Exporting a Key (C/C++)
This topic walks you through on how to export the public key of a persistently stored asymmetric key. Currently, HUKS supports export of the ECC, RSA, Ed25519, X25519, and SM2 public keys.
NOTE
Mini-system devices support export of only the RSA public keys.
The Group Key feature is supported since API version 23.
Linking the Dynamic Library in the CMake Script
target_link_libraries(entry PUBLIC libhuks_ndk.z.so)
How to Develop
-
Set parameters.
- keyAlias: key alias encapsulated in an OH_Huks_Blob struct. The maximum length of the key alias is 128 bytes.
- paramSetIn: This parameter is reserved. Leave it empty.
- key: OH_Huks_Blob object used to hold the key exported. Ensure that there is enough memory for storing the key exported.
-
Call OH_Huks_GetKeyItemParamSet to pass in the preceding parameters.
-
Check the return value. If the operation is successful, the exported key is in the key field in the DER format defined in X.509. For details about the format, see Public Key Material Format. If the operation fails, an error code is returned.
#include "huks/native_huks_api.h"
#include "huks/native_huks_param.h"
#include "napi/native_api.h"
#include <cstring>
/* Generate an ECC key. */
OH_Huks_Result InitParamSet(struct OH_Huks_ParamSet **paramSet, const struct OH_Huks_Param *params,
uint32_t paramCount)
{
OH_Huks_Result ret = OH_Huks_InitParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS) {
return ret;
}
ret = OH_Huks_AddParams(*paramSet, params, paramCount);
if (ret.errorCode != OH_HUKS_SUCCESS) {
OH_Huks_FreeParamSet(paramSet);
return ret;
}
ret = OH_Huks_BuildParamSet(paramSet);
if (ret.errorCode != OH_HUKS_SUCCESS) {
OH_Huks_FreeParamSet(paramSet);
return ret;
}
return ret;
}
struct OH_Huks_Param g_testGenerateKeyParam[] = {{.tag = OH_HUKS_TAG_ALGORITHM, .uint32Param = OH_HUKS_ALG_ECC},
{.tag = OH_HUKS_TAG_PURPOSE, .uint32Param = OH_HUKS_KEY_PURPOSE_AGREE},
{.tag = OH_HUKS_TAG_KEY_SIZE, .uint32Param = OH_HUKS_ECC_KEY_SIZE_256},
{.tag = OH_HUKS_TAG_DIGEST, .uint32Param = OH_HUKS_DIGEST_NONE}};
static OH_Huks_Result GenerateKeyHelper(const char *alias)
{
struct OH_Huks_Blob aliasBlob = {.size = (uint32_t)strlen(alias), .data = (uint8_t *)alias};
struct OH_Huks_ParamSet *testGenerateKeyParamSet = nullptr;
struct OH_Huks_Result ohResult;
do {
/* 1. Initialize the key property set. */
ohResult = InitParamSet(&testGenerateKeyParamSet, g_testGenerateKeyParam,
sizeof(g_testGenerateKeyParam) / sizeof(OH_Huks_Param));
if (ohResult.errorCode != OH_HUKS_SUCCESS) {
break;
}
/* 2. Generate a key. */
ohResult = OH_Huks_GenerateKeyItem(&aliasBlob, testGenerateKeyParamSet, nullptr);
} while (0);
OH_Huks_FreeParamSet(&testGenerateKeyParamSet);
return ohResult;
}
static napi_value ExportKey(napi_env env, napi_callback_info info)
{
/* 1. Set the key alias. */
const char *alias = "test_key";
struct OH_Huks_Blob aliasBlob = { .size = (uint32_t)strlen(alias), .data = (uint8_t *)alias };
/* Generate a key. */
OH_Huks_Result genResult = GenerateKeyHelper(alias);
if (genResult.errorCode != OH_HUKS_SUCCESS) {
napi_value ret;
napi_create_int32(env, genResult.errorCode, &ret);
return ret;
}
/* Request the memory for holding the public key to be exported. */
uint8_t *pubKey = (uint8_t *)malloc(512); // Request memory based on the key size.
if (pubKey == nullptr) {
return nullptr;
}
struct OH_Huks_Blob keyBlob = { 256, pubKey };
struct OH_Huks_Result ohResult;
do {
ohResult = OH_Huks_ExportPublicKeyItem(&aliasBlob, nullptr, &keyBlob);
if (ohResult.errorCode != OH_HUKS_SUCCESS) {
break;
}
} while (0);
free(pubKey);
napi_value ret;
napi_create_int32(env, ohResult.errorCode, &ret);
return ret;
}