From e068c2c0494aa71b87df8296cc15d3223b7d989f Mon Sep 17 00:00:00 2001 From: lcc Date: Tue, 5 Mar 2024 10:26:06 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=87=E6=A1=A3=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E7=AE=97=E6=B3=95=E5=BA=93=E9=80=82=E9=85=8D=E5=B1=82=E6=8F=90?= =?UTF-8?q?=E4=BE=9BJS=E5=AF=B9=E7=A7=B0=E5=AF=86=E9=92=A5=E7=94=9F?= =?UTF-8?q?=E6=88=90=E8=83=BD=E5=8A=9B=E7=9A=84=E5=90=8C=E6=AD=A5=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lcc --- .../js-apis-cryptoFramework.md | 82 +++++++++++++++++++ .../crypto-convert-binary-data-to-sym-key.md | 44 ++++++++++ .../crypto-generate-sym-key-randomly.md | 31 +++++++ 3 files changed, 157 insertions(+) diff --git a/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md b/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md index 13fe1adce25..7fada6d04c6 100644 --- a/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md +++ b/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md @@ -881,6 +881,43 @@ let symKeyGenerator = cryptoFramework.createSymKeyGenerator('AES128'); console.error(`Generate symKey failed, ${error.code}, ${error.message}`); }); ``` +### generateSymKeySync12+ + +generateSymKeySync(): SymKey + +同步获取对称密钥生成器随机生成的密钥。 + +必须在使用[createSymKeyGenerator](#cryptoframeworkcreatesymkeygenerator)创建对称密钥生成器后,才能使用本函数。 + +目前支持使用OpenSSL的RAND_priv_bytes()作为底层能力生成随机密钥。 + +> **说明:** +> +> 对于HMAC算法的对称密钥,如果已经在创建对称密钥生成器时指定了具体哈希算法(如指定“HMAC|SHA256”),则会随机生成与哈希长度一致的二进制密钥数据(如指定“HMAC|SHA256”会随机生成256位的密钥数据)。
如果在创建对称密钥生成器时没有指定具体哈希算法,如仅指定“HMAC”,则不支持随机生成对称密钥数据,可通过[convertKeySync](#convertkeySync)方式生成对称密钥数据。 + +**系统能力:** SystemCapability.Security.CryptoFramework + +**错误码:** +以下错误码的详细介绍请参见[crypto framework错误码](../errorcodes/errorcode-crypto-framework.md) + +| 错误码ID | 错误信息 | +| -------- | ------------- | +| 17620001 | memory error. | + +**示例:** + +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; + +function testGenerateSymKeySync() { + // 创建SymKeyGenerator实例 + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('AES256'); + // 使用密钥生成器随机生成对称密钥 + let key = symKeyGenerator.generateSymKeySync(); + let encodedKey = key.getEncoded(); + console.info('key hex:' + encodedKey.data); +} +``` ### convertKey @@ -990,6 +1027,51 @@ function testConvertKey() { }); } ``` +### convertKeySync12+ + +convertKeySync(key: DataBlob): SymKey + +同步根据指定数据生成对称密钥。 + +必须在使用[createSymKeyGenerator](#cryptoframeworkcreatesymkeygenerator)创建对称密钥生成器后,才能使用本函数。 + +> **说明:** +> +> 对于HMAC算法的对称密钥,如果已经在创建对称密钥生成器时指定了具体哈希算法(如指定“HMAC|SHA256”),则需要传入与哈希长度一致的二进制密钥数据(如传入SHA256对应256位的密钥数据)。
如果在创建对称密钥生成器时没有指定具体哈希算法,如仅指定“HMAC”,则支持传入长度在[1,4096]范围内(单位为byte)的任意二进制密钥数据。 + +**系统能力:** SystemCapability.Security.CryptoFramework + +**参数:** + +| 参数名 | 类型 | 必填 | 说明 | +| -------- | ------------------- | ---- | ---------------------| +| key | [DataBlob](#datablob) | 是 | 指定的对称密钥材料。 | + +**错误码:** +以下错误码的详细介绍请参见[crypto framework错误码](../errorcodes/errorcode-crypto-framework.md) + +| 错误码ID | 错误信息 | +| -------- | --------------------------------------------------- | +| 401 | invalid parameters. | +| 17620001 | memory error. | + +**示例:** + +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; + +function testConvertKeySync() { + // 对称密钥长度为64字节,512比特 + let keyMessage = '87654321abcdefgh87654321abcdefgh87654321abcdefgh87654321abcdefgh'; + let keyBlob: cryptoFramework.DataBlob = { + data : new Uint8Array(buffer.from(keyMessage, 'utf-8').buffer) + } + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); + let key = symKeyGenerator.convertKeySync(keyBlob); + let encodedKey = key.getEncoded(); + console.info('key encoded data:' + encodedKey.data); +} +``` ## cryptoFramework.createAsyKeyGenerator diff --git a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-convert-binary-data-to-sym-key.md b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-convert-binary-data-to-sym-key.md index fd86d071be2..4ca9725515f 100644 --- a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-convert-binary-data-to-sym-key.md +++ b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-convert-binary-data-to-sym-key.md @@ -16,6 +16,7 @@ 4. 调用[SymKey.getEncoded](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencoded),获取密钥对象的二进制数据。 +- 异步方法 以使用callback方式生成3DES密钥为例: ```ts @@ -56,6 +57,30 @@ function testConvertSymKey() { } ``` +- 同步方法 +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; + +function genKeyMaterialBlob(): cryptoFramework.DataBlob { + let arr = [ + 0xba, 0x3d, 0xc2, 0x71, 0x21, 0x1e, 0x30, 0x56, + 0xad, 0x47, 0xfc, 0x5a, 0x46, 0x39, 0xee, 0x7c, + 0xba, 0x3b, 0xc2, 0x71, 0xab, 0xa0, 0x30, 0x72]; // 密钥长度为192位,即24字节。 + let keyMaterial = new Uint8Array(arr); + return { data: keyMaterial }; +} + +function testConvertSymKey() { + // 创建SymKeyGenerator实例 + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('3DES192'); + // 根据指定的数据生成对称密钥 + let keyMaterialBlob = genKeyMaterialBlob(); + let key = symKeyGenerator.convertKeySync(keyMaterialBlob); + let encodedKey = key.getEncoded(); // 获取对称密钥的二进制数据,并以字节数组形式输出。长度为24字节 + console.info('key getEncoded hex' + encodedKey.data); +} +``` + ## 指定二进制数据转换HMAC密钥 @@ -69,6 +94,7 @@ function testConvertSymKey() { 4. 调用[SymKey.getEncoded](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencoded),获取密钥对象的二进制数据。 +- 异步方法 以使用await方式生成HMAC密钥为例: ```ts @@ -87,3 +113,21 @@ async function testConvertHmacKey() { console.info('key encoded data:' + encodedKey.data); } ``` + +- 同步方法 +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; +import buffer from '@ohos.buffer'; + +function testConvertKeySync() { + // 对称密钥长度为64字节,512比特 + let keyMessage = '12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh'; + let keyBlob: cryptoFramework.DataBlob = { + data : new Uint8Array(buffer.from(keyMessage, 'utf-8').buffer) + } + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('HMAC'); + let key = symKeyGenerator.convertKeySync(keyBlob); + let encodedKey = key.getEncoded(); + console.info('key encoded data:' + encodedKey.data); +} +``` diff --git a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-generate-sym-key-randomly.md b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-generate-sym-key-randomly.md index 98d8ad97591..32d8b380a02 100644 --- a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-generate-sym-key-randomly.md +++ b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-generate-sym-key-randomly.md @@ -17,6 +17,7 @@ 3. 调用[SymKey.getEncoded](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencoded),获取密钥对象的二进制数据。 +- 异步方法 以使用Promise方式随机生成AES密钥为例: ```ts @@ -35,6 +36,20 @@ function testGenerateAesKey() { } ``` +- 同步方法 +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; + +function testSyncGenerateAesKey() { + // 创建SymKeyGenerator实例 + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('AES256'); + // 使用密钥生成器随机生成对称密钥 + let promiseSymKey = symKeyGenerator.generateSymKeySync(); + // 获取对称密钥的二进制数据,输出256位密钥。长度为32字节 + let encodedKey = promiseSymKey.getEncoded(); + console.info('key hex:' + encodedKey.data); +} +``` ## 随机生成SM4密钥 @@ -47,6 +62,7 @@ function testGenerateAesKey() { 3. 调用[SymKey.getEncoded](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencoded),获取密钥对象的二进制数据。 +- 异步方法 以使用Promise方式随机生成SM4密钥为例: ```ts @@ -64,3 +80,18 @@ function testGenerateSM4Key() { }); } ``` + +- 同步方法 +```ts +import cryptoFramework from '@ohos.security.cryptoFramework'; + +function testSyncGenerateAesKey() { + // 创建SymKeyGenerator实例 + let symKeyGenerator = cryptoFramework.createSymKeyGenerator('SM4_128'); + // 使用密钥生成器随机生成对称密钥 + let promiseSymKey = symKeyGenerator.generateSymKeySync(); + // 获取对称密钥的二进制数据,输出128位字节流。长度为16字节 + let encodedKey = promiseSymKey.getEncoded(); + console.info('key hex:' + encodedKey.data); +} +``` -- Gitee From 2c6cbd3cd1b285f7f471a4b9d6409c532256be75 Mon Sep 17 00:00:00 2001 From: lcc Date: Fri, 15 Mar 2024 17:46:40 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=B0=81=E8=A3=85Openssl=E7=9B=B8=E5=85=B3?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=90=91=E4=B8=8A=E6=8F=90=E4=BE=9B?= =?UTF-8?q?HKDF=E5=AF=86=E9=92=A5=E6=B4=BE=E7=94=9F=E7=AE=97=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lcc --- .../Readme-Crypto-Architecture-Kit.md | 4 +- .../crypto-key-derivation-overview.md | 40 +++++++++++ .../crypto-key-derivation-using-hkdf.md | 72 +++++++++++++++++++ .../crypto-key-derivation-using-pbkdf2.md | 67 +++++++++++++++++ 4 files changed, 182 insertions(+), 1 deletion(-) create mode 100644 zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-overview.md create mode 100644 zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-hkdf.md create mode 100644 zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-pbkdf2.md diff --git a/zh-cn/application-dev/kit-readme/Readme-Crypto-Architecture-Kit.md b/zh-cn/application-dev/kit-readme/Readme-Crypto-Architecture-Kit.md index 11fa983926f..fd02463d748 100644 --- a/zh-cn/application-dev/kit-readme/Readme-Crypto-Architecture-Kit.md +++ b/zh-cn/application-dev/kit-readme/Readme-Crypto-Architecture-Kit.md @@ -46,4 +46,6 @@ - [消息摘要计算](../security/CryptoArchitectureKit/crypto-generate-message-digest.md) - [消息认证码计算](../security/CryptoArchitectureKit/crypto-compute-mac.md) - [安全随机数生成](../security/CryptoArchitectureKit/crypto-generate-random-number.md) -- [密钥派生](../security/CryptoArchitectureKit/crypto-key-derivation.md) +- 密钥派生 + - [使用PBKDF2进行密钥派生](../security/CryptoArchitectureKit/crypto-key-derivation-using-pbkdf2.md) + - [使用HKDF进行密钥派生](../security/CryptoArchitectureKit/crypto-key-derivation-using-hkdf.md) \ No newline at end of file diff --git a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-overview.md b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-overview.md new file mode 100644 index 00000000000..f2eac200fd2 --- /dev/null +++ b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-overview.md @@ -0,0 +1,40 @@ +# 密钥派生 +密钥派生函数(key derivation function)是指使用伪随机函数从秘密值(如主密钥)中导出一个或多个密钥。密钥派生函数可用于将密钥扩展到更长的密钥或获得所需格式的密钥。 + +比如,当用户输入指定的密码,通过密钥派生函数,可以生成指定长度的密钥。 + +## 支持的算法与规格 + +## PBKDF2算法。 + +PBKDF(Password-Based Key Derivation Function)是具有可变计算成本的密钥派生函数;PBKDF2是PKCS系列的标准之一。 + +PBKDF2是将伪随机函数PRF(Pseudo-Random Function,例如基于散列的[HMAC](crypto-compute-mac.md)),输入密码明文和盐值,重复多次运算来进行密钥派生。 + +当前支持以字符串参数进行密钥派生,具体的“字符串参数”由“密钥派生函数”和“HMAC函数摘要算法”使用符号“|”拼接而成,用于在创建密钥派生函数生成器时,指定算法规格。 +| 密钥派生算法 | HMAC函数摘要算法 | 字符串参数 | API版本 | +| -------- | -------- | -------- | -------- | +| PBKDF2 | SHA1 | PBKDF2\|SHA1 | 11+ | +| PBKDF2 | SHA224 | PBKDF2\|SHA224 | 11+ | +| PBKDF2 | SHA256 | PBKDF2\|SHA256 | 11+ | +| PBKDF2 | SHA384 | PBKDF2\|SHA384 | 11+ | +| PBKDF2 | SHA512 | PBKDF2\|SHA512 | 11+ | +| PBKDF2 | SM3 | PBKDF2\|SM3 | 11+ | + +## HKDF算法 + +HKDF是HMAC-based Extract-and-Expand Key Derivation Function的缩写,意为例如基于散列的[HMAC](crypto-compute-mac.md)),输入密码明文和盐值来提取和输入密码明文和拓展信息来扩展。它是一种密钥派生函数,用于从较短的输入密钥中派生出更长的输出密钥。 + +HKDF包含俩个基本模块,提取(Extract)、拓展(Expand) +提取:使用原始的密钥材料,派生出一个符合密码学强度的伪随机密钥。 +拓展:将短密钥经过拓展变长,使用提取出的伪随机密钥,拓展出指定长度的密钥,同时保证随机性。 + +当前支持以字符串参数进行密钥派生,具体的“字符串参数”由“密钥派生函数”、“HMAC函数摘要算法”和“模式”使用符号“|”拼接而成,用于在创建密钥派生函数生成器时,指定算法规格 +| 密钥派生算法 | HMAC函数摘要算法 | 字符串参数 | API版本 | +| -------- | -------- | -------- | -------- | +| HKDF | SHA1 | PBKDF2\|SHA1 | 11+ | +| HKDF | SHA224 | PBKDF2\|SHA224 | 11+ | +| HKDF | SHA256 | PBKDF2\|SHA256 | 11+ | +| HKDF | SHA384 | PBKDF2\|SHA384 | 11+ | +| HKDF | SHA512 | PBKDF2\|SHA512 | 11+ | +| HKDF | SM3 | PBKDF2\|SM3 | 11+ | \ No newline at end of file diff --git a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-hkdf.md b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-hkdf.md new file mode 100644 index 00000000000..8a5e22ba07a --- /dev/null +++ b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-hkdf.md @@ -0,0 +1,72 @@ +# 使用HKDF进行密钥派生 +对应算法规格请查看[密钥派生算法规格:HKDF](crypto-key-derivation-overview.md#HKDF) + +# 开发步骤 +1. 构造[HKDFSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#hkdfspec12)对象,作为密钥派生参数进行密钥派生。 + + HKDFSpec是KdfSpec的子类,需要指定: + + - algName:指定算法'HKDF'。 + - key:原始密钥材料。 + 如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。 + - salt:盐值。 + - info:可选的上下文与应用相关信息, 可为空,用于拓展短密钥。 + - keySize:目标密钥的字节长度,需要为正整数。 + + 2. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'HKDF|SHA256|EXTRACT_AND_EXPAND',创建密钥派生算法为HKDF、HMAC函数摘要算法为SHA256、模式为提取和拓展的密钥派生函数对象(Kdf)。 + + 3. 输入HKDFSpec对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2)进行密钥派生。 + + Kdf.generateSecret的多种调用形式如表所示。 + + | 接口名 | 返回方式 | + | -------- | -------- | + | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成 | + | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成 | + + - 通过await返回结果: + ```ts + import cryptoFramework from '@ohos.security.cryptoFramework'; + + async function kdfAwait() { + let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); + let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); + let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); + let spec: cryptoFramework.HKDFSpec = { + algName: 'HKDF', + key: keyData, + salt: saltData, + info: infoData, + keySize: 32 + }; + let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); + let secret = await kdf.generateSecret(spec); + console.info("key derivation output is " + secret.data); + } + ``` + +- 通过Promise返回结果: + ```ts + import cryptoFramework from '@ohos.security.cryptoFramework'; + import { BusinessError } from '@ohos.base'; + + function kdfPromise() { + let keyData = new Uint8Array(buffer.from("012345678901234567890123456789", "utf-8").buffer); + let saltData = new Uint8Array(buffer.from("0123456789", "utf-8").buffer); + let infoData = new Uint8Array(buffer.from("infostring", "utf-8").buffer); + let spec: cryptoFramework.HKDFSpec = { + algName: 'HKDF', + key: keyData, + salt: saltData, + info: infoData, + keySize: 32 + }; + let kdf = cryptoFramework.createKdf('HKDF|SHA256|EXTRACT_AND_EXPAND'); + let kdfPromise = kdf.generateSecret(spec); + kdfPromise.then((secret) => { + console.info("key derivation output is " + secret.data); + }).catch((error: BusinessError) => { + console.error("key derivation error."); + }); + } + ``` \ No newline at end of file diff --git a/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-pbkdf2.md b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-pbkdf2.md new file mode 100644 index 00000000000..308df37c917 --- /dev/null +++ b/zh-cn/application-dev/security/CryptoArchitectureKit/crypto-key-derivation-using-pbkdf2.md @@ -0,0 +1,67 @@ +# 使用PBKDF2算法派生密钥 +对应的算法规格请查看[密钥派生算法规格:PBKDF2](crypto-key-derivation-overview.md#PBDKF2) + +## 开发步骤 + +1. 构造[PBKDF2Spec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pbkdf2spec11)对象,作为密钥派生参数进行密钥派生。 + + PBKDF2Spec是KdfSpec的子类,需要指定: + + - algName:指定算法'PBKDF2'。 + - password:用于生成派生密钥的原始密码。 + 如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。 + - salt:盐值。 + - iterations:重复运算的次数,需要为正整数。 + - keySize:目标密钥的字节长度,需要为正整数。 + +2. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'PBKDF2|SHA256',创建密钥派生算法为PBKDF2、HMAC函数摘要算法为SHA256的密钥派生函数对象(Kdf)。 + +3. 输入PBKDF2Spec对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-2)进行密钥派生。 + + Kdf.generateSecret的多种调用形式如表所示。 + + | 接口名 | 返回方式 | + | -------- | -------- | + | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成 | + | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成 | + +- 通过await返回结果: + ```ts + import cryptoFramework from '@ohos.security.cryptoFramework'; + + async function kdfAwait() { + let spec: cryptoFramework.PBKDF2Spec = { + algName: 'PBKDF2', + password: '123456', + salt: new Uint8Array(16), + iterations: 10000, + keySize: 32 + }; + let kdf = cryptoFramework.createKdf('PBKDF2|SHA256'); + let secret = await kdf.generateSecret(spec); + console.info("key derivation output is " + secret.data); + } + ``` + +- 通过Promise返回结果: + ```ts + import cryptoFramework from '@ohos.security.cryptoFramework'; + import { BusinessError } from '@ohos.base'; + + function kdfPromise() { + let spec: cryptoFramework.PBKDF2Spec = { + algName: 'PBKDF2', + password: '123456', + salt: new Uint8Array(16), + iterations: 10000, + keySize: 32 + }; + let kdf = cryptoFramework.createKdf('PBKDF2|SHA256'); + let kdfPromise = kdf.generateSecret(spec); + kdfPromise.then((secret) => { + console.info("key derivation output is " + secret.data); + }).catch((error: BusinessError) => { + console.error("key derivation error."); + }); + } + ``` -- Gitee