Symbian3/PDK/Source/GUID-8D4F44CB-0B4D-51EE-A2D7-A1BBB3DD326A.dita
author Dominic Pinkman <dominic.pinkman@nokia.com>
Wed, 16 Jun 2010 10:24:13 +0100
changeset 10 d4524d6a4472
parent 9 59758314f811
child 12 80ef3a206772
permissions -rw-r--r--
removal of PIPS 'antiword' example pending a decision on its license

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-8D4F44CB-0B4D-51EE-A2D7-A1BBB3DD326A" xml:lang="en"><title>Keystore
Framework</title><shortdesc>Keystore framework provides interfaces for implementing a keystore.
A key store is a repository of keys that can be stored and retrieved to perform
cryptographic operations such as listing stored keys, generating, importing
and exporting of RSA, DSA, and DH key pairs and performing private key operations
for authenticated users of phone. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody>
<section id="GUID-6C4B35F7-2BB3-5AF4-875F-766C3DFF2112"><title>Description</title> <p>The
keystore framework is an extension of <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">CryptoToken
framework</xref>. The framework provides interfaces that must be implemented
to retrieve keys from the key store. It provides the following functionalities: </p> <ul>
<li id="GUID-1C594AF0-F534-50FD-B286-EB4E1BF834B6"><p>Signing through keys
in signature algorithms such as RSA and DSA </p> </li>
<li id="GUID-EAFBE61D-C669-576E-9005-488DAACE4197"><p>Encrypting and decrypting
operations using keys </p> </li>
</ul> <p>Device creators can use the interfaces provided by the framework
to implement keystore for managing keys. </p> <fig id="GUID-73BAE36F-8C14-585D-A2EB-9939CEFB38C2">
<title>              Symbian Keystore Implementation            </title>
<image href="GUID-AF91088E-CCE3-5D51-B2E4-09621B4BF506_d0e622292_href.jpg" placement="inline"/>
</fig> <table id="GUID-A3996684-57CF-5049-B24A-2E3E7B157D43">
<tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
<tbody>
<row>
<entry><p> <b>Classes</b>  </p> </entry>
<entry><p> <b>Description</b>  </p> </entry>
</row>
<row>
<entry><p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTTokenInterface</apiname></xref>  </p> </entry>
<entry><p>Provides an interface for the implementation of an appropriate token
(here, token refers to a key). </p> </entry>
</row>
<row>
<entry><p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MKeyStore</apiname></xref>  </p> </entry>
<entry><p>Defines an interface to implement a read-only keystore. </p> </entry>
</row>
<row>
<entry><p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTKeyStore</apiname></xref>  </p> </entry>
<entry><p>Defines an interface to implement a read-only keystore token. This
class allows retrieving details of a key stored in a keystore. </p> </entry>
</row>
<row>
<entry><p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTKeyStoreManager</apiname></xref>  </p> </entry>
<entry><p>Defines the interface to implement a keystore manager </p> </entry>
</row>
</tbody>
</tgroup>
</table> <p><b>Keystore framework interfaces</b></p><p>The keystore framework
provides interfaces for the following functionalities: </p> <ul>
<li id="GUID-391E4CA1-F6C7-54FC-B630-AE0FBD706E39"><p> <b>Retrieval of keys</b>: </p> <p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTTokenObject</apiname></xref> is used to retrieve a
token specific to implementation of <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTTokenInterface</apiname></xref>.
The retrieved token object is used to perform cryptographic operations such
as signing, decryption and so on. </p> </li>
<li id="GUID-0720C046-AD66-5992-BBED-E5BCE7882FB7"><p> <b>Key information</b>: </p> <p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>CKeyInfoBase</apiname></xref> forms the base class for <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>CCTKeyInfo</apiname></xref>. All key store implementations
need to interface with this class for accessing or manipulating key details. </p> <p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>CCTKeyInfo</apiname></xref> contains all the relevant
information of a key such as ID, type, size, usage, algorithm, security policy
associated to the key. It's implementation is derived from <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTTokenObject</apiname></xref> and <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>CKeyInfoBase</apiname></xref>. </p> </li>
<li id="GUID-5CC341C4-CAF1-5975-A262-3DB9985FBAEE"><p> <b>Protection of keys</b>: </p> <p> <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTAuthenticationObject</apiname></xref> provides interface
to control authentication mechanism of the keys. It allows to query and manipulate
authentication objects that are returned as token interface from <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTAuthenticationObjectList</apiname></xref>. It is accessed
by calling a function of <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>CCTKeyInfo</apiname></xref>. </p> </li>
<li id="GUID-65B4C977-D4A1-5EDB-B36E-CD2B248AE346"><p> <b> Cryptographic operations</b>: </p> <p> <b>Signing</b>: <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTSigner</apiname></xref> provides interface to implement
signing through keys. The framework supports two types of signing algorithms;
RSA and DSA through the <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MRSASigner</apiname></xref> and
the <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MDSASigner</apiname></xref> classes. </p> <p> <b>Decryption</b>: <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTDecryptor</apiname></xref> provides interface to implement
decryption functionality through keys. </p> <p> <b>DH agreement </b>: <xref href="GUID-79B9C190-E68F-34F2-8A6C-8350A66D6BAE.dita"><apiname>MCTDH</apiname></xref> provides interface to implement <xref href="http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange" scope="external">Diffie
Hellman (DH) key</xref> exchange protocol. </p> </li>
</ul> <fig id="GUID-6B46BC3C-77F3-59DF-8579-DB0076304835">
<title>                 Keystore Framework Interfaces               </title>
<image href="GUID-D99BA39B-BC58-51AC-B148-0945736FFC03_d0e622532_href.jpg" placement="inline"/>
</fig> </section>
</conbody><related-links>
<link href="GUID-695FCEB8-EA04-5C1C-A197-648275BA0281.dita"><linktext>Unified Keystore </linktext>
</link>
<link href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita"><linktext>CryptoToken
Framework Overview</linktext></link>
</related-links></concept>