is generated, it must be specified when the key is used.
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
};
let options = {
properties: properties
};
try {
huks.generateKeyItem(keyAlias, options, function (error, data) {
if (error) {
console.error(`callback: generateKeyItem failed, code: ${error.code}, msg: ${error.message}`);
} else {
console.info(`callback: generateKeyItem key success`);
}
});
} catch (error) {
console.error(`callback: generateKeyItem input arg invalid, code: ${error.code}, msg: ${error.message}`);
}
For for information about the sample code, see HUKS Development and HUKS.
你可能感兴趣的鸿蒙文章
harmony 鸿蒙Example Subsystem Changelog
harmony 鸿蒙Ability Framework Changelog
harmony 鸿蒙Account Subsystem Changelog
harmony 鸿蒙ArkUI Subsystem ChangeLog
harmony 鸿蒙Multimedia Subsystem Changelog
harmony 鸿蒙Common Library Subsystem Changelog
harmony 鸿蒙Distributed Data Management Subsystem JS API Changelog
- 所属分类: 后端技术
- 本文标签:
热门推荐
-
2、 - 优质文章
-
3、 gate.io
-
8、 golang
-
9、 openharmony
-
10、 Vue中input框自动聚焦