Collapse all Symbian^3 Product Developer Library

MKeyStore Class Reference

class MKeyStore

Defines the interface for a read-only key store.

This prvides the API for the client to query the keys and open objects allowing crypto operations to be performed.

This documentation describes the security policy that must be enforced by implementations of the interface.

Public Member Functions
void	CancelExportPublic()
void	CancelGetKeyInfo()
void	CancelList()
void	CancelOpen()
void	ExportPublic(const TCTTokenObjectHandle &, HBufC8 *&, TRequestStatus &)
void	GetKeyInfo(TCTTokenObjectHandle, CCTKeyInfo *&, TRequestStatus &)
void	List(RMPointerArray< CCTKeyInfo > &, const TCTKeyAttributeFilter &, TRequestStatus &)
void	Open(const TCTTokenObjectHandle &, MRSASigner *&, TRequestStatus &)
void	Open(const TCTTokenObjectHandle &, MDSASigner *&, TRequestStatus &)
void	Open(const TCTTokenObjectHandle &, MCTDecryptor *&, TRequestStatus &)
void	Open(const TCTTokenObjectHandle &, MCTDH *&, TRequestStatus &)

Member Functions Documentation

CancelExportPublic()

void

CancelExportPublic

(

)

[pure virtual]

Cancels an ongoing ExportPublic() operation

CancelGetKeyInfo()

void

CancelGetKeyInfo

(

)

[pure virtual]

Cancel an ongoing GetKeyInfo() operation

CancelList()

void

CancelList

(

)

[pure virtual]

Cancel an ongoing List() operation

CancelOpen()

void

CancelOpen

(

)

[pure virtual]

Cancels an ongoing Open() operation

ExportPublic(const TCTTokenObjectHandle &, HBufC8 *&, TRequestStatus &)

void	ExportPublic	(	const TCTTokenObjectHandle &	aHandle,
			HBufC8 *&	aPublicKey,
			TRequestStatus &	aStatus
		)	[pure virtual]

Exporting keys Get the public half of a key pair.

The key is returned in DER-encoded ASN-1. The format is that of the X509 SubjectPublicKeyInfo type.

For RSA keys, the format is:

 SEQUENCE-OF
     SEQUENCE-OF
         OID of the encryption algorithm (KRSA)
         NULL
     BIT STRING encoded public key.

For DSA keys, the format is:

 SEQUENCE-OF
     SEQUENCE-OF
         OID dsa (1.2.840.10040.4.1)
         SEQUENCE-OF
             INTEGER p
             INTEGER q
             INTEGER g
     BIT STRING
         INTEGER public value (y)

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

leave: KErrKeyAlgorithm If the key is not an RSA or DSA key.

Parameters

const TCTTokenObjectHandle & aHandle	The handle of the key.
HBufC8 *& aPublicKey	A pointer to a buffer. This will be set to a newly created buffer containing the exported key data. The caller is responsible for deleting the buffer.
TRequestStatus & aStatus

GetKeyInfo(TCTTokenObjectHandle, CCTKeyInfo *&, TRequestStatus &)

void	GetKeyInfo	(	TCTTokenObjectHandle	aHandle,
			CCTKeyInfo *&	aInfo,
			TRequestStatus &	aStatus
		)	[pure virtual]

Getting a key given a TCTTokenObjectHandle Retrieves a key given its handle.

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

Parameters

TCTTokenObjectHandle aHandle	The handle of the required key
CCTKeyInfo *& aInfo	The returned key info
TRequestStatus & aStatus	Async request notification

List(RMPointerArray< CCTKeyInfo > &, const TCTKeyAttributeFilter &, TRequestStatus &)

void	List	(	RMPointerArray< CCTKeyInfo > &	aKeys,
			const TCTKeyAttributeFilter &	aFilter,
			TRequestStatus &	aStatus
		)	[pure virtual]

Listing keys List all the keys in the store that match the filter.

capability: ReadUserData requires the caller to have ReadUserData capability

leave: KErrPermissionDenied if the caller does not have ReadUserData capability

Parameters

RMPointerArray< CCTKeyInfo > & aKeys	An array to which the returned keys are appended
const TCTKeyAttributeFilter & aFilter	a filter controlling which keys are returned
TRequestStatus & aStatus	This will be completed with the final status code

Open(const TCTTokenObjectHandle &, MRSASigner *&, TRequestStatus &)

void	Open	(	const TCTTokenObjectHandle &	aHandle,
			MRSASigner *&	aSigner,
			TRequestStatus &	aStatus
		)	[pure virtual]

Opening keys Open an RSA key for signing

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

leave: KErrKeyAlgorithm If the key is not an RSA key.

leave: KErrKeyUsage If the key doesn't have sign usage.

leave: KErrKeyValidity If the key is not currently valid.

Parameters

const TCTTokenObjectHandle & aHandle	The handle of the key to be opened. This must be the handle of an RSA key on this store that is usable for signing by this process or the operation will fail.
MRSASigner *& aSigner	The returned signer object.
TRequestStatus & aStatus	Asynchronous request notification.

Open(const TCTTokenObjectHandle &, MDSASigner *&, TRequestStatus &)

void	Open	(	const TCTTokenObjectHandle &	aHandle,
			MDSASigner *&	aSigner,
			TRequestStatus &	aStatus
		)	[pure virtual]

Open a DSA key for signing

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

leave: KErrKeyAlgorithm If the key is not a DSA key.

leave: KErrKeyUsage If the key doesn't have sign usage.

leave: KErrKeyValidity If the key is not currently valid.

Parameters

const TCTTokenObjectHandle & aHandle	The handle of the key to be opened. This must be the handle of a DSA key on this store that is usable by this process for signing or the operation will fail.
MDSASigner *& aSigner	The returned signer object
TRequestStatus & aStatus	Asynchronous request notification.

Open(const TCTTokenObjectHandle &, MCTDecryptor *&, TRequestStatus &)

void	Open	(	const TCTTokenObjectHandle &	aHandle,
			MCTDecryptor *&	aDecryptor,
			TRequestStatus &	aStatus
		)	[pure virtual]

Open a RSA key for private decryption

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

leave: KErrKeyAlgorithm If the key is not an RSA key.

leave: KErrKeyUsage If the key doesn't have decrypt usage.

leave: KErrKeyValidity If the key is not currently valid.

Parameters

const TCTTokenObjectHandle & aHandle	The handle of the key to be opened. This must be the handle of a RSA key on this store that is usable by this process for decryption or the operation will fail.
MCTDecryptor *& aDecryptor	The returned decryptor object
TRequestStatus & aStatus	Asynchronous request notification.

Open(const TCTTokenObjectHandle &, MCTDH *&, TRequestStatus &)

void	Open	(	const TCTTokenObjectHandle &	aHandle,
			MCTDH *&	aDH,
			TRequestStatus &	aStatus
		)	[pure virtual]

Open a DH key for key agreement

capability: Dependent Requires the caller to have any capabilities specified in the key use security policy.

leave: KErrPermissionDenied If the caller does not conform to the key use security policy.

leave: KErrNotFound If the key the handle referes to does not exist.

leave: KErrKeyAlgorithm If the key is not a DH key.

leave: KErrKeyUsage If the key doesn't have derive usage.

leave: KErrKeyValidity If the key is not currently valid.

Parameters

const TCTTokenObjectHandle & aHandle	The handle of the key to be opened. This must be the handle of a DH key on this store that is usable by this process for decryption or the operation will fail.
MCTDH *& aDH	The returned agreement object
TRequestStatus & aStatus	Asynchronous request notification.