diff --git a/chsm-common/src/main/java/com/sunyard/chsm/constant/AuthCodeConst.java b/chsm-common/src/main/java/com/sunyard/chsm/constant/AuthCodeConst.java
new file mode 100644
index 0000000..eed0fa4
--- /dev/null
+++ b/chsm-common/src/main/java/com/sunyard/chsm/constant/AuthCodeConst.java
@@ -0,0 +1,52 @@
+package com.sunyard.chsm.constant;
+
+/**
+ * @author liulu
+ * @since 2024/12/16
+ */
+public interface AuthCodeConst {
+
+    // 密钥管理
+    String key_info = "key_info";
+    String key_list = "key_list";
+    String key_create = "key_create";
+    String key_update = "key_update";
+    String key_enable = "key_enable";
+    String key_disable = "key_disable";
+    String key_archive = "key_archive";
+    String key_destroy = "key_destroy";
+
+    // 对称运算
+    String sym_enc = "sym_enc";
+    String sym_dec = "sym_dec";
+    String cal_hmac = "cal_hmac";
+    String check_hmac = "check_hmac";
+    String cal_mac = "cal_mac";
+    String check_mac = "check_mac";
+    String gen_random = "gen_random";
+
+    // 非对称运算
+    String asym_enc = "asym_enc";
+    String asym_dec = "asym_dec";
+    String sign_raw = "sign_raw";
+    String verify_raw = "verify_raw";
+    String sign_p1 = "sign_p1";
+    String verify_p1 = "verify_p1";
+    String sign_P7Attach = "sign_P7Attach";
+    String verify_P7Attach = "verify_P7Attach";
+    String sign_P7Detach = "sign_P7Detach";
+    String verify_P7Detach = "verify_P7Detach";
+    String envelope_seal = "envelope_enc";
+    String envelope_unseal = "envelope_dec";
+    String signed_envelope_seal = "signed_envelope_enc";
+    String signed_envelope_unseal = "signed_envelope_dec";
+
+    String cal_hash = "cal_hash";
+
+    // 证书
+    String cert_info = "cert_info";
+    String cert_exinfo = "cert_exinfo";
+    String cert_check = "cert_check";
+    String cert_upload = "cert_upload";
+    String cert_remove = "cert_remove";
+}
diff --git a/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiFunEnum.java b/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiFunEnum.java
index a2bf968..fd9cef9 100644
--- a/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiFunEnum.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiFunEnum.java
@@ -1,5 +1,6 @@
 package com.sunyard.chsm.enums;
 
+import com.sunyard.chsm.constant.AuthCodeConst;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 
@@ -11,24 +12,46 @@ import lombok.Getter;
 @AllArgsConstructor
 public enum ApiFunEnum {
 
-    sym_enc(ApiGroupEnum.SYM_API,"sym_enc", "对称加密"),
-    sym_dec(ApiGroupEnum.ASYM_API,"sym_dec", "对称解密"),
-    cal_hmac(ApiGroupEnum.SYM_API,"cal_hmac", "计算Hmac"),
-    check_hmac(ApiGroupEnum.ASYM_API,"check_hmac", "验证Hmac"),
-    cal_mac(ApiGroupEnum.SYM_API,"cal_mac", "计算mac"),
-    check_mac(ApiGroupEnum.ASYM_API,"check_mac", "验证mac"),
-    gen_random(ApiGroupEnum.SYM_API,"gen_random", "生成随机数"),
+    key_info(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_info, "查询密钥详情"),
+    key_list(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_list, "查询密钥详情"),
+    key_create(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_create, "创建密钥"),
+    key_update(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_update, "更新密钥"),
+    key_enable(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_enable, "启用密钥"),
+    key_disable(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_disable, "停用密钥"),
+    key_archive(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_archive, "归档密钥"),
+    key_destroy(ApiGroupEnum.KEY_MANAGE_API, AuthCodeConst.key_destroy, "销毁密钥"),
+
+    sym_enc(ApiGroupEnum.SYM_API, AuthCodeConst.sym_enc, "对称加密"),
+    sym_dec(ApiGroupEnum.SYM_API, AuthCodeConst.sym_dec, "对称解密"),
+    cal_hmac(ApiGroupEnum.SYM_API, AuthCodeConst.cal_hmac, "计算Hmac"),
+    check_hmac(ApiGroupEnum.SYM_API, AuthCodeConst.check_hmac, "验证Hmac"),
+    cal_mac(ApiGroupEnum.SYM_API, AuthCodeConst.cal_mac, "计算mac"),
+    check_mac(ApiGroupEnum.SYM_API, AuthCodeConst.check_mac, "验证mac"),
+    gen_random(ApiGroupEnum.SYM_API, AuthCodeConst.gen_random, "生成随机数"),
+
+    asym_enc(ApiGroupEnum.ASYM_API, AuthCodeConst.asym_enc, "非对称加密"),
+    asym_dec(ApiGroupEnum.ASYM_API, AuthCodeConst.asym_dec, "非对称解密"),
+    sign_raw(ApiGroupEnum.ASYM_API, AuthCodeConst.sign_raw, "RAW签名"),
+    verify_raw(ApiGroupEnum.ASYM_API, AuthCodeConst.verify_raw, "RAW验签"),
+    sign_p1(ApiGroupEnum.ASYM_API, AuthCodeConst.sign_p1, "P1签名"),
+    verify_p1(ApiGroupEnum.ASYM_API, AuthCodeConst.verify_p1, "P1验签"),
+    sign_P7Attach(ApiGroupEnum.ASYM_API, AuthCodeConst.sign_P7Attach, "P7 Attach签名"),
+    verify_P7Attach(ApiGroupEnum.ASYM_API, AuthCodeConst.verify_P7Attach, "P7 Attach验签"),
+    sign_P7Detach(ApiGroupEnum.ASYM_API, AuthCodeConst.sign_P7Detach, "P7 Detach签名"),
+    verify_P7Detach(ApiGroupEnum.ASYM_API, AuthCodeConst.verify_P7Detach, "P7 Detach验签"),
+    envelope_seal(ApiGroupEnum.ASYM_API, AuthCodeConst.envelope_seal, "P7数字信封加封"),
+    envelope_unseal(ApiGroupEnum.ASYM_API, AuthCodeConst.envelope_unseal, "P7数字信封解封"),
+    signed_envelope_seal(ApiGroupEnum.ASYM_API, AuthCodeConst.signed_envelope_seal, "带签名的数字信封加封"),
+    signed_envelope_unseal(ApiGroupEnum.ASYM_API, AuthCodeConst.signed_envelope_unseal, "带签名的数字信封解封"),
+
+    cal_hash(ApiGroupEnum.HASH_API, AuthCodeConst.cal_hash, "生成随机数"),
+
+    cert_info(ApiGroupEnum.HASH_API, AuthCodeConst.cert_info, "生成随机数"),
+    cert_exinfo(ApiGroupEnum.HASH_API, AuthCodeConst.cert_exinfo, "生成随机数"),
+    cert_check(ApiGroupEnum.HASH_API, AuthCodeConst.cert_check, "生成随机数"),
+    cert_upload(ApiGroupEnum.HASH_API, AuthCodeConst.cert_upload, "生成随机数"),
+    cert_remove(ApiGroupEnum.HASH_API, AuthCodeConst.cert_remove, "生成随机数"),
 
-    asym_enc(ApiGroupEnum.ASYM_API,"asym_enc", "非对称加密"),
-    asym_dec(ApiGroupEnum.ASYM_API,"asym_dec", "非对称解密"),
-    sign_raw(ApiGroupEnum.ASYM_API,"sign_raw", "RAW签名"),
-    verify_raw(ApiGroupEnum.ASYM_API,"verify_raw", "RAW验签"),
-    sign_p1(ApiGroupEnum.ASYM_API,"sign_p1", "P1签名"),
-    verify_p1(ApiGroupEnum.ASYM_API,"verify_p1", "P1验签"),
-    sign_P7Attach(ApiGroupEnum.ASYM_API,"sign_P7Attach", "P7 Attach签名"),
-    verify_P7Attach(ApiGroupEnum.ASYM_API,"verify_P7Attach", "P7 Attach验签"),
-    sign_P7Detach(ApiGroupEnum.ASYM_API,"sign_P7Detach", "P7 Detach签名"),
-    verify_P7Detach(ApiGroupEnum.ASYM_API,"verify_P7Detach", "P7 Detach验签"),
     ;
 
     private final ApiGroupEnum group;
diff --git a/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiGroupEnum.java b/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiGroupEnum.java
index 65ae3fc..03ece94 100644
--- a/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiGroupEnum.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/enums/ApiGroupEnum.java
@@ -14,9 +14,12 @@ import java.util.Objects;
 @AllArgsConstructor
 public enum ApiGroupEnum {
 
+    KEY_MANAGE_API("key_manage_api", "密钥管理接口"),
     SYM_API("sym_api", "对称密钥计算接口"),
     ASYM_API("asym_api", "非对称密钥计算接口"),
-            ;
+    HASH_API("hash_api", "杂凑计算接口"),
+    CERT_API("cert_api", "证书接口"),
+    ;
 
     private final String code;
     private final String name;
diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/controller/KeyManageController.java b/chsm-web-server/src/main/java/com/sunyard/chsm/controller/KeyManageController.java
index 6ffdfd9..6c8d6aa 100644
--- a/chsm-web-server/src/main/java/com/sunyard/chsm/controller/KeyManageController.java
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/controller/KeyManageController.java
@@ -1,6 +1,7 @@
 package com.sunyard.chsm.controller;
 
 import com.sunyard.chsm.auth.AuthCode;
+import com.sunyard.chsm.constant.AuthCodeConst;
 import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.model.dto.KeyInfoDTO;
 import com.sunyard.chsm.service.KeyInfoService;
@@ -32,7 +33,7 @@ public class KeyManageController {
      * @return id
      */
     @PostMapping("/enable")
-    @AuthCode("12312312")
+    @AuthCode(AuthCodeConst.key_enable)
     public R<Void> enableKey(@Validated @RequestBody KeyInfoDTO.IDs param) {
         keyInfoService.enableKey(param.getIds());
         return R.ok();
diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/service/KeyManageService.java b/chsm-web-server/src/main/java/com/sunyard/chsm/service/KeyManageService.java
new file mode 100644
index 0000000..bf59fe2
--- /dev/null
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/service/KeyManageService.java
@@ -0,0 +1,8 @@
+package com.sunyard.chsm.service;
+
+/**
+ * @author liulu
+ * @since 2024/12/16
+ */
+public interface KeyManageService {
+}
diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/service/impl/KeyManageServiceImpl.java b/chsm-web-server/src/main/java/com/sunyard/chsm/service/impl/KeyManageServiceImpl.java
new file mode 100644
index 0000000..e7ff757
--- /dev/null
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/service/impl/KeyManageServiceImpl.java
@@ -0,0 +1,16 @@
+package com.sunyard.chsm.service.impl;
+
+import com.sunyard.chsm.service.KeyManageService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * @author liulu
+ * @since 2024/12/16
+ */
+@Slf4j
+@Service
+@Transactional
+public class KeyManageServiceImpl implements KeyManageService {
+}