Crypto (crypto.dll)

Crypto ( crypto.dll ) is provided for general use in certificate management: any certificate specification will use some or all of its functionality.

Elements of a certificate which are common across different certificate formats are implemented in this DLL as a set of abstract base classes. Thus DLLs implementing a particular certificate specification such as X.509 or WTLS (i.e. X509.dll , WTLSCert.dll ) are expected to link to this DLL and derive its own specific classes from these, as well as adding any classes which only exist in that specification (X.509 extensions for example).

Classes defined here are agnostic about the particular encoding scheme used for objects so do not include any constructors for initialisation from binary data. So derived classes for a given specification will add constructors to initialise the objects from encoded binary data.

This DLL also helps localise the interface between certificate management and the cryptographic algorithms supporting it. It is called crypto.dll rather than cert.dll because its role expands beyond certificates.

Of the public classes defined, the following are intended for direct use by client code:

  • TAlgorithmId — an enumeration of the asymmetric and digest algorithms supported.

  • CValidityPeriod — consists of a start time and an end time, with accessors for each.

  • CAlgorithmIdentifier — includes the TAlgorithmId for the algorithm and the parameters in their encoded form. Also implements an equality operator.

  • CSigningAlgorithmIdentifier — consists of two CAlgorithmIdentifier classes, one for the digest algorithm and one for the asymmetric algorithm. Also implements an equality operator.

  • CSubjectPublicKeyInfo — consists of an algorithm identifier and the encoded key.

  • CSignedObject — this class implements a function to verify its signature given an encoded key. It also implements an ExternalizeL function which simply streams out the encoding of the entire object which enables the fingerprint (and the signed data) to be regenerated on restoring. Accessors are provided to return pointer descriptors to the encoding of the signed data, the encoding of the signature, the fingerprint and the signing algorithm used. The fingerprint returned is the MD5 hash of the encoding of the entire object.

  • CCertificate — this is a subclass of CSignedObject . It adds a serial number, validity period and subject public key along with corresponding accessors.