> The initial APIs of this module are supported since API version 7. Newly added APIs will be marked with a superscript to indicate their earliest API version.
...
...
@@ -17,7 +18,7 @@ import dataAbility from '@ohos.data.dataAbility';
@@ -136,22 +136,22 @@ Unsubscribes from the changes of this distributed data object.
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| type | string | Yes| Event type to unsubscribe from. The value is **change**, which indicates data changes.|
| callback | Callback<{sessionId:string,fields:Array<string>}> | No| Callback used to return the changes of the distributed data object. If this parameter is not specified, this API unsubscribes from all callbacks for data changes of this distributed data object.<br>**sessionId** indicates the session ID of the distributed data object.<br>**fields** indicates the changed attributes of the distributed data object.|
| callback | Callback<{sessionId:string,fields:Array<string>}> | No| Callback to be unregistered. If this parameter is not specified, all data change callbacks of the object will be unregistered.<br>**sessionId** indicates the session ID of the distributed data object.<br>**fields** indicates the changed attributes of the distributed data object.|
@@ -43,7 +43,7 @@ Declare the permissions required by the app one by one in the **config.json** fi
```json
{
"module":{
"requesetPermissions":[
"requestPermissions":[
{
"name":"ohos.permission.PERMISSION1",
"reason":"$string:reason",
...
...
@@ -141,4 +141,4 @@ The procedure is as follows:
```
> **NOTE**<br>
> For details about how to use **requestPermissionsFromUser**, see [API Reference](../reference/apis/js-apis-ability-context.md#abilitycontextrequestpermissionsfromuser).
> For details about how to use **requestPermissionsFromUser**, see [API Reference](../reference/apis/js-apis-ability-context.md).
@@ -81,7 +81,8 @@ The usage of hapsigner varies depending on whether an application signing certif
-version # Display the tool version information.
3. Generate a key pair.
3.Generate a key pair.
generate-keypair: Generate a key pair.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -91,7 +92,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keystoreFile # KS file, in JKS or P12 format. It is mandatory.
├── -keystorePwd # KS password. It is optional.
4.Generate a CSR.
4.Generate a CSR.
generate-csr: Generate a CSR.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -102,7 +103,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keystorePwd # KS password. It is optional.
├── -outFile # CSR to generate. It is optional. If you do not specify this parameter, the CSR is output to the console.
5.Generate a root CA or intermediate CA certificate.
5.Generate a root CA or intermediate CA certificate.
generate-ca: Generate a root CA or intermediate CA certificate. If the key does not exist, generate a key together with the certificate.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -122,7 +123,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -issuerKeystorePwd # KS password of the issuer. It is optional.
├── -outFile # File to generate. It is optional. The file is output to the console if this parameter is not specified.
6.Generate an application debug or release certificate.
6.Generate an application debug or release certificate.
generate-app-cert: Generate an application debug or release certificate.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -142,7 +143,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -subCaCertFile # Intermediate CA certificate, which is mandatory when outForm is certChain.
├── -outFile # Certificate file (certificate or certificate chain) to generate. It is optional. The file is output to the console if this parameter is not specified.
7.Generate a profile debug or release certificate.
7.Generate a profile debug or release certificate.
generate-profile-cert: Generate a profile debug or release certificate.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -162,7 +163,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -subCaCertFile # Intermediate CA certificate, which is mandatory when outForm is certChain.
├── -outFile # Certificate file (certificate or certificate chain) to generate. It is optional. The file is output to the console if this parameter is not specified.
8.Generate a common certificate, which can be used to generate a custom certificate.
8.Generate a common certificate, which can be used to generate a custom certificate.
generate-cert: Generate a common certificate, which can be used to generate a custom certificate.
├── -keyAlias # Key alias. It is mandatory.
...
...
@@ -190,9 +191,9 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keystorePwd # KS password. It is optional.
├── -outFile # Certificate file to generate. It is optional. The file is output to the console if this parameter is not specified.
9. Sign a provisioning profile.
9.Sign a profile.
sign-profile: Sign a provisioning profile.
sign-profile: Sign a profile.
├── -mode # Signing mode, which can be localSign or remoteSign. It is mandatory.
├── -keyAlias # Key alias. It is mandatory.
├── -keyPwd # Key password. It is optional.
...
...
@@ -203,13 +204,13 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keystorePwd # KS password. It is optional.
├── -outFile # Signed provisioning profile to generate, in p7b format. It is mandatory.
10. Verify the provisioning profile signature.
10.Verify the profile signature.
verify-profile: Verify the provisioning profile signature.
verify-profile: Verify the profile signature.
├── -inFile # Signed provisioning profile, in p7b format. It is mandatory.
├── -outFile # Verification result file (including the verification result and profile content), in json format. It is optional. The file is output to the console if this parameter is not specified.
11.Sign a HAP.
11.Sign a HAP.
sign-app: Sign a HAP.
├── -mode # Signing mode, which can be localSign, remoteSign, or remoteResign. It is mandatory.
...
...
@@ -217,7 +218,7 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keyPwd # Key password. It is optional.
├── -appCertFile # Application signing certificate (certificate chain, in the end-entity certificate, intermediate CA certificate, and root certificate order). It is mandatory.
├── -profileFile # Singed provisioning profile, in p7b format. It is mandatory.
├── -profileSigned # Whether the profile is signed. The value 1 means signed, and value 0 means unsigned. The default value is 1. It is optional.
├── -profileSigned # Whether the profile is signed. The value 1 means signed, and value 0 means unsigned. The default value is 1. This parameter is optional.
├── -inForm # Raw file, in .zip (default) or .bin format. It is optional.
├── -inFile # Raw application package, in HAP or .bin format. It is mandatory.
├── -signAlg # Signature algorithm, which can be SHA256withECDSA or SHA384withECDSA. It is mandatory.
...
...
@@ -225,14 +226,13 @@ The usage of hapsigner varies depending on whether an application signing certif
├── -keystorePwd # KS password. It is optional.
├── -outFile # Signed HAP file to generate. It is mandatory.
12.Verify the HAP signature.
12.Verify the HAP signature.
verify-app: Verify the HAP signature.
├── -inFile # Signed application file, in HAP or bin format. It is mandatory.
├── -outCertchain # Signed certificate chain file. It is mandatory.
├── -outProfile # Profile of the application. It is mandatory.
### Signing Procedure
The process of signing a HAP is as follows:
...
...
@@ -242,9 +242,8 @@ The process of signing a HAP is as follows:
4. Sign the HAP.
> **Precautions** <br/>
>
> For security purposes, the ECC algorithm is recommended for generating key pairs for application signing signatures. The RSA algorithm is not recommended.<br/>
> **Precautions** <br>
For security purposes, the ECC algorithm is recommended for generating key pairs for application signing signatures. The RSA algorithm is not recommended.<br>
> You are advised to place the HAP, profile, KS file **OpenHarmony.p12**, root CA certificate, intermediate CA certificate, and hapsigner in the same directory for easy operation.
> The [**developtools_hapsigner/autosign/result**](https://gitee.com/openharmony/developtools_hapsigner/tree/master/autosign/result) directory has the following files:<br/>- OpenHarmony KS file **OpenHarmony.p12** <br/>- Root CA certificate **rootCA.cer**<br/>- Intermediate CA certificate **subCA.cer**<br/>- Profile signing certificate **OpenHarmonyProfileRelease.pem**
>  **NOTE**<br/>Record the values of **keyAlias**, **keyStorePwd**, and **keyPwd**. These values will be used when the application signing certificate is generated and the HAP is signed.
>  **NOTE**<br>Record the values of **keyAlias**, **keyStorePwd**, and **keyPwd**. These values will be used when the application signing certificate is generated and the HAP is signed.
The command parameters are described as follows:
...
...
@@ -286,12 +285,12 @@ The command parameters are described as follows:
├── -keyAlias # Key alias, which must be the same as that in the previous step.
├── -signAlg # Signature algorithm, which can be SHA256withECDSA or SHA384withECDSA. It is mandatory.
├── -issuer # Issuer of the certificate. Enter the issuer of the intermediate CA certificate. It is mandatory and cannot be changed.
├── -issuerKeyAlias # Key alias of the issuer. Enter the key alias of the intermediate CA certificate. It is mandatory and cannot be changed.
├── -issuerKeyAlias # Key alias of the issuer. Enter the key alias of the intermediate CA certificate. This parameter is mandatory and cannot be changed.
├── -subject # Subject of the certificate. Enter the subject in the same sequence specified in the command. This parameter is mandatory.
├── -issuerKeyPwd # Key password of the issuer. Enter the key password of the intermediate CA certificate. It is mandatory and cannot be changed. In this example, it is 123456.
├── -keystoreFile # KS file. Use OpenHarmony.p12. It is mandatory and cannot be changed.
├── -rootCaCertFile # Root certificate. It is mandatory and cannot be changed.
├── -subCaCertFile # Intermediate CA certificate. It is mandatory and cannot be changed.
├── -subCaCertFile # Intermediate CA certificate provided. This parameter is mandatory and cannot be changed.
├── -outForm # Format of the certificate file to generate. certChain is recommended.
├── -outFile # File to generate. It is optional. The file is output to the console if this parameter is not specified.
├── -keyPwd # Key password. It is optional. It is the key password set when the key pair is generated.
>  **NOTE**:<br/>The following parameters used are for the scenario where there is no application signing certificate available. If the application signing certificate is available, the following parameters need to be modified:<br/>
-**keyAlias**: Enter the key alias of the application signing certificate. This parameter is mandatory. <br/>
-**appCertFile**: Enter the application signing certificate. This parameter is mandatory.<br/>
-**keystoreFile**: Enter the KS file of the application signing certificate. This parameter is mandatory. <br/>
-**keyPwd**: Enter the key password in the KS file. <br/>
-**keystorePwd**: Enter the KS password in the KS file.<br/>
>  **NOTE**:<br>The following parameters used are for the scenario where there is no application signing certificate available. If the application signing certificate is available, the following parameters need to be modified:<br>
-**keyAlias**: Enter the key alias of the application signing certificate. This parameter is mandatory. <br>
-**appCertFile**: Enter the application signing certificate. This parameter is mandatory.<br>
-**keystoreFile**: Enter the KS file of the application signing certificate. This parameter is mandatory. <br>
-**keyPwd**: Enter the key password in the KS file. <br>
-**keystorePwd**: Enter the KS password in the KS file.<br>
The command parameters are described as follows:
...
...
@@ -344,7 +343,7 @@ The command parameters are described as follows:
├──-keyAlias # Key alias, which must be the same as the alias of the key pair generated. This parameter is mandatory.
├── -signAlg # Signature algorithm, which can be SHA256withECDSA or SHA384withECDSA. It is mandatory.
├── -mode # Signing mode, which must be localSign. It is mandatory.
├── -appCertFile # Application signing certificate (certificate chain, in the end-entity certificate, intermediate CA certificate, and root certificate order). Enter the application signing certificate generated. This parameter is mandatory.
├── -appCertFile # Application signing certificate (certificate chain, in the end-entity certificate, intermediate CA certificate, and root certificate order). Enter the application signing certificate generated in step 2. This parameter is mandatory.
├── -profileFile # Signed provisioning profile in p7b format. Enter the profile generated. This parameter is mandatory.
├── -inFile # Raw application package. It is mandatory.
├── -keystoreFile # KS file, which must be the same as the KS file generated. It is mandatory and cannot be changed.
...
...
@@ -353,6 +352,13 @@ The command parameters are described as follows:
├── -keystorePwd # KS password, which must be the actual KS password.
## FAQs
**1. When the application signing certificate is generated, the console displays the result but no file is output.**
