Group Key Overview
From API version 23, HUKS supports the group key function, which is used to share keys across HAP applications developed by the same developer.
When a group ID is specified for multiple HAP applications in the configuration, the applications can share the same group of key resources. This implements secure reuse of keys in the application ecosystem of a developer, eliminating the need to repeatedly generate or manually transfer keys and simplifying the key management process in cross-application encryption scenarios.
NOTE
- The group key function is supported only on standard devices
- A group key is strictly limited to the HAP applications in the same group of the same developer. The group containing different developers or different groups that the same developer belongs to cannot access each other's group key, ensuring key isolation and security.
Specifications
| Local Key Operation Supported | API Version | Description |
|---|---|---|
| Key generation | 23+ | A group key can be generated. |
| Key import | 23+ | A group key can be imported. |
| Encryption and decryption | 23+ | A group key can be used for encryption and decryption. |
| Signing and signature verification | 23+ | A group key can be used for signing and signature verification. |
| Key agreement | 23+ | A group key can be used for key agreement. |
| Key derivation | 23+ | A group key can be used for key derivation. |
| Access control | 23+ | A group key can be used for secondary access control. |
| HMAC | 23+ | A group key can be used for HMAC. |
| Key deletion | 23+ | A group key can be deleted. |
| Key attestation | 23+ | The validity of a group key can be attested. |
| Checking whether a key exists | 23+ | You can check whether a group key exists. |
| Key property obtaining | 23+ | You can query the properties of a group key. You can obtain DeveloperID and GroupID. |
| Key export | 23+ | A group key can be exported. |
| Querying key aliases | 23+ | The alias set of a group key can be queried. |