问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
开发者社区
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

HUKS用户认证通过PIN生成密钥?

头像
HarmonyOS码上奇行
    12.2k5282

    如题:HUKS用户认证通过PIN生成密钥?

    HarmonyOSharmonyosharmonyos-next
    阅读 454
    1 个回答
    得票最新
    头像
    HarmonyOS码上奇行
      12.2k5282

      功能场景描述及使用场景

      对于HUKS用于用户认证,依赖于IAM部件的能力,因此HUKS是可以通过生物特征和密码去进行用户认证。

      使用的核心API

      HuksAuthAccessType

      HuksUserAuthType

      核心代码解释

      //密钥属性中要注意在使用生物特征验证的时候使用的是
HuksAuthAccessType对应的属性是
HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD //安全访问控制类型为清除密码后密钥无效
HuksUserAuthType对应的属性是
HUKS_USER_AUTH_TYPE_PIN    //用户认证类型为PIN码
import huks from '@ohos.security.huks';
import { BusinessError } from '@ohos.base';
/*
* 确定密钥别名和封装密钥属性参数集
*/
let keyAlias = 'test_sm4_key_alias';
let properties: Array<huks.HuksParam> = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM4,
}
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
}
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128,
}
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC,
}
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
}
// 指定密钥身份认证的类型:PIN
properties[5] = {
tag: huks.HuksTag.HUKS_TAG_USER_AUTH_TYPE,
value: huks.HuksUserAuthType.HUKS_USER_AUTH_TYPE_PIN
}
// 指定密钥安全授权的类型(失效类型):安全访问控制类型为清除密码后密钥无效。
properties[6] = {
tag: huks.HuksTag.HUKS_TAG_KEY_AUTH_ACCESS_TYPE,
value: huks.HuksAuthAccessType.HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD
}
// 指定挑战值的类型:默认类型
properties[7] = {
tag: huks.HuksTag.HUKS_TAG_CHALLENGE_TYPE,
value: huks.HuksChallengeType.HUKS_CHALLENGE_TYPE_NORMAL
}
let huksOptions : huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(new Array())
}
/*
* 生成密钥
*/
class throwObject {
isThrow:boolean = false
}
function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) {
return new Promise<void>((resolve, reject) => {
  try {
    huks.generateKeyItem(keyAlias, huksOptions, (error, data) => {
      if (error) {
        reject(error);
      } else {
        resolve(data);
      }
    });
  } catch (error) {
    throwObject.isThrow = true;
    throw(error as Error);
  }
});
}
async function publicGenKeyFunc(keyAlias:string, huksOptions:huks.HuksOptions) {
console.info(`enter promise generateKeyItem`);
let throwObject : throwObject = {isThrow: false};
try {
  await generateKeyItem(keyAlias, huksOptions, throwObject)
    .then((data) => {
      console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`);
    })
    .catch((error : BusinessError) => {
      if (throwObject.isThrow) {
        throw(error as Error);
      } else {
        console.error(`promise: generateKeyItem failed` + error);
      }
    });
} catch (error) {
  console.error(`promise: generateKeyItem input arg invalid` + error);
}
}
export async function TestGenKeyForFingerprintAccessControl() {
await publicGenKeyFunc(keyAlias, huksOptions);
}

      下面代码是密码认证的代码:

      import huks from '@ohos.security.huks';
import userIAM_userAuth from '@ohos.userIAM.userAuth';
import { BusinessError } from '@ohos.base';
/*
* 确定密钥别名和封装密钥属性参数集
*/
let srcKeyAlias = 'sm4_key_fingerprint_access';
let handle : number;
let challenge : Uint8Array;
let fingerAuthToken : Uint8Array;
let authType = userIAM_userAuth.UserAuthType.PIN;
let authTrustLevel = userIAM_userAuth.AuthTrustLevel.ATL1;
/* 集成生成密钥参数集 & 加密参数集 */
let properties : Array<huks.HuksParam> = new Array();
properties[0] = {
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM4,
}
properties[1] = {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT,
}
properties[2] = {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM4_KEY_SIZE_128,
}
properties[3] = {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC,
}
properties[4] = {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE,
}
let huksOptions : huks.HuksOptions = {
properties: properties,
inData: new Uint8Array(new Array())
}
class throwObject {
isThrow:boolean=false
}
function initSession(keyAlias:string, huksOptions:huks.HuksOptions, throwObject:throwObject) {
return new Promise<huks.HuksSessionHandle>((resolve, reject) => {
  try {
    huks.initSession(keyAlias, huksOptions, (error, data) =>{
      if (error) {
        reject(error);
      } else {
        resolve(data);
      }
    });
  } catch (error) {
    throwObject.isThrow = true;
    throw(error as Error);
  }
});
}
async function publicInitFunc(keyAlias:string, huksOptions:huks.HuksOptions) {
console.info(`enter promise doInit`);
let throwObject : throwObject = {isThrow: false};
try {
  await initSession(keyAlias, huksOptions, throwObject)
    .then ((data) => {
      console.info(`promise: doInit success, data = ${JSON.stringify(data)}`);
      handle = data.handle;
      challenge = data.challenge as Uint8Array;
    })
    .catch((error : BusinessError) => {
      if (throwObject.isThrow) {
        throw(error as Error);
      } else {
        console.error(`promise: doInit failed` + error);
      }
    });
} catch (error) {
  console.error(`promise: doInit input arg invalid` + error);
}
}
function userIAMAuthFinger(huksChallenge:Uint8Array) {
// 获取认证对象
let authTypeList:userIAM_userAuth.UserAuthType[]= new Array();
authTypeList[0] = authType;
const authParam:userIAM_userAuth.AuthParam = {
  challenge: new Uint8Array([49, 49, 49, 49, 49, 49]),
  authType: authTypeList,
  authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1
};
const widgetParam:userIAM_userAuth.WidgetParam = {
  title: '请输入密码',
};
let auth : userIAM_userAuth.UserAuthInstance;
try {
  auth = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam);
  console.log("get auth instance success");
} catch (error) {
  console.error("get auth instance failed" + error);
  return;
}
// 订阅认证结果
try {
  auth.on("result", {
    onResult(result) {
      console.log("[HUKS] -> [IAM] userAuthInstance callback result = " + JSON.stringify(result));
      fingerAuthToken = result.token;
    }
  });
  console.log("subscribe authentication event success");
} catch (error) {
  console.error("subscribe authentication event failed " + error);
}
// 开始认证
try {
  auth.start();
  console.info("authV9 start auth success");
} catch (error) {
  console.error("authV9 start auth failed, error = " + error);
}
}
export async function testInitAndAuthFinger() {
/* 初始化密钥会话获取挑战值 */
await publicInitFunc(srcKeyAlias, huksOptions);
/* 调用userIAM进行身份认证 */
userIAMAuthFinger(challenge);
}

      说明:由于用户认证方式为密码输入,录屏中为黑屏的部分是输入密码的时间

      适配的版本信息

      • IDE:DevEco Studio 4.1.3.500
      • SDK:HarmoneyOS NEXT
      撰写回答
      你尚未登录,登录后可以
      • 和开发者交流问题的细节
      • 关注并接收问题和回答的更新提醒
      • 参与内容的编辑和改进,让解决方法与时俱进
      推荐问题