|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A" xml:lang="en"><title>Cryptography |
|
13 overview</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <section id="GUID-67CB0CE0-EFDA-4183-BB49-293580FFA0A5"><title>Purpose</title> <p>The |
|
15 Cryptography module is the basis of the Symbian platform Security system. |
|
16 The services provided by this module are used by the following components: |
|
17 Certman (Certificate Management), Software Installation, Secure Communication |
|
18 Protocols (for example, SSL, TLS, IPSEC), and WTLS. </p> <p>These services |
|
19 include: </p> <ul> |
|
20 <li id="GUID-4D104E90-FF18-5FF6-8D8F-806D31F9C81D"><p>symmetric encryption-decryption </p> </li> |
|
21 <li id="GUID-62E013DC-85FD-5C7E-8F63-93C7F546F99E"><p>asymmetric encryption-decryption </p> </li> |
|
22 <li id="GUID-716CAC33-4B7D-5F10-9F3A-CAFD6D42442F"><p>integrity checking and |
|
23 signature verification </p> </li> |
|
24 <li id="GUID-CE94FB08-21CE-51BD-9F2C-B857BC135902"><p>key exchange </p> </li> |
|
25 <li id="GUID-72254184-BFDA-546A-97E9-0056F70ED602"><p>message digests </p> </li> |
|
26 </ul> <p>The interface for the cryptographic services hides the implementation |
|
27 details of particular algorithms. No detailed knowledge of the cryptographic |
|
28 algorithms is needed to use the cryptographic services. </p> </section> |
|
29 <section id="GUID-39C675AC-939A-4028-9016-27C66D869173"><title>Description</title> <p>The |
|
30 Cryptography module encapsulates the following significant components: </p> <ul> |
|
31 <li id="GUID-1B44BA90-11D8-5FD0-9554-4C7B788CEFF0"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-59BBC450-1E19-58EA-8DD6-5F2D1EAB7D63">Cryptographic algorithms</xref> </p> </li> |
|
32 <li id="GUID-0FCB4381-6394-5A28-86FE-A1AAEC2ABEF5"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-10F78AEF-4388-5A04-BD8D-A036171E3B82">Hash algorithms</xref> </p> </li> |
|
33 <li id="GUID-7CFF13A5-A55A-54F0-A3AD-1137E66D158B"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-0630C916-ED45-520D-92CD-FE4F87A66D04">Random Number Generator (RNG)</xref> </p> </li> |
|
34 <li id="GUID-A42E03EF-DFC1-5646-8326-053E203A509C"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-965474E9-6B4E-50C6-8F05-3381BBDC661A">Supporting APIs</xref> </p> </li> |
|
35 </ul> <p id="GUID-59BBC450-1E19-58EA-8DD6-5F2D1EAB7D63"><b>Cryptographic algorithms</b> </p> <p>These |
|
36 algorithms allow data to be encrypted and decrypted. They include: </p> <ul> |
|
37 <li id="GUID-D94D2386-B73D-5D07-A770-C73C81F80D5C"><p> <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita">Symmetric |
|
38 ciphers</xref> — algorithms that require communicating parties to hold a shared |
|
39 secret. They are fast and used for the transmission of bulk data. </p> </li> |
|
40 <li id="GUID-7425FC7D-BA33-5F0B-92A4-95876C790EBB"><p> <xref href="GUID-35E9F104-95F7-511F-B0C5-AB64BCA972D0.dita">Asymmetric |
|
41 ciphers</xref> — algorithms which have two keys, one private to the keys' |
|
42 owner and one which can be published. They are slow compared to symmetric |
|
43 ciphers and are used to exchange a symmetric key before transmission of data |
|
44 encrypted using that key. </p> </li> |
|
45 </ul> <p>The classes implementing the symmetric and asymmetric ciphers are |
|
46 provided in <filepath>cryptography.dll</filepath> (see <xref href="GUID-48DB00D7-3807-5B4B-B4CE-D8C05B42CA6D.dita">Cryptography |
|
47 library</xref>). </p> <p id="GUID-10F78AEF-4388-5A04-BD8D-A036171E3B82"><b>Hash |
|
48 algorithms</b> </p> <p>Hash algorithms compact a message down to a short series |
|
49 of bytes from which it is impossible to regenerate the message. They are used |
|
50 with an asymmetric cipher to generate signatures. </p> <p>The classes implementing |
|
51 the hash algorithms are provided in <filepath>hash.dll</filepath>. </p> <p>Hash |
|
52 algorithms are documented in the mainstream Symbian platform library. </p> <p id="GUID-0630C916-ED45-520D-92CD-FE4F87A66D04"><b>Random Number Generator |
|
53 (RNG)</b> </p> <p>RNG is the basis for the cryptographic key generation. It |
|
54 uses the RANROT algorithm seeded by random data available on the target hardware |
|
55 (for example, free running counters available on ARM processors). </p> <p>The |
|
56 Random number library is provided by <filepath>random.dll</filepath>. </p> <p>The |
|
57 Random Number Generator API is documented in the mainstream Symbian OS Library. </p> <p id="GUID-965474E9-6B4E-50C6-8F05-3381BBDC661A"><b>Supporting APIs</b> </p> <ul> |
|
58 <li id="GUID-1AFD7DEA-F5C8-56E4-AA71-359F893ED7C6"><p> <xref href="GUID-8119A243-2EF1-582A-BB94-BA2A18D02D2C.dita">Password |
|
59 Based Encryption (PBE)</xref> — provides an API to encrypt and decrypt data |
|
60 with a user-supplied password. </p> <p>The classes implementing PBE (for example, |
|
61 for secure stream encryption) are provided in <filepath>pbe.dll</filepath>. </p> </li> |
|
62 <li id="GUID-7A02B665-46BE-5DBB-9A8A-787120AA3D11"><p>Padding — is extra bits |
|
63 concatenated with a key, password, or plaintext to make their length equal |
|
64 to the block size. It defines the way blocks are filled with data when the |
|
65 data to be encrypted is smaller than the block size. Padding is added at encryption |
|
66 and checked on decryption. (See <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita#GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8/GUID-BDF6E245-AE19-55D6-89ED-BCBE0FCF006B">Block |
|
67 and stream ciphers</xref> and <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita#GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8/GUID-A8F9A25F-B83E-5FE7-840F-4DCF246D3D96">CPadding |
|
68 class relationships</xref>.) </p> <p>The Cryptography library supports <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2125" scope="external">PKCS#1</xref> public |
|
69 and private padding, and <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2129" scope="external">PKCS#7</xref> style padding (see <xref href="ftp://ftp.rfc-editor.org/in-notes/rfc2315.txt" scope="external">RFC 2315</xref> section 10.3). </p> </li> |
|
70 <li id="GUID-85009712-99DF-571D-88B1-6F2B86385762"><p> <xref href="GUID-C75726D3-E815-503D-8267-26DA27AD4787.dita">Big |
|
71 integers</xref> — Implementation of arbitrarily large integers. </p> <p>Note |
|
72 that although some methods are exported, the intent is that this library is |
|
73 only for use by the Cryptography library and not by application code. </p> </li> |
|
74 </ul> </section> |
|
75 </conbody></concept> |