Performing Cryptographic Operations with Keys

You can use various types of algorithms (for example RSA sign, DSA sign, Decrypt, DH key agreement, and so on) to perform cryptographic operations with keys in the unified keystore. This section provides information on the signing process.

The following steps explain the process of signing keys by considering the example of an RSA signing operation:

  1. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC() .

  2. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize() .

  3. List all the keys in the keystore and then retrieve the key to be signed based on filter criteria.
  4. Invoke the MKeyStore::Open() function for opening the key. This also enables the creation of an object capable of performing the required signing operation. In the case of an RSA signing process, the key is opened to create a MRSASigner object. Note: The following table lists the objects created for different cryptographic operations:



    DSA Sign




    DH Key Agreement


  5. Use MCTSigner::SignMessage() or MCTSigner::Sign() to perform the signing operation.

The CRSASignature object contains the value of the signing operation.

The following code snippet shows RSA signing operation:

       //Create a file system session object
RFs iFs;

//Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


// Create a filter to retrieve all keys from the store
TCTKeyAttributeFilter filter;
filter.iPolicyFilter = TCTKeyAttributeFilter:EAllKeys;

// Retrieve a list of all the keys from the key store
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the key to be signed


// Retrieve the key based on the label you are looking for 
TInt keyCount = iKeys.Count();
for (i = 0; i < keyCount; i++)
    CCTKeyInfo* keyInfo = iKeys[i];
    if (keyInfo->Label() == Klabel)
            // Create a signer object for the key
            MRSASigner* iRSASigner
            // The signer object will be returned after the key has been opened for signing
            keyStore->Open(*keyInfo, iRSASigner, iStatus);

// Perform the signing operation

// Define the data for signing

HBufC* dataToSign; 
dataToSign = HBufC::NewL(20);
_LIT(KTxtSign,"Data to be signed");
*dataToSign = KTxtSign; 

CRSASignature* iRSASignature;
// iRSASignature will contain the result after the completion
// of the following request

iRSASigner->SignMessage(*dataToSign, iRSASignature, iStatus);


// Retrieve the RSA signature value through the CRSASignature object 
TInt signature = iRSASignature->S();
Related concepts
Unified Keystore