|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-362FF929-EC18-5FE9-8FB0-DAFF5D559725" xml:lang="en"><title>File |
|
13 Tokens Configuration</title><abstract><p>File tokens provides software emulation of key store and certificate |
|
14 store tokens, using the APIs defined by the <xref href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita">CryptoToken |
|
15 Framework</xref>. </p></abstract><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
16 <p>The configuration files for file tokens are stored at <codeph>…\os\security\securityanddataprivacytools\securityconfig\filetokens</codeph> location. |
|
17 It includes resource files (<filepath>FSTokenServer.rls</filepath> and <filepath>FSTokenServer.rss</filepath>) |
|
18 that define the user interface (UI) strings. </p> |
|
19 <p>Device creators can customize the UI strings in the resource file for UI |
|
20 implementation. </p> |
|
21 <section><title>Description</title><p><b>FSTokenServer.rls</b> </p> <p>The |
|
22 default implementation of <filepath>FSTokenServer.rls</filepath> file looks |
|
23 like this: </p> <codeblock id="GUID-BE3FBB12-0C83-5050-AC1F-311ADED92AEF" xml:space="preserve">rls_string STRING_r_import_passphrase "Passphrase of the imported key file" |
|
24 rls_string STRING_r_export_passphrase "Passphrase of the exported key file" |
|
25 rls_string STRING_r_ping_passphrase "Key store passphrase" |
|
26 rls_string STRING_r_create_ping_passphrase "New key store passphrase"</codeblock> <p><b>FSTokenServer.rss</b> </p> <p>The |
|
27 default implementation of <filepath>FSTokenServer.rss</filepath> file looks |
|
28 like this: </p> <codeblock id="GUID-182D51A6-72B6-5794-B914-EAF6F589C784" xml:space="preserve">NAME FSTS |
|
29 #include <uikon.rh> |
|
30 #include "FSTokenServer.rls" |
|
31 |
|
32 RESOURCE RSS_SIGNATURE { } |
|
33 |
|
34 RESOURCE ARRAY r_fsserver_strings |
|
35 { |
|
36 items= |
|
37 { |
|
38 LBUF { txt=STRING_r_import_passphrase; }, |
|
39 LBUF { txt=STRING_r_export_passphrase; }, |
|
40 LBUF { txt=STRING_r_ping_passphrase; }, |
|
41 LBUF { txt=STRING_r_create_ping_passphrase; } |
|
42 }; |
|
43 }</codeblock> <p>File tokens use the compiled version (<filepath>FSTokenServer.rsc)</filepath> of |
|
44 the resource file at runtime to get the passphrase during the following tasks: </p> <ul> |
|
45 <li id="GUID-879E2DAE-18DC-5CE4-B427-6496BBB92ECC"><p>Importing or exporting |
|
46 of keys </p> </li> |
|
47 <li id="GUID-768A3A2D-80F8-5CE2-AD57-359AAA068643"><p>Creation or manipulating |
|
48 a key store </p> <p> <b>Note</b>: The key store maintains a database of key |
|
49 pairs in an encrypted file in the server’s private data area. It uses the |
|
50 password based encryption API provided by the <xref href="GUID-C00FBDE4-EF59-5FED-BA92-625414AF45AE.dita">Crypto |
|
51 Libraries</xref> component. </p> </li> |
|
52 </ul> <p>File tokens must be implemented using a client-server architecture, |
|
53 to enforce platform security (and minimize the exposure of private keys to |
|
54 client applications in case of the key store). </p></section> |
|
55 </conbody><related-links> |
|
56 <link href="GUID-8933D7D5-F84D-5BF2-BF2A-832DA183E26B.dita"><linktext>SecurityConfig</linktext> |
|
57 </link> |
|
58 <link href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita"><linktext>File-Based |
|
59 Certificate and Key Stores</linktext></link> |
|
60 </related-links></concept> |