Keystore Framework

Keystore framework provides interfaces for implementing a keystore. A key store is a repository of keys that can be stored and retrieved to perform cryptographic operations such as listing stored keys, generating, importing and exporting of RSA, DSA, and DH key pairs and performing private key operations for authenticated users of phone.

Description

The keystore framework is an extension of CryptoToken framework. The framework provides interfaces that must be implemented to retrieve keys from the key store. It provides the following functionalities:

  • Signing through keys in signature algorithms such as RSA and DSA

  • Encrypting and decrypting operations using keys

Device creators can use the interfaces provided by the framework to implement keystore for managing keys.

Figure 1. Symbian Keystore Implementation

Classes

Description

MCTTokenInterface

Provides an interface for the implementation of an appropriate token (here, token refers to a key).

MKeyStore

Defines an interface to implement a read-only keystore.

MCTKeyStore

Defines an interface to implement a read-only keystore token. This class allows retrieving details of a key stored in a keystore.

MCTKeyStoreManager

Defines the interface to implement a keystore manager

Keystore framework interfaces

The keystore framework provides interfaces for the following functionalities:

  • Retrieval of keys:

    MCTTokenObject is used to retrieve a token specific to implementation of MCTTokenInterface. The retrieved token object is used to perform cryptographic operations such as signing, decryption and so on.

  • Key information:

    CKeyInfoBase forms the base class for CCTKeyInfo. All key store implementations need to interface with this class for accessing or manipulating key details.

    CCTKeyInfo contains all the relevant information of a key such as ID, type, size, usage, algorithm, security policy associated to the key. It's implementation is derived from MCTTokenObject and CKeyInfoBase.

  • Protection of keys:

    MCTAuthenticationObject provides interface to control authentication mechanism of the keys. It allows to query and manipulate authentication objects that are returned as token interface from MCTAuthenticationObjectList. It is accessed by calling a function of CCTKeyInfo.

  • Cryptographic operations:

    Signing: MCTSigner provides interface to implement signing through keys. The framework supports two types of signing algorithms; RSA and DSA through the MRSASigner and the MDSASigner classes.

    Decryption: MCTDecryptor provides interface to implement decryption functionality through keys.

    DH agreement : MCTDH provides interface to implement Diffie Hellman (DH) key exchange protocol.

Figure 2. Keystore Framework Interfaces