Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/PDK/Source/GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita
changeset 5 f345bda72bc4
parent 3 46218c8b8afa
child 9 59758314f811
equal deleted inserted replaced
4:4816d766a08a 5:f345bda72bc4 
     7     Nokia Corporation - initial contribution.
 
     7     Nokia Corporation - initial contribution.
 
     8 Contributors: 
     8 Contributors: 
     9 -->
 
     9 -->
 
    10 <!DOCTYPE concept
 
    10 <!DOCTYPE concept
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    12 <concept xml:lang="en" id="GUID-C7150120-74C2-5FF1-99F0-0A267393E342"><title>CryptoToken Framework Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>CryptoToken framework provides interfaces for managing cryptography certificates, keys and certificate applications. </p> <section><title>Purpose</title> <p>Cryptography certificates, keys and certificate applications are known as tokens. </p> <p>The framework provides interfaces that must be implemented to support the storage and retrieval of specific types of tokens. </p> <ul><li id="GUID-EF990C8D-8D16-5C30-B67F-064E0E509BC9"><p><xref href="GUID-064302D7-3598-57C2-89B7-CED294BE78AE.dita"> Certstore framework</xref> - Provides interfaces for implementing certificate stores </p> </li> <li id="GUID-F3DABDF6-7D50-5932-B5EA-99A2ABEE6791"><p><xref href="GUID-8D4F44CB-0B4D-51EE-A2D7-A1BBB3DD326A.dita"> Keystore framework</xref> - Provides interfaces for implementing keystores </p> </li> <li id="GUID-546CB6FA-096B-5869-8CDC-5BD5D2422F58"><p><xref href="GUID-44345B7F-77DE-5D00-BA0B-BFE40E664DA8.dita"> Certapps framework</xref> - Provides interfaces for implementing certificate application stores </p> </li> </ul> </section> <section><title>Key concepts and terms</title> <dl><dlentry><dt>Token</dt> <dd><p>A token is a physical instantiation of an object, such as a certificate or a key, stored in a phone. Each token belongs to a group of tokens called a token type. For example, an X.509 certificate is a token which belongs to the X.509 token type. </p> </dd> </dlentry> <dlentry><dt>Key</dt> <dd><p>A cryptography key is a constant value applied using a cryptographic algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified as symmetric and asymmetric based on the type of algorithm applied. If the same key is used for both encryption and decryption, it is symmetric. If different keys are used for encryption and decryption, they are asymmetric. Asymmetric keys exist in the form of a public and private key pair, where the public key is used for encryption and the private key is used for decryption. </p> </dd> </dlentry> <dlentry><dt>Certificate</dt> <dd><p>A certificate (or Public Key Infrastructure (PKI) certificate) is an electronic document that binds an identity to a public key. It is used to authenticate public keys. </p> <p>Certificates are issued by a certification authority (CA) and usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, RSA). </p> </dd> </dlentry> </dl> </section> <section><title>Architecture</title> <p>The CryptoToken framework provides interfaces that must be implemented for managing tokens. </p> <p>In the Symbian platform, applications use the Unified Store API to access file-based stores for managing certificates, keys and certificate applications. The stores are called <i>certstore</i>, <i>keystore</i> and <i>certapps</i> respectively. For more information, see <xref href="GUID-0F4DE9E0-4A98-5914-9AB1-DD6CE1A5A1F3.dita">Unified Stores</xref>. </p> <p>Device creators can use the interfaces provided by the framework to create their own implementation for managing tokens. </p> <p>In the following diagram the yellow blocks represent the components provided by Symbian and the blue blocks represent components that must be implemented by device creators. </p> <fig id="GUID-4E6F27B8-FEDF-5105-8CFA-A1F9E5C3AF46"><title>
 
    12 <concept id="GUID-C7150120-74C2-5FF1-99F0-0A267393E342" xml:lang="en"><title>CryptoToken
 
    13              CryptoToken Framework Architecture 
    13 Framework Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
    14           </title> <image href="GUID-260E0D27-DCC3-52D5-A7E1-36152A04B7C6_d0e613228_href.jpg" placement="inline"/></fig> </section> <section><title>Key classes</title> <table id="GUID-E20091F3-7CF9-53CB-A0E7-A91008E2BD6F"><tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/><thead><row><entry>Classes</entry> <entry>Description</entry> </row> </thead> <tbody><row><entry><p> <xref href="GUID-33370455-4210-304F-A780-D8F0DD4E1580.dita"><apiname>MCTToken</apiname></xref>  </p> </entry> <entry><p>Represents a token corresponding to physical instantiation of an object present in the phone such as a certificate or a key. </p> </entry> </row> <row><entry><p> <xref href="GUID-074375B2-8C22-34AE-BD89-CE8E77A7999B.dita"><apiname>MCTTokenType</apiname></xref>  </p> </entry> <entry><p>Provides an interface for handling types of token which correspond to a group. Clients access the framework using this class. </p> <p>The difference between a token type and a token is best explained with an example. Suppose a device has two identical Wireless Identity Module (WIM) slots, the code to handle WIMs can be a token type. The token type can have two tokens for the two WIMs. </p> </entry> </row> <row><entry><p> <xref href="GUID-686A1AB3-EF35-3D85-8062-6E99CEDD27A1.dita"><apiname>MCTTokenInterface</apiname></xref>  </p> </entry> <entry><p>Provides an interface for implementation of an appropriate token. </p> <p>This class provides functionality to interact with the token's reference counting framework. (Interfaces themselves are not reference counted, but the token must remain open while it has open interfaces.) </p> </entry> </row> <row><entry><p> <xref href="GUID-A3A4CA5B-6730-3149-9521-3ADE431B91D4.dita"><apiname>MCTTokenObject</apiname></xref>  </p> </entry> <entry><p>Manages references to a particular token object. </p> <p>A token object represents a one-to-one mapping with a corresponding token. It helps to identify the token through its attributes (for example, its label or token type) and provides a reference to the token that can be passed between different processes. </p> </entry> </row> </tbody> </tgroup> </table> </section> <section><title>Typical uses</title> <p>Crypto Token Framework provides standard interfaces for implementing the following: </p> <ul><li id="GUID-A1ABA8A1-544C-5120-8C3C-1FD01973106B"><p> <i>Certstore</i>, <i>keystore</i> and <i>certapps</i>. For details, see <xref href="GUID-C3290344-486B-554D-97FC-42DF48E150AA.dita">Certificate and Key Management</xref>  </p> </li> <li id="GUID-FFA4443B-6DD6-5C84-AE18-4C33DC8997D0"><p>File based tokens which stores certificates, keys and applications associated with certificates in file format in the phone. For details, see <xref href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita">File based certificate and key store</xref>. </p> </li> </ul> </section> </conbody><related-links><link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Stores</linktext> </link> <link href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita"><linktext>File-Based Certificate and Key Stores</linktext> </link> </related-links></concept>
 
    14 <p>CryptoToken framework provides interfaces for managing cryptography certificates,
 
       
    15 keys and certificate applications. </p>
 
       
    16 <section id="GUID-4FBED09A-C3D8-4A0C-8417-719D3556166A"><title>Purpose</title> <p>Cryptography certificates, keys and certificate
 
       
    17 applications are known as tokens. </p> <p>The framework provides interfaces
 
       
    18 that must be implemented to support the storage and retrieval of specific
 
       
    19 types of tokens. </p> <ul>
 
       
    20 <li id="GUID-EF990C8D-8D16-5C30-B67F-064E0E509BC9"><p><xref href="GUID-064302D7-3598-57C2-89B7-CED294BE78AE.dita"> Certstore
 
       
    21 framework</xref> - Provides interfaces for implementing certificate stores </p> </li>
 
       
    22 <li id="GUID-F3DABDF6-7D50-5932-B5EA-99A2ABEE6791"><p><xref href="GUID-8D4F44CB-0B4D-51EE-A2D7-A1BBB3DD326A.dita"> Keystore
 
       
    23 framework</xref> - Provides interfaces for implementing keystores </p> </li>
 
       
    24 <li id="GUID-546CB6FA-096B-5869-8CDC-5BD5D2422F58"><p><xref href="GUID-44345B7F-77DE-5D00-BA0B-BFE40E664DA8.dita"> Certapps
 
       
    25 framework</xref> - Provides interfaces for implementing certificate application
 
       
    26 stores </p> </li>
 
       
    27 </ul> </section>
 
       
    28 <section id="GUID-7E139AE3-08FA-404D-9E93-68730358BD8F"><title>Key concepts and terms</title> <dl>
 
       
    29 <dlentry>
 
       
    30 <dt>Token</dt>
 
       
    31 <dd><p>A token is a physical instantiation of an object, such as a certificate
 
       
    32 or a key, stored in a phone. Each token belongs to a group of tokens called
 
       
    33 a token type. For example, an X.509 certificate is a token which belongs to
 
       
    34 the X.509 token type. </p> </dd>
 
       
    35 </dlentry>
 
       
    36 <dlentry>
 
       
    37 <dt>Key</dt>
 
       
    38 <dd><p>A cryptography key is a constant value applied using a cryptographic
 
       
    39 algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified
 
       
    40 as symmetric and asymmetric based on the type of algorithm applied. If the
 
       
    41 same key is used for both encryption and decryption, it is symmetric. If different
 
       
    42 keys are used for encryption and decryption, they are asymmetric. Asymmetric
 
       
    43 keys exist in the form of a public and private key pair, where the public
 
       
    44 key is used for encryption and the private key is used for decryption. </p> </dd>
 
       
    45 </dlentry>
 
       
    46 <dlentry>
 
       
    47 <dt>Certificate</dt>
 
       
    48 <dd><p>A certificate (or Public Key Infrastructure (PKI) certificate) is an
 
       
    49 electronic document that binds an identity to a public key. It is used to
 
       
    50 authenticate public keys. </p> <p>Certificates are issued by a certification
 
       
    51 authority (CA) and usually include information such as a label, serial number,
 
       
    52 validity period, certificate format (for example, X.509) and algorithm type
 
       
    53 (for example, RSA). </p> </dd>
 
       
    54 </dlentry>
 
       
    55 </dl> </section>
 
       
    56 <section id="GUID-2F9E9817-F4DE-4EE7-8059-4A3CEA566760"><title>Architecture</title> <p>The CryptoToken framework provides
 
       
    57 interfaces that must be implemented for managing tokens. </p> <p>On
 
       
    58 the Symbian platform, applications use the Unified Store API to access file-based
 
       
    59 stores for managing certificates, keys and certificate applications. The stores
 
       
    60 are called <i>certstore</i>, <i>keystore</i> and <i>certapps</i> respectively.
 
       
    61 For more information, see <xref href="GUID-0F4DE9E0-4A98-5914-9AB1-DD6CE1A5A1F3.dita">Unified
 
       
    62 Stores</xref>. </p> <p>Device creators can use the interfaces provided by
 
       
    63 the framework to create their own implementation for managing tokens. </p> <p>In
 
       
    64 the following diagram the yellow blocks represent the components provided
 
       
    65 by Symbian and the blue blocks represent components that must be implemented
 
       
    66 by device creators. </p> <fig id="GUID-4E6F27B8-FEDF-5105-8CFA-A1F9E5C3AF46">
 
       
    67 <title>              CryptoToken Framework Architecture            </title>
 
       
    68 <image href="GUID-260E0D27-DCC3-52D5-A7E1-36152A04B7C6_d0e634240_href.jpg" placement="inline"/>
 
       
    69 </fig> </section>
 
       
    70 <section id="GUID-94D27027-0298-4B0A-AE66-52730C308B1C"><title>Key classes</title> <table id="GUID-E20091F3-7CF9-53CB-A0E7-A91008E2BD6F">
 
       
    71 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/>
 
       
    72 <thead>
 
       
    73 <row>
 
       
    74 <entry>Classes</entry>
 
       
    75 <entry>Description</entry>
 
       
    76 </row>
 
       
    77 </thead>
 
       
    78 <tbody>
 
       
    79 <row>
 
       
    80 <entry><p> <xref href="GUID-33370455-4210-304F-A780-D8F0DD4E1580.dita"><apiname>MCTToken</apiname></xref>  </p> </entry>
 
       
    81 <entry><p>Represents a token corresponding to physical instantiation of an
 
       
    82 object present in the phone such as a certificate or a key. </p> </entry>
 
       
    83 </row>
 
       
    84 <row>
 
       
    85 <entry><p> <xref href="GUID-074375B2-8C22-34AE-BD89-CE8E77A7999B.dita"><apiname>MCTTokenType</apiname></xref>  </p> </entry>
 
       
    86 <entry><p>Provides an interface for handling types of token which correspond
 
       
    87 to a group. Clients access the framework using this class. </p> <p>The difference
 
       
    88 between a token type and a token is best explained with an example. Suppose
 
       
    89 a device has two identical Wireless Identity Module (WIM) slots, the code
 
       
    90 to handle WIMs can be a token type. The token type can have two tokens for
 
       
    91 the two WIMs. </p> </entry>
 
       
    92 </row>
 
       
    93 <row>
 
       
    94 <entry><p> <xref href="GUID-686A1AB3-EF35-3D85-8062-6E99CEDD27A1.dita"><apiname>MCTTokenInterface</apiname></xref>  </p> </entry>
 
       
    95 <entry><p>Provides an interface for implementation of an appropriate token. </p> <p>This
 
       
    96 class provides functionality to interact with the token's reference counting
 
       
    97 framework. (Interfaces themselves are not reference counted, but the token
 
       
    98 must remain open while it has open interfaces.) </p> </entry>
 
       
    99 </row>
 
       
   100 <row>
 
       
   101 <entry><p> <xref href="GUID-A3A4CA5B-6730-3149-9521-3ADE431B91D4.dita"><apiname>MCTTokenObject</apiname></xref>  </p> </entry>
 
       
   102 <entry><p>Manages references to a particular token object. </p> <p>A token
 
       
   103 object represents a one-to-one mapping with a corresponding token. It helps
 
       
   104 to identify the token through its attributes (for example, its label or token
 
       
   105 type) and provides a reference to the token that can be passed between different
 
       
   106 processes. </p> </entry>
 
       
   107 </row>
 
       
   108 </tbody>
 
       
   109 </tgroup>
 
       
   110 </table> </section>
 
       
   111 <section id="GUID-CD300AAE-01FD-42BD-BA48-C4CE2474B760"><title>Typical uses</title> <p>Crypto Token Framework provides standard
 
       
   112 interfaces for implementing the following: </p> <ul>
 
       
   113 <li id="GUID-A1ABA8A1-544C-5120-8C3C-1FD01973106B"><p> <i>Certstore</i>, <i>keystore</i> and <i>certapps</i>.
 
       
   114 For details, see <xref href="GUID-C3290344-486B-554D-97FC-42DF48E150AA.dita">Certificate
 
       
   115 and Key Management</xref>  </p> </li>
 
       
   116 <li id="GUID-FFA4443B-6DD6-5C84-AE18-4C33DC8997D0"><p>File based tokens which
 
       
   117 stores certificates, keys and applications associated with certificates in
 
       
   118 file format in the phone. For details, see <xref href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita">File
 
       
   119 based certificate and key store</xref>. </p> </li>
 
       
   120 </ul> </section>
 
       
   121 </conbody><related-links>
 
       
   122 <link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Stores</linktext>
 
       
   123 </link>
 
       
   124 <link href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita"><linktext>File-Based
 
       
   125 Certificate and Key Stores</linktext></link>
 
       
   126 </related-links></concept>
MCL/sftools/depl/docscontent