Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-AE96F25E-45A2-5C00-9F27-BB3E17C8E6E5.dita
changeset 7 51a74ef9ed63
child 8 ae94777fff8f
equal deleted inserted replaced
6:43e37759235e 7:51a74ef9ed63 
       
     1 <?xml version="1.0" encoding="utf-8"?>
 
       
     2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
 
       
     3 <!-- This component and the accompanying materials are made available under the terms of the License 
       
     4 "Eclipse Public License v1.0" which accompanies this distribution, 
       
     5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
 
       
     6 <!-- Initial Contributors:
 
       
     7     Nokia Corporation - initial contribution.
 
       
     8 Contributors: 
       
     9 -->
 
       
    10 <!DOCTYPE concept
 
       
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
       
    12 <concept id="GUID-AE96F25E-45A2-5C00-9F27-BB3E17C8E6E5" xml:lang="en"><title>Certificate
 
       
    13 and Key Management Overview</title><abstract><p>The Certificate and Key Management component provides authentication
 
       
    14 services for <xref href="GUID-FB2CAA46-8EBB-5F76-847C-F3B953C9D31C.dita">Public
 
       
    15 Key Cryptography</xref>.</p></abstract><prolog><metadata><keywords/></metadata></prolog><conbody>
 
       
    16 <section><title>Purpose</title> <p>The main purpose of the Certificate and
 
       
    17 Key Management component is to provide validation services according to the
 
       
    18 Public Key Infrastructure (PKI) for <xref href="GUID-C676C4E6-93AF-59E9-886D-74D59F154490.dita">X.509</xref> Certificates. </p> <p>The
 
       
    19 Certificate and Key Management component provides interfaces for the following: </p> <ul>
 
       
    20 <li id="GUID-A3109F52-09A5-5ACD-9844-883EB9E6E37B"><p>Storage and retrieval
 
       
    21 of certificates </p> </li>
 
       
    22 <li id="GUID-27F48C66-606E-594D-A1E0-8E1B7C048C6B"><p>Assignment of trust
 
       
    23 status to a certificate on an application-by-application basis </p> </li>
 
       
    24 <li id="GUID-CF4BAB94-8FC1-5375-BDA6-1DA46DF3F68B"><p>Certificate chain construction
 
       
    25 and validation </p> </li>
 
       
    26 <li id="GUID-C44175FE-15D6-5145-8F73-CAC7F10A506A"><p>Verification of trust
 
       
    27 of a certificate </p> </li>
 
       
    28 <li id="GUID-EFDD6039-5F57-5F41-B90C-2776B247F659"><p>Generation of asymmetric
 
       
    29 key pairs </p> </li>
 
       
    30 <li id="GUID-AB119A48-43E3-5C5F-80B6-F1A92E9B6531"><p>Protected storage of
 
       
    31 keys </p> </li>
 
       
    32 <li id="GUID-14E232E1-73F1-58EE-A435-53B3D46680D4"><p>Key import and export </p> </li>
 
       
    33 <li id="GUID-21FCB8AB-8399-50E3-847A-53DF092BBA25"><p>Authenticated execution
 
       
    34 of private key operations </p> </li>
 
       
    35 </ul> </section>
 
       
    36 <section><title>Required background</title> <p>To understand Certificate and
 
       
    37 Key Management in detail, you need to have a basic understanding of the following: </p> <ul>
 
       
    38 <li id="GUID-1A307F21-3BBF-525D-98B1-3AC2035786EC"><p><xref href="GUID-FB2CAA46-8EBB-5F76-847C-F3B953C9D31C.dita">Public
 
       
    39 Key Cryptography</xref>  </p> </li>
 
       
    40 <li id="GUID-0EA3DF92-DFE8-5265-97F6-862D5198E9FF"><p><xref href="GUID-911E9F7E-D0AD-55EC-A3F4-1D427F803780.dita">Certificates</xref>  </p> </li>
 
       
    41 <li id="GUID-0D2E1131-4C60-56CB-BCDD-432AC5F660F1"><p><xref href="GUID-5C58F7D1-D672-5B6D-AD48-863EC68F7446.dita">Digital
 
       
    42 Signatures</xref>  </p> </li>
 
       
    43 </ul> </section>
 
       
    44 <section><title>Key concepts and terms</title> <dl>
 
       
    45 <dlentry>
 
       
    46 <dt>Certificate</dt>
 
       
    47 <dd><p>A certificate is an electronic document that binds an identity to a
 
       
    48 particular public or private key pair. It is commonly used to authenticate
 
       
    49 cryptographic public keys. </p> <p>Certificates are issued by a Certification
 
       
    50 Authority (CA). They usually include information such as a label, serial number,
 
       
    51 validity period, certificate format (for example, X.509) and algorithm type
 
       
    52 (for example, MD2RSA). </p> </dd>
 
       
    53 </dlentry>
 
       
    54 <dlentry>
 
       
    55 <dt>Key</dt>
 
       
    56 <dd><p>A cryptography key is a constant value applied using a cryptographic
 
       
    57 algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified
 
       
    58 as symmetric and asymmetric based on the type of algorithm applied. If the
 
       
    59 same key is used for both encryption and decryption, it is symmetric. If different
 
       
    60 keys are used for encryption and decryption, they are asymmetric. Asymmetric
 
       
    61 keys exist in the form of a public and private key pair, where the public
 
       
    62 key is used for encryption and the private key is used for decryption. </p> </dd>
 
       
    63 </dlentry>
 
       
    64 <dlentry>
 
       
    65 <dt>Certificate Store</dt>
 
       
    66 <dd><p>A certificate store is a database or a file that stores and manipulates
 
       
    67 certificates. </p> <p>The certificate store provides the following functionality: </p> <ul>
 
       
    68 <li id="GUID-4FABC2C2-8133-5398-9747-0A247344A52C"><p>Generation, storage
 
       
    69 and retrieval certificates </p> </li>
 
       
    70 <li id="GUID-F527AAE6-DCDE-5ECC-AB89-1299DC0800A4"><p>Assignment of trust
 
       
    71 status to certificates </p> </li>
 
       
    72 <li id="GUID-BA60380A-BAC7-59D4-BD7E-5C28ED24921A"><p>Retrieval of list of
 
       
    73 applications trusting a certificate </p> </li>
 
       
    74 </ul> </dd>
 
       
    75 </dlentry>
 
       
    76 <dlentry>
 
       
    77 <dt>Key Store</dt>
 
       
    78 <dd><p>A key store is a repository of keys that can be retrieved and used
 
       
    79 to accomplish a variety of tasks. </p> <p>The key store provides the following
 
       
    80 functionality: </p> <ul>
 
       
    81 <li id="GUID-F5BC1B3C-B400-5392-A68C-ACDB84ABACFC"><p>Generation, import and
 
       
    82 export of RSA, DSA, and DH key pairs </p> </li>
 
       
    83 <li id="GUID-4A5C1491-C922-5C00-94D6-0E9E05310102"><p>Listing of stored keys </p> </li>
 
       
    84 <li id="GUID-1F7B3427-3EB7-5411-A30C-0BB749C1EE73"><p>Authentication of users </p> </li>
 
       
    85 <li id="GUID-2DB4F4DF-BB77-5B7F-A724-BBAE21D5B4F4"><p>Private key operations
 
       
    86 for authenticated users </p> </li>
 
       
    87 </ul> </dd>
 
       
    88 </dlentry>
 
       
    89 <dlentry>
 
       
    90 <dt>Token</dt>
 
       
    91 <dd><p>A token is a physical instantiation of an object, such as a certificate
 
       
    92 or a key, stored in a phone. Each token belongs to a group of tokens called
 
       
    93 a token type. For example, an X.509 certificate is a token which belongs to
 
       
    94 the X.509 token type. </p> </dd>
 
       
    95 </dlentry>
 
       
    96 </dl> </section>
 
       
    97 <section><title>Architecture</title> <p>The following diagram shows the basic
 
       
    98 architecture of the Certificate and Key Management component. The blocks in
 
       
    99 blue are internal to the component. </p> <fig id="GUID-4532D14E-A9FE-595C-8B75-4FA2AE57B8EA">
 
       
   100 <image href="GUID-5BB017AA-46AE-5461-9184-98CE7FA898B9_d0e389379_href.jpg" placement="inline"/>
 
       
   101 </fig> <p>The various blocks in the basic architecture diagram of the Certificate
 
       
   102 and Key Management component are explained as follows: </p> <ul>
 
       
   103 <li id="GUID-0FCBBCA0-CD31-51AB-84D1-93994EAC54E2"><p> <b>Client Application</b>:
 
       
   104 This is a typical application that accesses the certificates or the keys of
 
       
   105 the device through Certificate and Key Management component. </p> <p>For example,
 
       
   106 a web browser that wishes to load a bank's web page to perform a money-transfer
 
       
   107 operation (in a secured mode using an <codeph>https</codeph> connection) first
 
       
   108 checks the device's certificate store for a certificate that trusts the bank's
 
       
   109 server and then loads the particular page. </p> </li>
 
       
   110 <li id="GUID-B649A55C-7446-56D8-85FB-98AB4879B8CE"><p> <b>Unified Stores</b>:
 
       
   111 The <xref href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita">Unified Stores</xref> APIs
 
       
   112 form the primary access point for client applications to use certificates
 
       
   113 or keys stored in the device. The <xref href="GUID-0010EB39-8C23-5453-BE96-4EFC520B6F81.dita">Unified
 
       
   114 Certificate Store</xref> provides a unified view of all the certificates in
 
       
   115 the device while the <xref href="GUID-695FCEB8-EA04-5C1C-A197-648275BA0281.dita">Unified
 
       
   116 Key Store</xref> provides a similar view of all the keys in the device. </p> </li>
 
       
   117 <li id="GUID-0A28DE19-3E16-5094-9964-32BE1BF50107"><p> <b>Generic Certificate
 
       
   118 and Key Stores</b>: These are the various certificate and key stores in the
 
       
   119 device. </p> </li>
 
       
   120 <li id="GUID-197709E0-7811-55F1-9EA9-7D80389B3D0A"><p> <b>File-Based Store
 
       
   121 Implementation</b>: The certificate and key stores use Symbian's <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">file-based
 
       
   122 store implementation</xref>. Based on the operations to be performed on the
 
       
   123 keys and certificates, the file-based implementation updates the physical
 
       
   124 certificate and key store files. </p> </li>
 
       
   125 </ul> </section>
 
       
   126 <section><title>APIs</title> <p>The following table lists the key APIs of
 
       
   127 the Certificate and Key Management component. The table lists APIs that perform
 
       
   128 the following tasks: </p> <ul>
 
       
   129 <li id="GUID-F6DF549D-F1B7-5662-AC36-50453FB56E02"><p>Provide implementation
 
       
   130 for certificate and key stores, and for manipulating various types of certificates. </p> </li>
 
       
   131 <li id="GUID-47864D9B-97A7-596F-9638-978E236212DE"><p>Perform different types
 
       
   132 of ASN.1 (Abstract Syntax Notation One) encoding. </p> </li>
 
       
   133 </ul> <table id="GUID-C78DF93D-7684-52FB-BA00-3A060789E26B">
 
       
   134 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
 
       
   135 <thead>
 
       
   136 <row>
 
       
   137 <entry>API</entry>
 
       
   138 <entry>Description</entry>
 
       
   139 </row>
 
       
   140 </thead>
 
       
   141 <tbody>
 
       
   142 <row>
 
       
   143 <entry><p> <b>Unified Store APIs</b>  </p> </entry>
 
       
   144 </row>
 
       
   145 <row>
 
       
   146 <entry><p> <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita"><apiname>CUnifiedCertStore</apiname></xref>  </p> </entry>
 
       
   147 <entry><p>Provides a common implementation for all certificate stores in the
 
       
   148 device. </p> </entry>
 
       
   149 </row>
 
       
   150 <row>
 
       
   151 <entry><p> <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita"><apiname>CUnifiedKeyStore</apiname></xref>  </p> </entry>
 
       
   152 <entry><p>Provides a common implementation for all key stores in the device. </p> </entry>
 
       
   153 </row>
 
       
   154 <row>
 
       
   155 <entry><p> <b>Certificate APIs</b>  </p> </entry>
 
       
   156 </row>
 
       
   157 <row>
 
       
   158 <entry><p> <xref href="GUID-4C645733-8F0C-3AC8-A19E-0AB005F4CE7F.dita"><apiname>CX500DistinguishedName</apiname></xref>  </p> </entry>
 
       
   159 <entry><p>Provides implementation for parsing and matching the <xref href="GUID-C93D021E-D99A-5839-AB54-3D8D7620214A.dita">X.500</xref> distinguished
 
       
   160 names. </p> </entry>
 
       
   161 </row>
 
       
   162 <row>
 
       
   163 <entry><p> <xref href="GUID-21954042-44FA-3376-A4C1-D7DE560144C8.dita"><apiname>CX520AttributeTypeAndValue</apiname></xref>  </p> </entry>
 
       
   164 <entry><p>Provides implementation for parsing and matching attribute types
 
       
   165 and values, as defined by the X.520 standard. </p> </entry>
 
       
   166 </row>
 
       
   167 <row>
 
       
   168 <entry><p> <xref href="GUID-1309FCDC-229B-36C7-85A9-4540ABC869F9.dita"><apiname>CX509GeneralName</apiname></xref>  </p> </entry>
 
       
   169 <entry><p>Provides implementation for manipulation of X.509 certificates. </p> </entry>
 
       
   170 </row>
 
       
   171 <row>
 
       
   172 <entry><p> <xref href="GUID-A919BE84-8257-3911-9AD1-B1DB736346CE.dita"><apiname>CX509CertChain</apiname></xref>  </p> </entry>
 
       
   173 <entry><p>Provides implementation for X.509 certificate chain validation. </p> </entry>
 
       
   174 </row>
 
       
   175 <row>
 
       
   176 <entry><p> <xref href="GUID-A9B59AEF-C278-3E20-A57B-15293F833A71.dita"><apiname>CX509RSAPublicKey</apiname></xref>  </p> </entry>
 
       
   177 <entry><p>Provides APIs for encoding and decoding of RSA public keys. </p> </entry>
 
       
   178 </row>
 
       
   179 <row>
 
       
   180 <entry><p> <xref href="GUID-9AD19EB1-44D4-339A-A30A-2B43817DB2CB.dita"><apiname>CX509ExtensionBase</apiname></xref>  </p> </entry>
 
       
   181 <entry><p>Provides APIs for manipulating various X.509 certificate extensions. </p> </entry>
 
       
   182 </row>
 
       
   183 <row>
 
       
   184 <entry><p> <xref href="GUID-3E94241B-3B37-3C64-8CFF-7795063160AF.dita"><apiname>CWTLSCertificate</apiname></xref>  </p> </entry>
 
       
   185 <entry><p>Provides implementation for construction and manipulation of <xref href="GUID-A636C1B3-8AB2-52D7-BB19-4CC93F4BDD97.dita">WTLS</xref> (Wireless Transport
 
       
   186 Layer Security) certificates. </p> </entry>
 
       
   187 </row>
 
       
   188 <row>
 
       
   189 <entry><p> <xref href="GUID-04C4024C-2987-37F9-8D85-ACCB3D4C1293.dita"><apiname>CWTLSName</apiname></xref>  </p> </entry>
 
       
   190 <entry><p>Provides implementation for manipulation of WTLS names. </p> </entry>
 
       
   191 </row>
 
       
   192 <row>
 
       
   193 <entry><p> <xref href="GUID-A8600958-D424-366C-A56D-68A77949EA28.dita"><apiname>CWTLSRSAPublicKey</apiname></xref>  </p> </entry>
 
       
   194 <entry><p>Provides implementation for manipulation of RSA public keys associated
 
       
   195 with WTLS certificates. </p> </entry>
 
       
   196 </row>
 
       
   197 <row>
 
       
   198 <entry><p> <xref href="GUID-56E949D5-EA4F-361C-8523-2965A336B009.dita"><apiname>CWTLSCertChain</apiname></xref>  </p> </entry>
 
       
   199 <entry><p>Provides implementation for validation of WTLS certificate chains. </p> </entry>
 
       
   200 </row>
 
       
   201 <row>
 
       
   202 <entry><p> <b>ASN.1 Encoding APIs</b>  </p> </entry>
 
       
   203 </row>
 
       
   204 <row>
 
       
   205 <entry><p> <xref href="GUID-1EBCC3C4-3E57-3424-BB41-E74E8120197E.dita"><apiname>CASN1EncBigInt</apiname></xref>  </p> </entry>
 
       
   206 <entry><p>Encodes Big Integer objects. </p> </entry>
 
       
   207 </row>
 
       
   208 <row>
 
       
   209 <entry><p> <xref href="GUID-6B9883C8-9382-3941-A949-3D8E2B7C7EA5.dita"><apiname>CASN1EncBitString</apiname></xref>  </p> </entry>
 
       
   210 <entry><p>Encodes bit strings (for example, keys). </p> </entry>
 
       
   211 </row>
 
       
   212 <row>
 
       
   213 <entry><p> <xref href="GUID-DE64C76D-D70B-36DC-826C-1662CFBD26D4.dita"><apiname>CASN1EncBoolean</apiname></xref>  </p> </entry>
 
       
   214 <entry><p>Encodes Boolean values. </p> </entry>
 
       
   215 </row>
 
       
   216 <row>
 
       
   217 <entry><p> <xref href="GUID-1E9BA30C-729E-3C49-8DB4-5D693EF2C84E.dita"><apiname>CASN1EncEncoding</apiname></xref>  </p> </entry>
 
       
   218 <entry><p>Encapsulates already encoded information. </p> </entry>
 
       
   219 </row>
 
       
   220 <row>
 
       
   221 <entry><p> <xref href="GUID-964E6C04-4AE0-3085-AF0A-6580264AEF36.dita"><apiname>CASN1EncExplicitTag</apiname></xref>  </p> </entry>
 
       
   222 <entry><p>Wraps other encoding objects and provides them with an explicit
 
       
   223 tag. </p> </entry>
 
       
   224 </row>
 
       
   225 <row>
 
       
   226 <entry><p> <xref href="GUID-523EA13D-42F1-31DE-95F2-91AC56C58B62.dita"><apiname>CASN1EncGeneralizedTime</apiname></xref>  </p> </entry>
 
       
   227 <entry><p>Encodes time-related objects. </p> </entry>
 
       
   228 </row>
 
       
   229 <row>
 
       
   230 <entry><p> <xref href="GUID-B4839A2D-E3C1-3405-8776-38A3F5D47FD3.dita"><apiname>CASN1EncInt</apiname></xref>  </p> </entry>
 
       
   231 <entry><p>Encodes <codeph>TInt</codeph> objects. </p> </entry>
 
       
   232 </row>
 
       
   233 <row>
 
       
   234 <entry><p> <xref href="GUID-1ED494A4-503F-3651-946E-E99771348EF6.dita"><apiname>CASN1EncNull</apiname></xref>  </p> </entry>
 
       
   235 <entry><p>Encodes NULL values. </p> </entry>
 
       
   236 </row>
 
       
   237 <row>
 
       
   238 <entry><p> <xref href="GUID-45B0317A-CBB5-369E-877B-C166F9BAE3DF.dita"><apiname>CASN1EncObjectIdentifier</apiname></xref>  </p> </entry>
 
       
   239 <entry><p>Encodes object identifiers. </p> </entry>
 
       
   240 </row>
 
       
   241 <row>
 
       
   242 <entry><p> <xref href="GUID-4170E6D8-A1A5-3E84-B12D-D737CEC0A698.dita"><apiname>CASN1EncOctetString</apiname></xref>  </p> </entry>
 
       
   243 <entry><p>Encodes octet strings. </p> </entry>
 
       
   244 </row>
 
       
   245 <row>
 
       
   246 <entry><p> <xref href="GUID-1B53FA4B-3D36-38AF-97CE-6BA64E9520F3.dita"><apiname>CASN1EncPrimitive</apiname></xref>  </p> </entry>
 
       
   247 <entry><p>All ASN.1 primitive type encoding classes derive from this class. </p> </entry>
 
       
   248 </row>
 
       
   249 <row>
 
       
   250 <entry><p> <xref href="GUID-22AC4FE1-1EB4-341C-9CF8-F153F0346858.dita"><apiname>CASN1EncPrintableString</apiname></xref>  </p> </entry>
 
       
   251 <entry><p>Encodes printable strings. </p> </entry>
 
       
   252 </row>
 
       
   253 <row>
 
       
   254 <entry><p> <xref href="GUID-A0846E03-BC80-3549-B59D-A0F2230E9AC9.dita"><apiname>CASN1EncSequence</apiname></xref>  </p> </entry>
 
       
   255 <entry><p>Encodes the <xref href="http://www.asn1.org/books/Explain.html" scope="external">SEQUENCE</xref> and <xref href="http://www.asn1.org/books/Explain.html" scope="external">SEQUENCE-OF</xref> data types. </p> </entry>
 
       
   256 </row>
 
       
   257 <row>
 
       
   258 <entry><p> <xref href="GUID-98D3BDD5-8136-3C66-8381-73E0A8EE910E.dita"><apiname>CASN1EncSet</apiname></xref>  </p> </entry>
 
       
   259 <entry><p>Encodes the <xref href="http://www.asn1.org/books/Explain.html" scope="external">SET</xref> and <xref href="http://www.asn1.org/books/Explain.html" scope="external">SET-OF</xref> data types. </p> </entry>
 
       
   260 </row>
 
       
   261 </tbody>
 
       
   262 </tgroup>
 
       
   263 </table> </section>
 
       
   264 <section><title>Typical uses</title> <p>The Certificate and Key Management
 
       
   265 component performs the following tasks: </p> <ul>
 
       
   266 <li id="GUID-1C7ED95B-442D-5D05-8E20-95B0F3E17438"><p>Validating certificates
 
       
   267 in PKIX </p> </li>
 
       
   268 <li id="GUID-8D85F504-F3AB-545E-8FF1-3F6FCEC0D5E8"><p>Adding certificates </p> </li>
 
       
   269 <li id="GUID-AC9BF0B0-1A1B-5995-A443-F4E21123CE56"><p>Finding certificates </p> </li>
 
       
   270 <li id="GUID-24C041AA-A7BF-5887-B993-E1EA5BA35B66"><p>Managing applicability
 
       
   271 and trust settings </p> </li>
 
       
   272 <li id="GUID-1FC9F3D9-69C5-56E1-99F6-31B36644B42D"><p>Removing certificates </p> </li>
 
       
   273 <li id="GUID-2923D772-0455-5B9A-BD9E-0CC20678A729"><p>Retrieving certificates </p> </li>
 
       
   274 <li id="GUID-B1BEDD53-5309-529F-B29A-C42D62ABCC3E"><p>Creating keys </p> </li>
 
       
   275 <li id="GUID-46E25298-08E8-560B-9084-5BD38154FA32"><p>Importing keys </p> </li>
 
       
   276 <li id="GUID-6FFE5197-8FA0-5760-A068-544CBAB21798"><p>Exporting keys </p> </li>
 
       
   277 <li id="GUID-6B1E12DA-6B0C-58F5-8A31-3BF5D2A9D464"><p>Retrieving keys </p> </li>
 
       
   278 <li id="GUID-F13A93BD-B5F5-5FD8-A035-817EFD6A2CF6"><p>Deleting keys </p> </li>
 
       
   279 <li id="GUID-3BC3D476-6DE9-5DF2-AC9E-7952C87C38DE"><p>Signing keys </p> </li>
 
       
   280 <li id="GUID-B9D742CE-C2DE-5930-B3E6-4837B7AC1579"><p>Retrieving key stores </p> </li>
 
       
   281 <li id="GUID-0B2B267D-F907-5E0D-BE31-DDB4D06F51D8"><p>Setting and retrieving
 
       
   282 authentication policies </p> </li>
 
       
   283 <li id="GUID-ED651B05-554A-5B02-BDAF-B61282F7DB4D"><p>Setting use and management
 
       
   284 policies </p> </li>
 
       
   285 </ul> <p>See <xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita">Unified
 
       
   286 Certificate Store Tutorial</xref> and <xref href="GUID-6C6AED40-D5B3-5613-8F92-FD2CB711AE54.dita">Unified
 
       
   287 Keystore Tutorials</xref> for details of these tasks. </p> </section>
 
       
   288 </conbody><related-links>
 
       
   289 <link href="GUID-6F73ED8C-E259-5717-AB84-0C2933A866DA.dita"><linktext>OS Security
 
       
   290 Concepts</linktext></link>
 
       
   291 </related-links></concept>
MCL/sftools/depl/docscontent