CryptoToken Framework Overview

CryptoToken framework provides interfaces for managing cryptography certificates, keys and certificate applications.

Purpose

Cryptography certificates, keys and certificate applications are known as tokens.

The framework provides interfaces that must be implemented to support the storage and retrieval of specific types of tokens.

Key concepts and terms

Token

A token is a physical instantiation of an object, such as a certificate or a key, stored in a phone. Each token belongs to a group of tokens called a token type. For example, an X.509 certificate is a token which belongs to the X.509 token type.

Key

A cryptography key is a constant value applied using a cryptographic algorithm to encrypt text or to decrypt encrypted text.

Keys are classified as symmetric and asymmetric based on the type of algorithm applied. If the same key is used for both encryption and decryption, it is symmetric. If different keys are used for encryption and decryption, they are asymmetric. Asymmetric keys exist in the form of a public and private key pair, where the public key is used for encryption and the private key is used for decryption.

Certificate

A certificate (or Public Key Infrastructure (PKI) certificate) is an electronic document that binds an identity to a public key. It is used to authenticate public keys.

Certificates are issued by a certification authority (CA) and usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, RSA).

Architecture

The CryptoToken framework provides interfaces that must be implemented for managing tokens.

On the Symbian platform, applications use the Unified Store API to access file-based stores for managing certificates, keys and certificate applications. The stores are called certstore, keystore and certapps respectively. For more information, see Unified Stores.

Device creators can use the interfaces provided by the framework to create their own implementation for managing tokens.

In the following diagram the yellow blocks represent the components provided by Symbian and the blue blocks represent components that must be implemented by device creators.

Figure 1. CryptoToken Framework Architecture

Key classes

Classes Description

MCTToken

Represents a token corresponding to physical instantiation of an object present in the phone such as a certificate or a key.

MCTTokenType

Provides an interface for handling types of token which correspond to a group. Clients access the framework using this class.

The difference between a token type and a token is best explained with an example. Suppose a device has two identical Wireless Identity Module (WIM) slots, the code to handle WIMs can be a token type. The token type can have two tokens for the two WIMs.

MCTTokenInterface

Provides an interface for implementation of an appropriate token.

This class provides functionality to interact with the token's reference counting framework. (Interfaces themselves are not reference counted, but the token must remain open while it has open interfaces.)

MCTTokenObject

Manages references to a particular token object.

A token object represents a one-to-one mapping with a corresponding token. It helps to identify the token through its attributes (for example, its label or token type) and provides a reference to the token that can be passed between different processes.

Typical uses

Crypto Token Framework provides standard interfaces for implementing the following: