MCTKeyStoreManager Class Reference
|
class MCTKeyStoreManager : public MCTKeyStore
|
Defines the interface for a key store manager token.
This documentation describes the security policy that must be enforced by implementations of the interface.
|
Public Member Functions
|
|
void
|
CancelCreateKey
()
|
|
void
|
CancelDeleteKey
()
|
|
void
|
CancelExportEncryptedKey
()
|
|
void
|
CancelExportKey
()
|
|
void
|
CancelImportEncryptedKey
()
|
|
void
|
CancelImportKey
()
|
|
void
|
CancelRelock
()
|
|
void
|
CancelSetManagementPolicy
()
|
|
void
|
CancelSetPassphraseTimeout
()
|
|
void
|
CancelSetUsePolicy
()
|
|
void
|
CreateKey
(
CCTKeyInfo
*&,
TRequestStatus
&)
|
|
void
|
DeleteKey
(
TCTTokenObjectHandle
,
TRequestStatus
&)
|
|
void
|
ExportEncryptedKey
(
TCTTokenObjectHandle
, const
CPBEncryptParms
&,
HBufC8
*&,
TRequestStatus
&)
|
|
void
|
ExportKey
(
TCTTokenObjectHandle
,
HBufC8
*&,
TRequestStatus
&)
|
|
void
|
ImportEncryptedKey
(const
TDesC8
&,
CCTKeyInfo
*&,
TRequestStatus
&)
|
|
void
|
ImportKey
(const
TDesC8
&,
CCTKeyInfo
*&,
TRequestStatus
&)
|
|
void
|
Relock
(
TRequestStatus
&)
|
|
void
|
SetManagementPolicy
(
TCTTokenObjectHandle
, const
TSecurityPolicy
&,
TRequestStatus
&)
|
|
void
|
SetPassphraseTimeout
(
TInt
,
TRequestStatus
&)
|
|
void
|
SetUsePolicy
(
TCTTokenObjectHandle
, const
TSecurityPolicy
&,
TRequestStatus
&)
|
Member Functions Documentation
CancelCreateKey()
|
void
|
CancelCreateKey
|
(
|
)
|
[pure virtual]
|
CancelDeleteKey()
|
void
|
CancelDeleteKey
|
(
|
)
|
[pure virtual]
|
CancelExportEncryptedKey()
|
void
|
CancelExportEncryptedKey
|
(
|
)
|
[pure virtual]
|
CancelExportKey()
|
void
|
CancelExportKey
|
(
|
)
|
[pure virtual]
|
CancelImportEncryptedKey()
|
void
|
CancelImportEncryptedKey
|
(
|
)
|
[pure virtual]
|
CancelImportKey()
|
void
|
CancelImportKey
|
(
|
)
|
[pure virtual]
|
CancelRelock()
|
void
|
CancelRelock
|
(
|
)
|
[pure virtual]
|
CancelSetManagementPolicy()
|
void
|
CancelSetManagementPolicy
|
(
|
)
|
[pure virtual]
|
CancelSetPassphraseTimeout()
|
void
|
CancelSetPassphraseTimeout
|
(
|
)
|
[pure virtual]
|
CancelSetUsePolicy()
|
void
|
CancelSetUsePolicy
|
(
|
)
|
[pure virtual]
|
CreateKey(CCTKeyInfo *&, TRequestStatus &)
Key creation Generates a new key pair and store it in the keystore.
-
capability
-
WriteUserData Requires the caller to have WriteUserData capability
-
leave
-
KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
-
KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
-
KErrKeySize If the requested key size is not supported.
-
leave
-
KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
-
KErrKeyValidity If a validity period was specified, but the end date was in the past.
Parameters
|
CCTKeyInfo
*& aReturnedKey
|
This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully
|
|
TRequestStatus
& aStatus
|
This will be completed with the final status code
|
DeleteKey(TCTTokenObjectHandle, TRequestStatus &)
Deletes a key.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
-
KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
-
KErrNotFound If the key the handle referes to does not exist.
-
leave
-
KErrAccessDenied If the calling process is not allowed to delete the key.
-
leave
-
KErrInUse If another client is currently using the key.
ExportEncryptedKey(TCTTokenObjectHandle, const CPBEncryptParms &, HBufC8 *&, TRequestStatus &)
Exports an encrypted key pair.
The key is exported as DER-encoded PKCS#5/PKCS#8 data.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
-
KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
-
KErrNotFound If the key the handle referes to does not exist.
-
leave
-
KErrKeyAccess If the exportable flag is not set for the key.
-
leave
-
KErrKeyAlgorithm If this type of key cannot be exported.
ExportKey(TCTTokenObjectHandle, HBufC8 *&, TRequestStatus &)
Export keys Exports a key pair in the clear.
The key is exported as DER-encoded PKCS#8 data.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
-
KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
-
KErrNotFound If the key the handle referes to does not exist.
-
leave
-
KErrKeyAccess If the sensitive flag is set for the key, or the exportable flag is not set.
-
leave
-
KErrKeyAlgorithm If this type of key cannot be exported.
Parameters
|
TCTTokenObjectHandle
aHandle
|
The handle of the key to export
|
|
HBufC8
*& aKey
|
A reference to a HBufC8 pointer. The pointer will be set to a newly allocated buffer containing the key data. It is the caller's responsibility to delete this buffer.
|
|
TRequestStatus
& aStatus
|
|
ImportEncryptedKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &)
Imports an encrypted key pair into the keystore.
The import data is DER-encoded PKCS#5/PKCS#8 format.
-
capability
-
WriteUserData Requires the caller to have WriteUserData capability
-
leave
-
KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
-
KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
-
KErrKeySize If the requested key size is not supported.
-
leave
-
KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
-
KErrKeyValidity If a validity period was specified, but the end date was in the past.
-
leave
-
KErrArgument If there is an error parsing the key data.
Parameters
|
const
TDesC8
& aKey
|
This is a descriptor representation of the PKCS#8 key data
|
|
CCTKeyInfo
*& aReturnedKey
|
This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully
|
|
TRequestStatus
& aStatus
|
|
ImportKey(const TDesC8 &, CCTKeyInfo *&, TRequestStatus &)
Import keys Imports a cleartext key pair into the keystore.
The import data is DER-encoded PKCS#8 format.
-
capability
-
WriteUserData Requires the caller to have WriteUserData capability
-
leave
-
KErrPermissionDenied If the caller does not have WriteUserData capability
-
leave
-
KErrAlreadyExists If a key with the specified label already exists in the keystore.
-
leave
-
KErrKeySize If the requested key size is not supported.
-
leave
-
KErrKeyAccess If an invalid combination of key access flags were specified.
-
leave
-
KErrKeyValidity If a validity period was specified, but the end date was in the past.
-
leave
-
KErrArgument If there is an error parsing the key data.
Parameters
|
const
TDesC8
& aKey
|
This is a descriptor representation of the PKCS#8 key data.
|
|
CCTKeyInfo
*& aReturnedKey
|
This is filled by the caller with required attributes, leaving the TKeyIdentifier iID and object handle iHandle uninitialised - these values are set if the key is created successfully.
|
|
TRequestStatus
& aStatus
|
|
Relock(TRequestStatus &)
Re-locks the entire store (i.e., forget the pasphrase)
Parameters
|
TRequestStatus
& aStatus
|
This will be completed with the final status code
|
SetManagementPolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &)
Sets the security policy for key management.
Specifies which processes are allowed to perform management operations on the key.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the current and new key management security policies.
-
leave
-
KErrPermissionDenied If the caller does not conform to the current and new key management security policies.
-
leave
-
KErrNotFound If the key the handle referes to does not exist.
SetPassphraseTimeout(TInt, TRequestStatus &)
Sets the passphrase timeout for all keys owned by this process.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
-
KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
-
KErrArgument If the timeout specified is invalid.
Parameters
|
TInt
aTimeout
|
The timeout in seconds. 0 means that the passphrase is always asked for, and -1 means that it is never expired
|
|
TRequestStatus
& aStatus
|
This will be completed with the final status code
|
SetUsePolicy(TCTTokenObjectHandle, const TSecurityPolicy &, TRequestStatus &)
Sets the security policy for key use.
Specifies which processes are allowed to use the key for cryptographic operations.
-
capability
-
Dependent Requires the caller to have any capabilities specified in the key management security policy.
-
leave
-
KErrPermissionDenied If the caller does not conform to the key management security policy.
-
leave
-
KErrNotFound If the key the handle referes to does not exist.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.