conn::CSecureBUREncryptKeySource Class Reference

class conn::CSecureBUREncryptKeySource : public CBase

This class is responsible for providing keys for encryption of backup data or decryption of restore data based on drive and SID of the data owner.

The class will be included in a separate key-providing DLL provided by licensees at build time. The default Symbian implementation will not provide keys.

It is permissible to not provide any keys and to not encrypt data. It is also permissible for one key to be common to all or a set of SIDs or for one key to be common to a set of drives.

The class can provide a data buffer with backup keys. If it does then the buffer will be stored (un-encrypted!) with the backup and will be provided when keys are requested for a restore operation. The class supports a default data buffer for a whole backup plus the ability to override it with buffers for specific SIDs. If the buffer is used then the implementor must be aware that is is not encrypted in the backup and so must not contain any sensitive data or any data that would allow an attacker to recreate the key. If a buffer is provided then it is returned at restore time on a per-SID basis - there is no provision to provide a default buffer at restore time.

If keys are provided then the implementor needs to consider a number of factors:

  • If the key is entered by the user then it should be assumed that the user can decrypt data off the device.

  • If the key is local to the device then the data cannot be restored to a new device.

  • If the key depends on the drive being backed up or restored then the implementor needs to consider whether a drive may have its letter changed (e.g. if a device has multiple slots for removable media).

This class owns a CSecureBURKeySourceImpl instance and publishes the public API to the outside world. The reason for this facade class is twofold:
  • Future binary compatibility

Inherits from

  • conn::CSecureBUREncryptKeySource

Constructor & Destructor Documentation

CSecureBUREncryptKeySource()

CSecureBUREncryptKeySource()[private]

Standard C++ Constructor

C++ constructor

~CSecureBUREncryptKeySource()

IMPORT_C~CSecureBUREncryptKeySource()[virtual]

Standard virtual destructor

Member Functions Documentation

ConstructL()

voidConstructL()[private]

Symbian Second phase constructor

Symbian 2nd phase construction

GetBackupKeyL(TDriveNumber, TSecureId, TBool &, TDes8 &, TBool &, TDes &)

IMPORT_C voidGetBackupKeyL(TDriveNumberaDrive,
TSecureIdaSID,
TBool &aDoEncrypt,
TDes8 &aKey,
TBool &aGotBuffer,
TDes &aBuffer
)

Provides a key to use to encrypt backup data for a specific data owner from a specific drive. It is permissible to provide the same key for some or all data owners. It is permissible to provide the same key for some or all drives.

Parameters

TDriveNumber aDrivethe drive (EDrive A to EDriveZ) which is being backed up
TSecureId aSIDthe secure id of the data owner
TBool & aDoEncryptreturns ETrue if a key is provided, EFalse if data is not to be encrypted
TDes8 & aKeythe key to use to encrypt data - ignored if aDoEncrypt is set to EFalse
TBool & aGotBufferreturns ETrue if a buffer is returned that is specific to this SID
TDes & aBufferif aGotBuffer is set to ETrue then this is a buffer of data to be included with backups.

GetDefaultBufferForBackupL(TDriveNumber, TBool &, TDes &)

IMPORT_C voidGetDefaultBufferForBackupL(TDriveNumberaDrive,
TBool &aGotBuffer,
TDes &aBuffer
)

Get a default data buffer for all backups of a specified drive.

Parameters

TDriveNumber aDrivethe drive being backed up - may be ignored
TBool & aGotBufferset to ETrue on return if a buffer is supplied
TDes & aBufferif aGotBuffer is set to ETrue then this is a buffer of data to be included with backups.

GetRestoreKeyL(TDriveNumber, TSecureId, TBool, TDes &, TBool &, TDes8 &)

IMPORT_C voidGetRestoreKeyL(TDriveNumberaDrive,
TSecureIdaSID,
TBoolaGotBuffer,
TDes &aBuffer,
TBool &aGotKey,
TDes8 &aKey
)

Provides a key to use to decrypt backup data for a specific data owner from a specific drive. It is permissible to provide the same key for some or all data owners. It is permissible to provide the same key for some or all drives.

Parameters

TDriveNumber aDrivethe drive (EDrive A to EDriveZ) which is being restored
TSecureId aSIDthe secure id of the data owner
TBool aGotBufferset to ETrue if a buffer is provided
TDes & aBufferif aGotBuffer is set to ETrue then this is a buffer of data that was provided with the key for the backup (or the default buffer)
TBool & aGotKeyreturns ETrue if a key is provided, EFalse if data is not to be decrypted
TDes8 & aKeythe key to use to decrypt data - ignored if aGotKey is set to EFalse

NewL()

IMPORT_C CSecureBUREncryptKeySource *NewL()[static]

Static factory method (two phase construction)

Member Data Documentation

CSecureBURKeySourceImpl * iImpl

CSecureBURKeySourceImpl *iImpl[private]

Pointer the the CSecureBURKeySourceImpl implementation