Week 23 contribution of PDK documentation content. See release notes for details. Fixes bugs Bug 2714, Bug 462.
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A" xml:lang="en"><title>Cryptography
overview</title><prolog><metadata><keywords/></metadata></prolog><conbody>
<section id="GUID-67CB0CE0-EFDA-4183-BB49-293580FFA0A5"><title>Purpose</title> <p>The
Cryptography module is the basis of the Symbian platform Security system.
The services provided by this module are used by the following components:
Certman (Certificate Management), Software Installation, Secure Communication
Protocols (for example, SSL, TLS, IPSEC), and WTLS. </p> <p>These services
include: </p> <ul>
<li id="GUID-4D104E90-FF18-5FF6-8D8F-806D31F9C81D"><p>symmetric encryption-decryption </p> </li>
<li id="GUID-62E013DC-85FD-5C7E-8F63-93C7F546F99E"><p>asymmetric encryption-decryption </p> </li>
<li id="GUID-716CAC33-4B7D-5F10-9F3A-CAFD6D42442F"><p>integrity checking and
signature verification </p> </li>
<li id="GUID-CE94FB08-21CE-51BD-9F2C-B857BC135902"><p>key exchange </p> </li>
<li id="GUID-72254184-BFDA-546A-97E9-0056F70ED602"><p>message digests </p> </li>
</ul> <p>The interface for the cryptographic services hides the implementation
details of particular algorithms. No detailed knowledge of the cryptographic
algorithms is needed to use the cryptographic services. </p> </section>
<section id="GUID-39C675AC-939A-4028-9016-27C66D869173"><title>Description</title> <p>The
Cryptography module encapsulates the following significant components: </p> <ul>
<li id="GUID-1B44BA90-11D8-5FD0-9554-4C7B788CEFF0"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-59BBC450-1E19-58EA-8DD6-5F2D1EAB7D63">Cryptographic algorithms</xref> </p> </li>
<li id="GUID-0FCB4381-6394-5A28-86FE-A1AAEC2ABEF5"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-10F78AEF-4388-5A04-BD8D-A036171E3B82">Hash algorithms</xref> </p> </li>
<li id="GUID-7CFF13A5-A55A-54F0-A3AD-1137E66D158B"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-0630C916-ED45-520D-92CD-FE4F87A66D04">Random Number Generator (RNG)</xref> </p> </li>
<li id="GUID-A42E03EF-DFC1-5646-8326-053E203A509C"><p> <xref href="GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A.dita#GUID-5B112A34-1CBA-5B28-A941-27847FC1D30A/GUID-965474E9-6B4E-50C6-8F05-3381BBDC661A">Supporting APIs</xref> </p> </li>
</ul> <p id="GUID-59BBC450-1E19-58EA-8DD6-5F2D1EAB7D63"><b>Cryptographic algorithms</b> </p> <p>These
algorithms allow data to be encrypted and decrypted. They include: </p> <ul>
<li id="GUID-D94D2386-B73D-5D07-A770-C73C81F80D5C"><p> <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita">Symmetric
ciphers</xref> — algorithms that require communicating parties to hold a shared
secret. They are fast and used for the transmission of bulk data. </p> </li>
<li id="GUID-7425FC7D-BA33-5F0B-92A4-95876C790EBB"><p> <xref href="GUID-35E9F104-95F7-511F-B0C5-AB64BCA972D0.dita">Asymmetric
ciphers</xref> — algorithms which have two keys, one private to the keys'
owner and one which can be published. They are slow compared to symmetric
ciphers and are used to exchange a symmetric key before transmission of data
encrypted using that key. </p> </li>
</ul> <p>The classes implementing the symmetric and asymmetric ciphers are
provided in <filepath>cryptography.dll</filepath> (see <xref href="GUID-48DB00D7-3807-5B4B-B4CE-D8C05B42CA6D.dita">Cryptography
library</xref>). </p> <p id="GUID-10F78AEF-4388-5A04-BD8D-A036171E3B82"><b>Hash
algorithms</b> </p> <p>Hash algorithms compact a message down to a short series
of bytes from which it is impossible to regenerate the message. They are used
with an asymmetric cipher to generate signatures. </p> <p>The classes implementing
the hash algorithms are provided in <filepath>hash.dll</filepath>. </p> <p>Hash
algorithms are documented in the mainstream Symbian platform library. </p> <p id="GUID-0630C916-ED45-520D-92CD-FE4F87A66D04"><b>Random Number Generator
(RNG)</b> </p> <p>RNG is the basis for the cryptographic key generation. It
uses the RANROT algorithm seeded by random data available on the target hardware
(for example, free running counters available on ARM processors). </p> <p>The
Random number library is provided by <filepath>random.dll</filepath>. </p> <p>The
Random Number Generator API is documented in the mainstream Symbian OS Library. </p> <p id="GUID-965474E9-6B4E-50C6-8F05-3381BBDC661A"><b>Supporting APIs</b> </p> <ul>
<li id="GUID-1AFD7DEA-F5C8-56E4-AA71-359F893ED7C6"><p> <xref href="GUID-8119A243-2EF1-582A-BB94-BA2A18D02D2C.dita">Password
Based Encryption (PBE)</xref> — provides an API to encrypt and decrypt data
with a user-supplied password. </p> <p>The classes implementing PBE (for example,
for secure stream encryption) are provided in <filepath>pbe.dll</filepath>. </p> </li>
<li id="GUID-7A02B665-46BE-5DBB-9A8A-787120AA3D11"><p>Padding — is extra bits
concatenated with a key, password, or plaintext to make their length equal
to the block size. It defines the way blocks are filled with data when the
data to be encrypted is smaller than the block size. Padding is added at encryption
and checked on decryption. (See <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita#GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8/GUID-BDF6E245-AE19-55D6-89ED-BCBE0FCF006B">Block
and stream ciphers</xref> and <xref href="GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8.dita#GUID-712DF59D-FAE1-592E-82A6-4E323676F5B8/GUID-A8F9A25F-B83E-5FE7-840F-4DCF246D3D96">CPadding
class relationships</xref>.) </p> <p>The Cryptography library supports <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2125" scope="external">PKCS#1</xref> public
and private padding, and <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2129" scope="external">PKCS#7</xref> style padding (see <xref href="ftp://ftp.rfc-editor.org/in-notes/rfc2315.txt" scope="external">RFC 2315</xref> section 10.3). </p> </li>
<li id="GUID-85009712-99DF-571D-88B1-6F2B86385762"><p> <xref href="GUID-C75726D3-E815-503D-8267-26DA27AD4787.dita">Big
integers</xref> — Implementation of arbitrarily large integers. </p> <p>Note
that although some methods are exported, the intent is that this library is
only for use by the Cryptography library and not by application code. </p> </li>
</ul> </section>
</conbody></concept>