File Tokens Configuration

File tokens provides software emulation of key store and certificate store tokens, using the APIs defined by the CryptoToken Framework.

The configuration files for file tokens are stored at …\os\security\securityanddataprivacytools\securityconfig\filetokens location. It includes resource files (FSTokenServer.rls and FSTokenServer.rss) that define the user interface (UI) strings.

Device creators can customize the UI strings in the resource file for UI implementation.

Description

FSTokenServer.rls

The default implementation of FSTokenServer.rls file looks like this:

rls_string STRING_r_import_passphrase "Passphrase of the imported key file"
rls_string STRING_r_export_passphrase "Passphrase of the exported key file"
rls_string STRING_r_ping_passphrase "Key store passphrase"
rls_string STRING_r_create_ping_passphrase "New key store passphrase"

FSTokenServer.rss

The default implementation of FSTokenServer.rss file looks like this:

NAME FSTS
#include <uikon.rh>
#include "FSTokenServer.rls"

RESOURCE RSS_SIGNATURE { }

RESOURCE ARRAY r_fsserver_strings
    {
    items=
        {
        LBUF { txt=STRING_r_import_passphrase; },
        LBUF { txt=STRING_r_export_passphrase; },
        LBUF { txt=STRING_r_ping_passphrase; },
        LBUF { txt=STRING_r_create_ping_passphrase; }
        };
    }

File tokens use the compiled version (FSTokenServer.rsc) of the resource file at runtime to get the passphrase during the following tasks:

  • Importing or exporting of keys

  • Creation or manipulating a key store

    Note: The key store maintains a database of key pairs in an encrypted file in the server’s private data area. It uses the password based encryption API provided by the Crypto Libraries component.

File tokens must be implemented using a client-server architecture, to enforce platform security (and minimize the exposure of private keys to client applications in case of the key store).