Keystore framework provides interfaces for implementing a keystore. A key store is a repository of keys that can be stored and retrieved to perform cryptographic operations such as listing stored keys, generating, importing and exporting of RSA, DSA, and DH key pairs and performing private key operations for authenticated users of phone.
The keystore framework is an extension of CryptoToken framework. The framework provides interfaces that must be implemented to retrieve keys from the key store. It provides the following functionalities:
Signing through keys in signature algorithms such as RSA and DSA
Encrypting and decrypting operations using keys
Device creators can use the interfaces provided by the framework to implement keystore for managing keys.
Classes |
Description |
Provides an interface for the implementation of an appropriate token (here, token refers to a key). |
|
Defines an interface to implement a read-only keystore. |
|
Defines an interface to implement a read-only keystore token. This class allows retrieving details of a key stored in a keystore. |
|
Defines the interface to implement a keystore manager |
Keystore framework interfaces
The keystore framework provides interfaces for the following functionalities:
Retrieval of keys:
MCTTokenObject is used to retrieve a token specific to implementation of MCTTokenInterface. The retrieved token object is used to perform cryptographic operations such as signing, decryption and so on.
Key information:
CKeyInfoBase forms the base class for CCTKeyInfo. All key store implementations need to interface with this class for accessing or manipulating key details.
CCTKeyInfo contains all the relevant information of a key such as ID, type, size, usage, algorithm, security policy associated to the key. It's implementation is derived from MCTTokenObject and CKeyInfoBase.
Protection of keys:
MCTAuthenticationObject provides interface to control authentication mechanism of the keys. It allows to query and manipulate authentication objects that are returned as token interface from MCTAuthenticationObjectList. It is accessed by calling a function of CCTKeyInfo.
Cryptographic operations:
Signing: MCTSigner provides interface to implement signing through keys. The framework supports two types of signing algorithms; RSA and DSA through the MRSASigner and the MDSASigner classes.
Decryption: MCTDecryptor provides interface to implement decryption functionality through keys.
DH agreement : MCTDH provides interface to implement Diffie Hellman (DH) key exchange protocol.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.