Addition of the PDK content and example code for Documentation_content according to Feature bug 1607 and bug 1608
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-C7150120-74C2-5FF1-99F0-0A267393E342"><title>CryptoToken Framework Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>CryptoToken framework provides interfaces for managing cryptography certificates, keys and certificate applications. </p> <section><title>Purpose</title> <p>Cryptography certificates, keys and certificate applications are known as tokens. </p> <p>The framework provides interfaces that must be implemented to support the storage and retrieval of specific types of tokens. </p> <ul><li id="GUID-EF990C8D-8D16-5C30-B67F-064E0E509BC9"><p><xref href="GUID-064302D7-3598-57C2-89B7-CED294BE78AE.dita"> Certstore framework</xref> - Provides interfaces for implementing certificate stores </p> </li> <li id="GUID-F3DABDF6-7D50-5932-B5EA-99A2ABEE6791"><p><xref href="GUID-8D4F44CB-0B4D-51EE-A2D7-A1BBB3DD326A.dita"> Keystore framework</xref> - Provides interfaces for implementing keystores </p> </li> <li id="GUID-546CB6FA-096B-5869-8CDC-5BD5D2422F58"><p><xref href="GUID-44345B7F-77DE-5D00-BA0B-BFE40E664DA8.dita"> Certapps framework</xref> - Provides interfaces for implementing certificate application stores </p> </li> </ul> </section> <section><title>Key concepts and terms</title> <dl><dlentry><dt>Token</dt> <dd><p>A token is a physical instantiation of an object, such as a certificate or a key, stored in a phone. Each token belongs to a group of tokens called a token type. For example, an X.509 certificate is a token which belongs to the X.509 token type. </p> </dd> </dlentry> <dlentry><dt>Key</dt> <dd><p>A cryptography key is a constant value applied using a cryptographic algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified as symmetric and asymmetric based on the type of algorithm applied. If the same key is used for both encryption and decryption, it is symmetric. If different keys are used for encryption and decryption, they are asymmetric. Asymmetric keys exist in the form of a public and private key pair, where the public key is used for encryption and the private key is used for decryption. </p> </dd> </dlentry> <dlentry><dt>Certificate</dt> <dd><p>A certificate (or Public Key Infrastructure (PKI) certificate) is an electronic document that binds an identity to a public key. It is used to authenticate public keys. </p> <p>Certificates are issued by a certification authority (CA) and usually include information such as a label, serial number, validity period, certificate format (for example, X.509) and algorithm type (for example, RSA). </p> </dd> </dlentry> </dl> </section> <section><title>Architecture</title> <p>The CryptoToken framework provides interfaces that must be implemented for managing tokens. </p> <p>In the Symbian platform, applications use the Unified Store API to access file-based stores for managing certificates, keys and certificate applications. The stores are called <i>certstore</i>, <i>keystore</i> and <i>certapps</i> respectively. For more information, see <xref href="GUID-0F4DE9E0-4A98-5914-9AB1-DD6CE1A5A1F3.dita">Unified Stores</xref>. </p> <p>Device creators can use the interfaces provided by the framework to create their own implementation for managing tokens. </p> <p>In the following diagram the yellow blocks represent the components provided by Symbian and the blue blocks represent components that must be implemented by device creators. </p> <fig id="GUID-4E6F27B8-FEDF-5105-8CFA-A1F9E5C3AF46"><title>
CryptoToken Framework Architecture
</title> <image href="GUID-260E0D27-DCC3-52D5-A7E1-36152A04B7C6_d0e613228_href.jpg" placement="inline"/></fig> </section> <section><title>Key classes</title> <table id="GUID-E20091F3-7CF9-53CB-A0E7-A91008E2BD6F"><tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/><thead><row><entry>Classes</entry> <entry>Description</entry> </row> </thead> <tbody><row><entry><p> <xref href="GUID-33370455-4210-304F-A780-D8F0DD4E1580.dita"><apiname>MCTToken</apiname></xref> </p> </entry> <entry><p>Represents a token corresponding to physical instantiation of an object present in the phone such as a certificate or a key. </p> </entry> </row> <row><entry><p> <xref href="GUID-074375B2-8C22-34AE-BD89-CE8E77A7999B.dita"><apiname>MCTTokenType</apiname></xref> </p> </entry> <entry><p>Provides an interface for handling types of token which correspond to a group. Clients access the framework using this class. </p> <p>The difference between a token type and a token is best explained with an example. Suppose a device has two identical Wireless Identity Module (WIM) slots, the code to handle WIMs can be a token type. The token type can have two tokens for the two WIMs. </p> </entry> </row> <row><entry><p> <xref href="GUID-686A1AB3-EF35-3D85-8062-6E99CEDD27A1.dita"><apiname>MCTTokenInterface</apiname></xref> </p> </entry> <entry><p>Provides an interface for implementation of an appropriate token. </p> <p>This class provides functionality to interact with the token's reference counting framework. (Interfaces themselves are not reference counted, but the token must remain open while it has open interfaces.) </p> </entry> </row> <row><entry><p> <xref href="GUID-A3A4CA5B-6730-3149-9521-3ADE431B91D4.dita"><apiname>MCTTokenObject</apiname></xref> </p> </entry> <entry><p>Manages references to a particular token object. </p> <p>A token object represents a one-to-one mapping with a corresponding token. It helps to identify the token through its attributes (for example, its label or token type) and provides a reference to the token that can be passed between different processes. </p> </entry> </row> </tbody> </tgroup> </table> </section> <section><title>Typical uses</title> <p>Crypto Token Framework provides standard interfaces for implementing the following: </p> <ul><li id="GUID-A1ABA8A1-544C-5120-8C3C-1FD01973106B"><p> <i>Certstore</i>, <i>keystore</i> and <i>certapps</i>. For details, see <xref href="GUID-C3290344-486B-554D-97FC-42DF48E150AA.dita">Certificate and Key Management</xref> </p> </li> <li id="GUID-FFA4443B-6DD6-5C84-AE18-4C33DC8997D0"><p>File based tokens which stores certificates, keys and applications associated with certificates in file format in the phone. For details, see <xref href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita">File based certificate and key store</xref>. </p> </li> </ul> </section> </conbody><related-links><link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Stores</linktext> </link> <link href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita"><linktext>File-Based Certificate and Key Stores</linktext> </link> </related-links></concept>