MCTKeyStoreManager Class Reference
| class MCTKeyStoreManager : public MCTKeyStore |
Defines the interface for a key store manager token.
This documentation describes the security policy that must be enforced by implementations of the interface.
| Public Member Functions |
|---|
| void | CancelCreateKey() |
| void | CancelDeleteKey() |
| void | CancelExportEncryptedKey() |
| void | CancelExportKey() |
| void | CancelImportEncryptedKey() |
| void | CancelImportKey() |
| void | CancelRelock() |
| void | CancelSetManagementPolicy() |
| void | CancelSetPassphraseTimeout() |
| void | CancelSetUsePolicy() |
| void | CreateKey(CCTKeyInfo *&, TRequestStatus &) |
| void | DeleteKey(TCTTokenObjectHandle, TRequestStatus &) |
| void | ExportEncryptedKey(TCTTokenObjectHandle, const CPBEncryptParms &, HBufC8 *&, TRequestStatus &) |
| void | ExportKey(TCTTokenObjectHandle, HBufC8 *&, TRequestStatus &) |
| void | ImportEncryptedKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &) |
| void | ImportKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &) |
| void | Relock(TRequestStatus &) |
| void | SetManagementPolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &) |
| void | SetPassphraseTimeout(TInt, TRequestStatus &) |
| void | SetUsePolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &) |
Member Functions Documentation
CancelCreateKey()
| void | CancelCreateKey | ( | ) | [pure virtual] |
CancelDeleteKey()
| void | CancelDeleteKey | ( | ) | [pure virtual] |
CancelExportEncryptedKey()
| void | CancelExportEncryptedKey | ( | ) | [pure virtual] |
CancelExportKey()
| void | CancelExportKey | ( | ) | [pure virtual] |
CancelImportEncryptedKey()
| void | CancelImportEncryptedKey | ( | ) | [pure virtual] |
CancelImportKey()
| void | CancelImportKey | ( | ) | [pure virtual] |
CancelRelock()
| void | CancelRelock | ( | ) | [pure virtual] |
CancelSetManagementPolicy()
| void | CancelSetManagementPolicy | ( | ) | [pure virtual] |
CancelSetPassphraseTimeout()
| void | CancelSetPassphraseTimeout | ( | ) | [pure virtual] |
CancelSetUsePolicy()
| void | CancelSetUsePolicy | ( | ) | [pure virtual] |
CreateKey(CCTKeyInfo *&, TRequestStatus &)
Key creation Generates a new key pair and store it in the keystore.
-
capability
- WriteUserData Requires the caller to have WriteUserData capability
-
leave
- KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
- KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
- KErrKeySize If the requested key size is not supported.
-
leave
- KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
- KErrKeyValidity If a validity period was specified, but the end date was in the past.
Parameters
| CCTKeyInfo *& aReturnedKey | This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully |
| TRequestStatus & aStatus | This will be completed with the final status code |
DeleteKey(TCTTokenObjectHandle, TRequestStatus &)
Deletes a key.
-
capability
- Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
- KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
- KErrNotFound If the key the handle referes to does not exist.
-
leave
- KErrAccessDenied If the calling process is not allowed to delete the key.
-
leave
- KErrInUse If another client is currently using the key.
ExportEncryptedKey(TCTTokenObjectHandle, const CPBEncryptParms &, HBufC8 *&, TRequestStatus &)
Exports an encrypted key pair.
The key is exported as DER-encoded PKCS#5/PKCS#8 data.
-
capability
- Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
- KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
- KErrNotFound If the key the handle referes to does not exist.
-
leave
- KErrKeyAccess If the exportable flag is not set for the key.
-
leave
- KErrKeyAlgorithm If this type of key cannot be exported.
ExportKey(TCTTokenObjectHandle, HBufC8 *&, TRequestStatus &)
Export keys Exports a key pair in the clear.
The key is exported as DER-encoded PKCS#8 data.
-
capability
- Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
- KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
- KErrNotFound If the key the handle referes to does not exist.
-
leave
- KErrKeyAccess If the sensitive flag is set for the key, or the exportable flag is not set.
-
leave
- KErrKeyAlgorithm If this type of key cannot be exported.
Parameters
| TCTTokenObjectHandle aHandle | The handle of the key to export |
| HBufC8 *& aKey | A reference to a HBufC8 pointer. The pointer will be set to a newly allocated buffer containing the key data. It is the caller's responsibility to delete this buffer. |
| TRequestStatus & aStatus | |
ImportEncryptedKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &)
Imports an encrypted key pair into the keystore.
The import data is DER-encoded PKCS#5/PKCS#8 format.
-
capability
- WriteUserData Requires the caller to have WriteUserData capability
-
leave
- KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
- KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
- KErrKeySize If the requested key size is not supported.
-
leave
- KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
- KErrKeyValidity If a validity period was specified, but the end date was in the past.
-
leave
- KErrArgument If there is an error parsing the key data.
Parameters
| const TDesC8 & aKey | This is a descriptor representation of the PKCS#8 key data |
| CCTKeyInfo *& aReturnedKey | This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully |
| TRequestStatus & aStatus | |
ImportKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &)
Import keys Imports a cleartext key pair into the keystore.
The import data is DER-encoded PKCS#8 format.
-
capability
- WriteUserData Requires the caller to have WriteUserData capability
-
leave
- KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
- KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
- KErrKeySize If the requested key size is not supported.
-
leave
- KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
- KErrKeyValidity If a validity period was specified, but the end date was in the past.
-
leave
- KErrArgument If there is an error parsing the key data.
Parameters
| const TDesC8 & aKey | This is a descriptor representation of the PKCS#8 key data. |
| CCTKeyInfo *& aReturnedKey | This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully. |
| TRequestStatus & aStatus | |
Relock(TRequestStatus &)
Re-locks the entire store (i.e., forget the pasphrase)
Parameters
| TRequestStatus & aStatus | This will be completed with the final status code |
SetManagementPolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &)
Sets the security policy for key management.
Specifies which processes are allowed to perform management operations on the key.
-
capability
- Dependent Requires the caller to have any capabilities specified in the current and new key management security policies.
-
leave
- KErrPermissionDenied If the caller does not conform to the current and new key management security policies.
-
leave
- KErrNotFound If the key the handle referes to does not exist.
SetPassphraseTimeout(TInt, TRequestStatus &)
Sets the passphrase timeout for all keys owned by this process.
-
capability
- Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
- KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
- KErrArgument If the timeout specified is invalid.
Parameters
| TInt aTimeout | The timeout in seconds. 0 means that the passphrase is always asked for, and -1 means that it is never expired |
| TRequestStatus & aStatus | This will be completed with the final status code |
SetUsePolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &)
Sets the security policy for key use.
Specifies which processes are allowed to use the key for cryptographic operations.
-
capability
- Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
- KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
- KErrNotFound If the key the handle referes to does not exist.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.