General Process of Using a Key

The key generated or imported can be used to perform the following operations to ensure data confidentiality and integrity:

• Encryption and decryption

• Signing and signature verification

• Key agreement

• Key derivation

This section provides examples of the preceding common key operations. Secondary access control is not configured in the following examples. For details about how to configure key access control, see HUKS Access Control Overview.

The Group Key feature is supported since API version 23.

General Development Process

HUKS operates data based on a key session. The general process is as follows:

1. (Mandatory) Initialize a key session using initSession.

   You need to pass in the key alias and key operation parameters. A session handle will be returned after the initialization. The key operation parameters must contain the parameters required by the cipher algorithm, including the cipher algorithm, key size, key purpose, working mode, padding mode, hash mode, IV, NONCE, and AAD.

2. (Optional) Process data by segment using updateSession.

   Process data by segment as required by the cryptographic algorithm in use or if the data to be processed exceeds 100 KB in size. Otherwise, skip this step.

3. (Mandatory) Finish the key session using finishSession.

   If the data is processes by segment, [huks.finishSession()] processes the last data segment and finishes the key session.

You can use abortSession to abort the session if an error occurs in any of the preceding steps or the current key operation data is not required.

NOTE

• For devices with small memory, you are advised to split data based on the storage capability of the device and cyclically call initSession and finishSession.
• The session duration refers to the interval between the initSession and finishSession calls. When the system memory is low, the system clears the timeout sessions. Therefore, the session duration should not be too long (not more than 1 minute).