Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/PDK/Source/GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1.dita
changeset 5 f345bda72bc4
parent 3 46218c8b8afa
child 14 578be2adaf3e 
--- a/Symbian3/PDK/Source/GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1.dita	Tue Mar 30 11:42:04 2010 +0100
+++ b/Symbian3/PDK/Source/GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1.dita	Tue Mar 30 11:56:28 2010 +0100
@@ -1,12 +1,117 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
-<!-- This component and the accompanying materials are made available under the terms of the License 
-"Eclipse Public License v1.0" which accompanies this distribution, 
-and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
-<!-- Initial Contributors:
-    Nokia Corporation - initial contribution.
-Contributors: 
--->
-<!DOCTYPE concept
-  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
-<concept xml:lang="en" id="GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1"><title>File-Based Certificate and Key Stores Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>The File-Based Certificate and Key Stores manage cryptography certificates, keys and certificate applications in a device. </p> <section><title>Required background</title> <p>To understand File-Based Certificate and Key Stores, you need to have a basic understanding of the following: </p> <ul><li id="GUID-E2202F0C-F4D1-5DB8-8048-D815F65CC599"><p><xref href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita">Crypto-Token Framework</xref>  </p> </li> </ul> </section> <section><title>Key concepts and terms</title> <dl><dlentry><dt>Token</dt> <dd><p>A token is a physical instantiation of an object, such as a certificate or a key, stored in a phone. Each token belongs to a group of tokens called a token type. For example, an X.509 certificate is a token which belongs to the X.509 token type. </p> </dd> </dlentry> <dlentry><dt>Key</dt> <dd><p>A cryptography key is a constant value applied using a cryptographic algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified as symmetric and asymmetric based on the type of algorithm applied. If the same key is used for both encryption and decryption, it is symmetric. If different keys are used for encryption and decryption, they are asymmetric. Asymmetric keys exist in the form of a public and private key pair, where the public key is used for encryption and the private key is used for decryption. </p> </dd> </dlentry> <dlentry><dt>Certificate</dt> <dd><p>A certificate (or Public Key Infrastructure (PKI) certificate) is an electronic document that binds an identity to a public key. It is used to authenticate public keys. </p> <p>Certificates are issued by a certification authority (CA) and usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, RSA). </p> </dd> </dlentry> <dlentry><dt>Certificate Store</dt> <dd><p>A certificate store is a database or a file that stores and manipulates certificates. </p> <p>Certificate stores typically provide the following functionality: </p> <ul><li id="GUID-E054023C-F86C-520E-9619-6AE5149CD69E"><p>Generation, storage and retrieval of certificates </p> </li> <li id="GUID-18A9F698-4715-58B0-A85D-461796A3708A"><p>Assigning trust status to certificates </p> </li> <li id="GUID-1CF81CBF-6B12-5D83-AD33-B3A026B13733"><p>Retrieving list of applications trusting a certificate </p> </li> </ul> </dd> </dlentry> <dlentry><dt>Key Store</dt> <dd><p>A key store is a repository of keys that can be retrieved and used to accomplish a variety of tasks. </p> <p>Key stores typically provide the following functionality: </p> <ul><li id="GUID-B45FB71B-1CEA-511A-936E-9386345285B2"><p>Generation, import and export of RSA, DSA, and DH key pairs </p> </li> <li id="GUID-51C117AA-37C9-5467-A699-187BE8C580F0"><p>Listing stored keys </p> </li> <li id="GUID-B18A26D3-6B19-524D-B70A-05FC07E8E513"><p>Performing private key operations for authenticated users </p> </li> </ul> </dd> </dlentry> <dlentry><dt>Certificate Applications Store</dt> <dd><p>The certificate applications store holds a list of the human-readable names and UIDs of applications that make use of (trust) the certificates held in the certificate stores. </p> </dd> </dlentry> </dl> </section> <section><title>Architecture</title> <p>See the <b>Architecture</b> section of the <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">Crypto-Token Framework Overview</xref> for details. </p> </section> <section><title>Description</title> <p>Symbian platform provides device creators with a file-based software plug-in implementation of key, certificate and certificate application stores in the device such that these can be directly used. These stores are implemented using the <xref href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita">Crypto-Token Framework</xref>. They are deployed ahead of the device creators' stores at ROM build. </p> <p>The <xref href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita">Unified Store</xref> APIs form the single point of access for applications that require access to certificates, keys and certificate applications in the device. While the <xref href="GUID-0010EB39-8C23-5453-BE96-4EFC520B6F81.dita">Unified Certificate Store</xref> API provides a unified view of all the certificate stores and the certificate applications stores in the device, the <xref href="GUID-695FCEB8-EA04-5C1C-A197-648275BA0281.dita">Unified Key Store</xref> API provides a similar view of all the key stores in the device. Although applications can bypass the Unified Stores and gain access through additional, configurable plug-in interfaces of the file-based certificate and key stores, this is not recommended. </p> <p>Device creators can choose to exclude this component at the time of ROM build. However, at least one implementation of the stores (Symbian's or the device creator's implementation) must be available to ensure the normal functioning of the applications that use the certificates, keys and certificate applications in the device. </p> <p> <b>Note:</b> Device creators, by default, are provided with tools to manipulate certificate and key stores. For details of these tools, see <xref href="GUID-93C32496-036F-5000-B6FD-CAECAD21DEB8.dita">Certtool</xref> and <xref href="GUID-BD7B20B9-0C04-5F71-8562-246BB60AE769.dita">Keytool</xref>. </p> </section> <section><title>APIs</title> <p>See the <b>Key Classes</b> section of the <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">Crypto-Token Framework Overview</xref> for details. </p> </section> <section><title>Typical uses</title> <p>See the following sections for details of the typical uses of the certificate and key stores: </p> <ul><li id="GUID-8B1C7AEA-C67A-5D7F-A1EF-1459C72849A6"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita">Unified Certificate Store Tutorial</xref>  </p> </li> <li id="GUID-8BACA3C0-B1F7-5B62-AE59-5CC06CA33EA1"><p><xref href="GUID-6C6AED40-D5B3-5613-8F92-FD2CB711AE54.dita">Unified Key Store Tutorials</xref>  </p> </li> </ul> </section> </conbody><related-links><link href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita"><linktext>Crypto-Token Framework</linktext> </link> <link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Store</linktext> </link> </related-links></concept>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License 
+"Eclipse Public License v1.0" which accompanies this distribution, 
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+    Nokia Corporation - initial contribution.
+Contributors: 
+-->
+<!DOCTYPE concept
+  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1" xml:lang="en"><title>File-Based
+Certificate and Key Stores Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>The File-Based Certificate and Key Stores manage cryptography certificates,
+keys and certificate applications in a device. </p>
+<section id="GUID-76219F94-BD45-4C25-9FDE-137662DA06F9"><title>Required background</title> <p>To understand File-Based Certificate
+and Key Stores, you need to have a basic understanding of the following: </p> <ul>
+<li id="GUID-E2202F0C-F4D1-5DB8-8048-D815F65CC599"><p><xref href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita">Crypto-Token
+Framework</xref>  </p> </li>
+</ul> </section>
+<section id="GUID-2C994F1A-F3E2-42F1-813A-A25930A827DC"><title>Key concepts and terms</title> <dl>
+<dlentry>
+<dt>Token</dt>
+<dd><p>A token is a physical instantiation of an object, such as a certificate
+or a key, stored in a phone. Each token belongs to a group of tokens called
+a token type. For example, an X.509 certificate is a token which belongs to
+the X.509 token type. </p> </dd>
+</dlentry>
+<dlentry>
+<dt>Key</dt>
+<dd><p>A cryptography key is a constant value applied using a cryptographic
+algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified
+as symmetric and asymmetric based on the type of algorithm applied. If the
+same key is used for both encryption and decryption, it is symmetric. If different
+keys are used for encryption and decryption, they are asymmetric. Asymmetric
+keys exist in the form of a public and private key pair, where the public
+key is used for encryption and the private key is used for decryption. </p> </dd>
+</dlentry>
+<dlentry>
+<dt>Certificate</dt>
+<dd><p>A certificate (or Public Key Infrastructure (PKI) certificate) is an
+electronic document that binds an identity to a public key. It is used to
+authenticate public keys. </p> <p>Certificates are issued by a certification
+authority (CA) and usually include information such as a label, serial number,
+validity period, certificate format (for example, X.509) and algorithm type
+(for example, RSA). </p> </dd>
+</dlentry>
+<dlentry>
+<dt>Certificate Store</dt>
+<dd><p>A certificate store is a database or a file that stores and manipulates
+certificates. </p> <p>Certificate stores typically provide the following functionality: </p> <ul>
+<li id="GUID-E054023C-F86C-520E-9619-6AE5149CD69E"><p>Generation, storage
+and retrieval of certificates </p> </li>
+<li id="GUID-18A9F698-4715-58B0-A85D-461796A3708A"><p>Assigning trust status
+to certificates </p> </li>
+<li id="GUID-1CF81CBF-6B12-5D83-AD33-B3A026B13733"><p>Retrieving list of applications
+trusting a certificate </p> </li>
+</ul> </dd>
+</dlentry>
+<dlentry>
+<dt>Key Store</dt>
+<dd><p>A key store is a repository of keys that can be retrieved and used
+to accomplish a variety of tasks. </p> <p>Key stores typically provide the
+following functionality: </p> <ul>
+<li id="GUID-B45FB71B-1CEA-511A-936E-9386345285B2"><p>Generation, import and
+export of RSA, DSA, and DH key pairs </p> </li>
+<li id="GUID-51C117AA-37C9-5467-A699-187BE8C580F0"><p>Listing stored keys </p> </li>
+<li id="GUID-B18A26D3-6B19-524D-B70A-05FC07E8E513"><p>Performing private key
+operations for authenticated users </p> </li>
+</ul> </dd>
+</dlentry>
+<dlentry>
+<dt>Certificate Applications Store</dt>
+<dd><p>The certificate applications store holds a list of the human-readable
+names and UIDs of applications that make use of (trust) the certificates held
+in the certificate stores. </p> </dd>
+</dlentry>
+</dl> </section>
+<section id="GUID-359392CB-4DD8-4494-86B0-4E9DCDB359E6"><title>Architecture</title> <p>See the <b>Architecture</b> section
+of the <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">Crypto-Token
+Framework Overview</xref> for details. </p> </section>
+<section id="GUID-BCA11717-7A0F-4506-8E89-BD68008C1DA2"><title>Description</title> <p>The Symbian platform provides
+device creators with a file-based software plug-in implementation of key,
+certificate and certificate application stores in the device such that these
+can be directly used. These stores are implemented using the <xref href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita">Crypto-Token
+Framework</xref>. They are deployed ahead of the device creators' stores at
+ROM build. </p> <p>The <xref href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita">Unified
+Store</xref> APIs form the single point of access for applications that require
+access to certificates, keys and certificate applications in the device. While
+the <xref href="GUID-0010EB39-8C23-5453-BE96-4EFC520B6F81.dita">Unified Certificate
+Store</xref> API provides a unified view of all the certificate stores and
+the certificate applications stores in the device, the <xref href="GUID-695FCEB8-EA04-5C1C-A197-648275BA0281.dita">Unified
+Key Store</xref> API provides a similar view of all the key stores in the
+device. Although applications can bypass the Unified Stores and gain access
+through additional, configurable plug-in interfaces of the file-based certificate
+and key stores, this is not recommended. </p> <p>Device creators can choose
+to exclude this component at the time of ROM build. However, at least one
+implementation of the stores (Symbian's or the device creator's implementation)
+must be available to ensure the normal functioning of the applications that
+use the certificates, keys and certificate applications in the device. </p> <p> <b>Note:</b> Device
+creators, by default, are provided with tools to manipulate certificate and
+key stores. For details of these tools, see <xref href="GUID-93C32496-036F-5000-B6FD-CAECAD21DEB8.dita">Certtool</xref> and <xref href="GUID-BD7B20B9-0C04-5F71-8562-246BB60AE769.dita">Keytool</xref>. </p> </section>
+<section id="GUID-1109D836-EF43-47AC-B9B5-CD103CE3760F"><title>APIs</title> <p>See the <b>Key Classes</b> section of the <xref href="GUID-C7150120-74C2-5FF1-99F0-0A267393E342.dita">Crypto-Token Framework Overview</xref> for
+details. </p> </section>
+<section id="GUID-16209BE8-5A3D-4AEB-8F39-C0E4A8708E75"><title>Typical uses</title> <p>See the following sections for details
+of the typical uses of the certificate and key stores: </p> <ul>
+<li id="GUID-8B1C7AEA-C67A-5D7F-A1EF-1459C72849A6"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita">Unified
+Certificate Store Tutorial</xref>  </p> </li>
+<li id="GUID-8BACA3C0-B1F7-5B62-AE59-5CC06CA33EA1"><p><xref href="GUID-6C6AED40-D5B3-5613-8F92-FD2CB711AE54.dita">Unified
+Key Store Tutorials</xref>  </p> </li>
+</ul> </section>
+</conbody><related-links>
+<link href="GUID-A6FF1073-AA55-588D-8DC1-0A8C16864891.dita"><linktext>Crypto-Token
+Framework</linktext></link>
+<link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Store</linktext>
+</link>
+</related-links></concept>
\ No newline at end of file
MCL/sftools/depl/docscontent