Encryption/Decryption Introduction and Algorithm Specifications
Note:
Currently in the beta phase.
In HUKS, when a key already exists, both encryption and decryption operations on data can be performed using HUKS.
Supported Algorithms
The following are the specifications for key encryption/decryption operations.
For OpenHarmony vendor adaptation, the Key Management Service specifications are divided into mandatory and optional specifications. Mandatory specifications are algorithm specifications supported by all vendors. For optional specifications, vendors decide whether to implement them based on actual circumstances. If needed, please refer to the specific vendor's documentation to ensure compatibility before use.
Developers are advised to use mandatory specifications for application development to ensure full platform compatibility.
Standard Device Specifications
| Algorithm/Block Mode/Padding Mode | Remarks | API Level | Mandatory Specification |
|---|---|---|---|
| AES/ECB/NoPadding AES/ECB/PKCS7 |
In ECB mode, if NoPadding is selected, the plaintext data must be encrypted in fixed-length blocks. If the input data length is not a multiple of 16, the application must handle padding to meet the block length requirement. | 15+ | No |
| AES/CBC/NoPadding AES/CBC/PKCS7 AES/CTR/NoPadding |
IV parameter is mandatory. In CBC mode, if NoPadding is selected, the plaintext data must be encrypted in fixed-length blocks. If the input data length is not a multiple of 16, the application must handle padding to meet the block length requirement. | 15+ | Yes |
| AES/GCM/NoPadding | Encryption: Nonce parameter is mandatory. Decryption: Nonce and TAG parameters are mandatory. |
15+ | Yes |
| RSA/ECB/NoPadding RSA/ECB/PKCS1_V1_5 RSA/ECB/OAEP |
Supported digest algorithms for OAEP padding mode: SHA256/SHA384/SHA512. | 15+ | Yes |
| SM4/ECB/NoPadding SM4/ECB/PKCS7 |
ECB mode is not recommended. | 15+ | No |
| SM4/CBC/PKCS7 | IV parameter is mandatory. | 15+ | Yes |
| SM4/CTR/NoPadding SM4/CBC/NoPadding SM4/CFB/NoPadding SM4/OFB/NoPadding |
IV parameter is mandatory. | 12+ | Yes |
| SM2/-/NoPadding | Digest algorithm SM3. | 11+ | Yes |
| DES/CBC/NoPadding DES/ECB/NoPadding |
IV parameter is mandatory in CBC mode. | 15+ | Yes |
| 3DES/CBC/NoPadding 3DES/ECB/NoPadding |
IV parameter is mandatory in CBC mode. | 15+ | Yes |
Lightweight Device Specifications
For the specifications listed for lightweight devices, OEM vendors will decide whether to implement them based on actual circumstances. If needed, please refer to the specific vendor's documentation to ensure compatibility before use.
| Algorithm/Block Mode/Padding Mode | Remarks | API Level |
|---|---|---|
| AES/GCM/NoPadding | Encryption: Nonce parameter is mandatory. Decryption: Nonce and TAG parameters are mandatory. |
15+ |
| AES/CBC/NoPadding AES/CTR/NoPadding |
IV parameter is mandatory. | 15+ |
| DES/ECB/NoPadding | - | 15+ |
| DES/CBC/NoPadding | IV parameter is mandatory. | 15+ |
| 3DES/ECB/NoPadding | - | 15+ |
| 3DES/CBC/NoPadding | IV parameter is mandatory. | 15+ |
| RSA/ECB/NoPadding | - | 15+ |
| RSA/ECB/PKCS1_V1_5 | - | 15+ |
| RSA/ECB/OAEP | Digest algorithm SHA256. | 15+ |