13 Star 88 Fork 85

OpenHarmony / security_appverify

Create your Gitee Account
Explore and code with more than 8 million developers,Free private repositories !:)
Sign up
Clone or Download
Notice: Creating folder will generate an empty file .keep, because not support in Git



To ensure the integrity and trustworthiness of the applications to be installed in OpenHarmony, the applications must be signed and their signatures must be verified.

  • In application development: After developing an application, you need to sign its installation package to ensure that the installation package is not tampered with when it is released on devices. To sign the application package, you can use the signature tools and the public key certificates and follow the signing certificate generation specifications provided by the application integrity verification module. For your convenience, a public key certificate and a corresponding private key are preset in OpenHarmony. You need to replace the public key certificate and private key in your commercial version of OpenHarmony.

  • In application installation: The Application Framework subsystem of OpenHarmony installs applications. Upon receiving an application installation package, the Application Framework subsystem parses the signature of the installation package, and verifies the signature using the application integrity verification APIs. The application can be installed only after the verification succeeds. During the verification, the application integrity verification module uses the preset public key certificate to verify the signature.


Figure 1 Application integrity verification architecture

  • APIs between subsystems: APIs provided by the application integrity verification module for other modules

  • Integrity verification: ensures the integrity of application bundles and prevents tampering through signature verification.

  • Application source identification: identifies the application source by matching the signature certificate chain with the trusted source list.

Directory Structure

├── interfaces/innerkits/appverify         # Application integrity verification module
│       ├── config                         # Application signature root certificates and configuration files for the trusted source list
│       ├── include                        # Header files
│       ├── src                            # Source code
│       ├── test                           # Automated test cases
├── test/resource                          # Test resources


The certificates used for application integrity verification are specific to OpenHarmony. The corresponding public key certificates and private keys are preset in the open-source code repositories of OpenHarmony to provide offline signing and verification capabilities for the open-source community. The public key certificates and the corresponding private keys need to be replaced in commercial versions that are based on OpenHarmony.


The application integrity verification module provides an inter-subsystem API, which is called by the Bundle Manager Service (BMS) during application installation.

Available APIs



int HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult)

Verifies application integrity and identifies the application source.

Usage Guidelines

The HapVerify() API provided by the application integrity verification module is an inter-subsystem API. This API can be called with the HAP file path passed to verify the integrity of an application, and the verification result can be obtained from the return value. The signature of the application can be obtained from the input parameter hapVerifyResult.

Security::Verify::HapVerifyResult verifyResult;
int32_t res = Security::Verify::HapVerify(hapPath, verifyResult);
if (res != Security::Verify::HapVerifyResultCode::VERIFY_SUCCESS) {
    // processing error

Repositories Involved

Security subsystem


Repository Comments ( 0 )

Sign in to post a comment


Signature verification for HAP packages | 提供对HAP包签名的验签能力 expand collapse
C++ and 2 more languages

Releases (1)






Load More
can not load any more


103111 552b83b3 1850385 103110 ed87a847 1850385