Symbian^3 Application Developer Library > Symbian Guide > OS Security Guide > Crypto Services > Certificate and Key Management > Unified Stores > Unified Keystore > Unified Keystore Tutorials >

Setting Use Policies

A use policy denotes the security check required to use the key. The use policy associated with the key is of type TSecurityPolicy . The policy can be set to check capabilities or the Secure ID associated with the calling process. The calling process should have a WriteUserData capability.

The following steps explain the process of setting a use policy for a key:

  1. Create a file system session using an RFs object.

  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC() .

  3. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize() .

  4. List all keys in the keystore using the CUnifiedKeyStore::List() function. Retrieve the handle of the key for which the use policy needs to be set.

  5. Set the use policy for the key using the CUnifiedKeyStore::SetUsePolicy() function.

Use policy is set for the selected key.

Example

The following code snippet shows how to set use policy for a key. 

       
        
       
       // Create a file system session object
RFs iFs;
CleanupClosePushL(&iFs);


...


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


...



// Retrieve the handle of the key for which use policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set use policy operation
keyStore->List(iKeys, filter, iStatus);


...



// Retrieve the key handle of the appropriate key
_LIT(KLabel,”keylabel”);

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
    {
    if (iKeys[j]->Label() == KLabel) 
        {
        keyIndex = j;
        break;
        }
    }


...



// Set the use policy

TSecurityPolicy usePolicy;
TUint secureId = 0x101FFFFF;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

usePolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetUsePolicy(*iKeys, usePolicy, iStatus);


// Clean up
CleanupStack::PopAndDestroy(); // iFs
Parent topic: Unified Keystore Tutorials
Related tasks
Set Management Policies

Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License v1.0.