未验证 提交 ec49b758 编写于 作者: O openharmony_ci 提交者: Gitee

!20664 [翻译完成】#I7C9D0

Merge pull request !20664 from Annie_wang/PR19422
......@@ -13,5 +13,7 @@
| ArkUI | UX changed | [The hover effect of the \<Button> component is changed from scale-up by 100% to 105% to overlay of 0% to 5% opacity.](changelogs-arkui.md)|
| ArkUI | UX changed | [The alignment mode of multi-line text in toasts is changed from center-aligned to left-aligned.](changelogs-arkui.md)|
| Bundle management subsystem | Mechanism changed | [The HAP is no longer decompressed during HAP installation.](changelogs-bundlemanager.md)|
| Security-HUKS | Behavior changed | [HuksKeyStorageType must be passed in for key derivation or key agreement.](changelogs-huks.md) |
| Security-HUKS | Behavior changed | [Permission is required for Using attestKeyItem.](changelogs-huks.md) |
| Web | Input parameter added | [The input parameter type Resource is added for the setResponseData API.](changelogs-web.md) |
| Resource scheduler subsystem | Behavior changed | [The reminder agent allows you to customize buttons for system applications. Clicking a custom button will redirect you to the specified application page.](changelogs-resourceschedule.md)|
# HUKS Changelog
OpenHarmony 4.0.6.1 has the following changes.
## cl.huks.1 Change of the Permission for Using attestKeyItem
The **attestKeyItem** interface attests a key using a public key encapsulated based on the device certificate chain. Any arbitrary export of the device certificate increases the risks on user privacy. Therefore, certain permissions are required for using this interface.
**Change Impact**
Applications without the **ohos.permission.ACCESS_IDS** permission or the system_basic or system_core permission cannot call **attestKeyItem()**.
**Key API/Component Changes**
- Involved APIs:
attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult\>): void;
attestKeyItem(keyAlias: string, options: HuksOptions): Promise\<HuksReturnResult\>;
- Before change:
The AccessToken permission is verified only for the applications that pass in a tag related to **ATTESTATION_ID**.
- After change:
**attestKeyItem()** can be called only by a system application with the system_basic or system_core permission or an application with the **ohos.permission.ACCESS_IDS** permission.
**Adaptation Guide**
Applications with the system_basic or system_core permission can call **attestKeyItem()**. If an application with the normal permission needs to call **attestKeyItem()**, it must have the **ohos.permission.ACCESS_IDS** permission. For details about how to apply for the permission, see [ACL](../../../application-dev/security/accesstoken-overview.md#acl).
## cl.huks.2 Resolved the Issues in Storage or Export of Derived or Agreed Keys
Before the change, the HUKS supports storage and export of derived keys and agreed keys, which poses security risks.
After the change, the application needs to pass in **HuksKeyStorageType** for key derivation or key agreement. Only storage or export is allowed at a time. If this parameter is not passed in, both storage and export are supported by default, which poses security risks and is not recommended.
**Change Impact**
Behaviors of released JavaScript APIs have been changed.
**Key API/Component Changes**
Released JavaScript APIs remain unchanged, but the parameter set passed to the APIs are changed.
**Adaptation Guide**
For more information, see [HUKS Development](../../../application-dev/security/huks-guidelines.md) and [HUKS](../../../application-dev/reference/apis/js-apis-huks.md).
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册