Cryptography overview

Purpose

The Cryptography module is the basis of the Symbian platform Security system. The services provided by this module are used by the following components: Certman (Certificate Management), Software Installation, Secure Communication Protocols (for example, SSL, TLS, IPSEC), and WTLS.

These services include:

  • symmetric encryption-decryption

  • asymmetric encryption-decryption

  • integrity checking and signature verification

  • key exchange

  • message digests

The interface for the cryptographic services hides the implementation details of particular algorithms. No detailed knowledge of the cryptographic algorithms is needed to use the cryptographic services.

Description

The Cryptography module encapsulates the following significant components:

Cryptographic algorithms

These algorithms allow data to be encrypted and decrypted. They include:

  • Symmetric ciphers — algorithms that require communicating parties to hold a shared secret. They are fast and used for the transmission of bulk data.

  • Asymmetric ciphers — algorithms which have two keys, one private to the keys' owner and one which can be published. They are slow compared to symmetric ciphers and are used to exchange a symmetric key before transmission of data encrypted using that key.

The classes implementing the symmetric and asymmetric ciphers are provided in cryptography.dll (see Cryptography library ).

Hash algorithms

Hash algorithms compact a message down to a short series of bytes from which it is impossible to regenerate the message. They are used with an asymmetric cipher to generate signatures.

The classes implementing the hash algorithms are provided in hash.dll .

Hash algorithms are documented in the mainstream Symbian platform library.

Random Number Generator (RNG)

RNG is the basis for the cryptographic key generation. It uses the RANROT algorithm seeded by random data available on the target hardware (for example, free running counters available on ARM processors).

The Random number library is provided by random.dll .

The Random Number Generator API is documented in the mainstream Symbian OS Library.

Supporting APIs

  • Password Based Encryption (PBE) — provides an API to encrypt and decrypt data with a user-supplied password.

    The classes implementing PBE (for example, for secure stream encryption) are provided in pbe.dll .

  • Padding — is extra bits concatenated with a key, password, or plaintext to make their length equal to the block size. It defines the way blocks are filled with data when the data to be encrypted is smaller than the block size. Padding is added at encryption and checked on decryption. (See Block and stream ciphers and CPadding class relationships .)

    The Cryptography library supports PKCS#1 public and private padding, and PKCS#7 style padding (see RFC 2315 section 10.3).

  • Big integers — Implementation of arbitrarily large integers.

    Note that although some methods are exported, the intent is that this library is only for use by the Cryptography library and not by application code.