<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-C3846503-BEFE-5539-B7ED-FD1915D38380"><title>Crypto Services Overview</title><shortdesc>The Crypto Services collection provides interfaces for handling cryptographic keys, certificates and certificate applications. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody><section id="GUID-DB24DEE4-0371-5A9D-8312-E1A30D16BE98"><title>Description</title> <p>The Crypto Services collection provides the following functionality: </p> <ul><li id="GUID-8A5BBCFD-8C51-5691-8BAB-ABA61E2A89A5"><p> <b>Certificate and key management</b> </p> <ul><li id="GUID-4B48DCF2-6141-57DB-B94F-D5EADE25F81C"><p>Storage and retrieval of certificates </p> </li> <li id="GUID-97D8D57A-9C86-5AE8-BDF1-D3CC243160C2"><p>Construction and validation of certificate chains </p> </li> <li id="GUID-10A80D2E-3005-55B7-A18D-C4494E979305"><p>Verification of trust of a certificate </p> </li> <li id="GUID-3C2A949E-0B87-508E-AB00-50D2CF4AA76E"><p>Generation, import and export of RSA, DSA and DH key pairs </p> </li> <li id="GUID-7FB614C5-3AF3-5D87-AEC3-8C24F6C546B4"><p>Listing of available keys </p> </li> <li id="GUID-2A2DE7EA-19F0-562E-ABA2-2C6B6D96713E"><p>Private key operations </p> </li> </ul> <p>Certificates and key are stored in a number of stores. Device creators can deploy their own key and certificate stores or use the <xref href="GUID-B8EF4291-18FE-572F-AAA1-CF7C491F4DA1.dita">file-based implementation</xref> provided by the Symbian platform. </p> </li> <li id="GUID-7EF058BA-BE55-53CF-9769-6D8A8223A65D"><p> <b>Encoding and decoding Public Key Cryptography Standards (PKCS) key pairs</b> </p> <p>The ASN-PKCS component of the Crypto Services collection provides functionality for encoding and decoding <xref scope="external" href="http://www.rsasecurity.com/rsalabs/node.asp?id=2130">PKCS#8</xref> key pairs (including the key pairs encrypted in the <xref scope="external" href="http://www.rsasecurity.com/rsalabs/node.asp?id=2127">PKCS#5</xref> format). For details, see <xref href="GUID-EDE54D27-D902-5C67-BF8E-5E7E0A33A98E.dita">ASN-PKCS Overview</xref>. </p> <p> </p> </li> <li id="GUID-597AFD26-3B68-5C91-9D0E-A9B6582B1EF8"><p> <b>Validating certificates</b> </p> <p>To validate a certificate, an application must have at least one certificate which it trusts directly. This is called a root certificate. Different applications trust different certificates. </p> <p>The Crypto Services collection enables validation of certificates on an application-by-application basis. For details, see <xref href="GUID-A3B58436-07E4-565B-800B-86435D205461.dita">Certificate Validation in PKIX</xref>. </p> </li> </ul> </section> <section id="GUID-0F3F2A3E-827D-54E6-BADF-7D736E246ABC"><title>Components</title> <p>The Crypto Services collection comprises the following components: </p> <ul><li id="GUID-C7CB9014-9077-52EF-9617-6931C1DFB1BE"><p><xref href="GUID-C3290344-486B-554D-97FC-42DF48E150AA.dita">Certificate and Key Management</xref> </p> </li> <li id="GUID-E1B8CA80-E7CD-535E-A0D7-9DE5536C5EBC"><p><xref href="GUID-A5DCCEB1-77DA-53C9-A1A3-07615DFCD403.dita">File-Based Certificate and Key Stores</xref> </p> </li> <li id="GUID-200F5F0E-CECA-51D0-8C49-87E685641619"><p><xref href="GUID-92025FE2-16B1-59FE-9967-6972F6E7D4CA.dita">Root Certificates</xref> </p> </li> <li id="GUID-FABDB4C9-A7F0-5FD6-B084-9B1273CA97E6"><p><xref href="GUID-314992D7-F6E1-5335-9EDA-DE89E67CDF57.dita">ASN-PKCS</xref> </p> </li> </ul> </section> <section><title>Using Crypto Services</title> <p>See the following topics for details of the key uses of the Crypto Services collection: </p> <ul><li id="GUID-ED4F09F1-DBCC-5E18-95CD-C579E6E964D4"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita">Unified Certificate Store Tutorial</xref> </p> </li> <li id="GUID-C42469DA-F805-5CF9-A987-7F0855414326"><p><xref href="GUID-6C6AED40-D5B3-5613-8F92-FD2CB711AE54.dita">Unified Key Store Tutorials</xref> </p> </li> <li id="GUID-70FCBC23-3F48-5F9A-8A22-82D7FF16528F"><p><xref href="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C.dita"> Root Certificates</xref> </p> </li> </ul> </section> </conbody></concept>