class conn::CSecureBUREncryptKeySource : public CBase |
This class is responsible for providing keys for encryption of backup data or decryption of restore data based on drive and SID of the data owner.
The class will be included in a separate key-providing DLL provided by licensees at build time. The default Symbian implementation will not provide keys.
It is permissible to not provide any keys and to not encrypt data. It is also permissible for one key to be common to all or a set of SIDs or for one key to be common to a set of drives.
The class can provide a data buffer with backup keys. If it does then the buffer will be stored (un-encrypted!) with the backup and will be provided when keys are requested for a restore operation. The class supports a default data buffer for a whole backup plus the ability to override it with buffers for specific SIDs. If the buffer is used then the implementor must be aware that is is not encrypted in the backup and so must not contain any sensitive data or any data that would allow an attacker to recreate the key. If a buffer is provided then it is returned at restore time on a per-SID basis - there is no provision to provide a default buffer at restore time.
If keys are provided then the implementor needs to consider a number of factors:
If the key is entered by the user then it should be assumed that the user can decrypt data off the device.
If the key is local to the device then the data cannot be restored to a new device.
If the key depends on the drive being backed up or restored then the implementor needs to consider whether a drive may have its letter changed (e.g. if a device has multiple slots for removable media).
Hiding the implementation details of CSecureBURKeySourceImpl
Future binary compatibility
Public Member Functions | |
---|---|
~CSecureBUREncryptKeySource () | |
IMPORT_C void | GetBackupKeyL ( TDriveNumber , TSecureId , TBool &, TDes8 &, TBool &, TDes &) |
IMPORT_C void | GetDefaultBufferForBackupL ( TDriveNumber , TBool &, TDes &) |
IMPORT_C void | GetRestoreKeyL ( TDriveNumber , TSecureId , TBool , TDes &, TBool &, TDes8 &) |
IMPORT_C CSecureBUREncryptKeySource * | NewL () |
Private Member Functions | |
---|---|
CSecureBUREncryptKeySource () | |
void | ConstructL () |
Private Attributes | |
---|---|
CSecureBURKeySourceImpl * | iImpl |
CSecureBUREncryptKeySource | ( | ) | [private] |
Standard C++ Constructor
C++ constructor
IMPORT_C | ~CSecureBUREncryptKeySource | ( | ) | [virtual] |
Standard virtual destructor
void | ConstructL | ( | ) | [private] |
Symbian Second phase constructor
Symbian 2nd phase construction
IMPORT_C void | GetBackupKeyL | ( | TDriveNumber | aDrive, |
TSecureId | aSID, | |||
TBool & | aDoEncrypt, | |||
TDes8 & | aKey, | |||
TBool & | aGotBuffer, | |||
TDes & | aBuffer | |||
) |
Provides a key to use to encrypt backup data for a specific data owner from a specific drive. It is permissible to provide the same key for some or all data owners. It is permissible to provide the same key for some or all drives.
TDriveNumber aDrive | the drive (EDrive A to EDriveZ) which is being backed up |
TSecureId aSID | the secure id of the data owner |
TBool & aDoEncrypt | returns ETrue if a key is provided, EFalse if data is not to be encrypted |
TDes8 & aKey | the key to use to encrypt data - ignored if aDoEncrypt is set to EFalse |
TBool & aGotBuffer | returns ETrue if a buffer is returned that is specific to this SID |
TDes & aBuffer | if aGotBuffer is set to ETrue then this is a buffer of data to be included with backups. |
IMPORT_C void | GetDefaultBufferForBackupL | ( | TDriveNumber | aDrive, |
TBool & | aGotBuffer, | |||
TDes & | aBuffer | |||
) |
Get a default data buffer for all backups of a specified drive.
IMPORT_C void | GetRestoreKeyL | ( | TDriveNumber | aDrive, |
TSecureId | aSID, | |||
TBool | aGotBuffer, | |||
TDes & | aBuffer, | |||
TBool & | aGotKey, | |||
TDes8 & | aKey | |||
) |
Provides a key to use to decrypt backup data for a specific data owner from a specific drive. It is permissible to provide the same key for some or all data owners. It is permissible to provide the same key for some or all drives.
TDriveNumber aDrive | the drive (EDrive A to EDriveZ) which is being restored |
TSecureId aSID | the secure id of the data owner |
TBool aGotBuffer | set to ETrue if a buffer is provided |
TDes & aBuffer | if aGotBuffer is set to ETrue then this is a buffer of data that was provided with the key for the backup (or the default buffer) |
TBool & aGotKey | returns ETrue if a key is provided, EFalse if data is not to be decrypted |
TDes8 & aKey | the key to use to decrypt data - ignored if aGotKey is set to EFalse |
IMPORT_C CSecureBUREncryptKeySource * | NewL | ( | ) | [static] |
Static factory method (two phase construction)
CSecureBURKeySourceImpl * | iImpl | [private] |
Pointer the the CSecureBURKeySourceImpl implementation
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.