What is the Crypto Architecture Kit?

# cryptoarchitecturekit# encryptiondecryption# digitalsignature# harmonyos
What is the Crypto Architecture Kit?HarmonyOS

Read the original article:What is the Crypto Architecture Kit? Context Crypto...

Read the original article:What is the Crypto Architecture Kit?

Context

Crypto Architecture Kit is designed to provide essential cryptographic functionalities for applications, such as encryption/decryption, signing/signature verification, MAC generation, hash computation, random number generation, and key derivation. It abstracts the differences between third-party cryptographic libraries, simplifying development and ensuring consistency in cryptographic operations.

Description

The kit supports most common cryptographic algorithms, though some older or less secure algorithms (e.g., MD5) are not recommended for high-security scenarios. Currently, it supports only OpenSSL and does not allow multi-thread concurrent operations. While it handles cryptographic computations, it does not manage key storage—applications must securely manage their own keys.

Key capabilities include:

  • Key Generation and Conversion
  • Encryption and Decryption
  • Signing and Signature Verification
  • Key Agreement
  • Message Digest (MD) / Hashing
  • Message Authentication Code (MAC)
  • Random Number Generation
  • Key Derivation

Basic Concepts:

  • Symmetric key: Same key is used for both encryption and decryption.
  • Asymmetric key: Private and public key pair used for encryption/decryption or signing/verification.
  • Key management: Crypto Kit operates on in-memory or application-managed keys; for persistent storage, Universal Keystore Kit is recommended.

Solution / Approach

Applications can integrate Crypto Architecture Kit to perform secure cryptographic operations without worrying about underlying library differences. Typical use cases include:

  1. Generating session keys or temporary encryption keys.
  2. Encrypting sensitive data before storage or transmission.
  3. Signing messages to ensure authenticity.
  4. Verifying signatures of incoming messages.
  5. Computing hashes or MACs to validate data integrity.
  6. Using asymmetric key pairs for secure key exchange.

Developers must choose algorithms according to security requirements and avoid insecure options like MD5 for critical scenarios. All operations should be performed sequentially due to lack of multi-thread support.

Key Takeaways

  • Crypto Architecture Kit simplifies cryptography integration by standardizing operations across libraries.
  • Supports a wide range of cryptographic functions, but key storage is not handled.
  • Only OpenSSL is supported, and concurrent multi-thread operations are not allowed.
  • Secure algorithm selection is critical; some older algorithms are not recommended.
  • Ideal for applications that need in-memory cryptographic operations or temporary session keys.

Additional Resources

https://developer.huawei.com/consumer/en/doc/harmonyos-guides/crypto-architecture-kit

Written by Emine Inan