Setting Use Policies

A use policy denotes the security check required to use the key. The use policy associated with the key is of type TSecurityPolicy . The policy can be set to check capabilities or the Secure ID associated with the calling process. The calling process should have a WriteUserData capability.

The following steps explain the process of setting a use policy for a key:

  1. Create a file system session using an RFs object.

  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC() .

  3. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize() .

  4. List all keys in the keystore using the CUnifiedKeyStore::List() function. Retrieve the handle of the key for which the use policy needs to be set.

  5. Set the use policy for the key using the CUnifiedKeyStore::SetUsePolicy() function.

Use policy is set for the selected key.


The following code snippet shows how to set use policy for a key.

       // Create a file system session object
RFs iFs;


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


// Retrieve the handle of the key for which use policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set use policy operation
keyStore->List(iKeys, filter, iStatus);


// Retrieve the key handle of the appropriate key

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
    if (iKeys[j]->Label() == KLabel) 
        keyIndex = j;


// Set the use policy

TSecurityPolicy usePolicy;
TUint secureId = 0x101FFFFF;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

usePolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetUsePolicy(*iKeys, usePolicy, iStatus);

// Clean up
CleanupStack::PopAndDestroy(); // iFs