| Tizen Native API
    9.0
    | 
It provides APIs accessing on the secure repository and additional secure cryptographic operations.
Required Header
#include <ckmc/ckmc-manager.h>
Overview
It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
| Functions | |
| int | ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) | 
| Stores a key inside key manager based on the provided policy. | |
| int | ckmc_update_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) | 
| Updates the key inside the key manager based on the provided policy. | |
| int | ckmc_remove_key (const char *alias) TIZEN_DEPRECATED_API | 
| Removes a key from key manager. | |
| int | ckmc_get_key (const char *alias, const char *password, ckmc_key_s **ppkey) | 
| Gets a key from key manager. | |
| int | ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list) | 
| Gets a list of all of the keys aliases that the client can access. | |
| int | ckmc_get_key_alias_info_list (ckmc_alias_info_list_s **ppalias_list) | 
| Gets the information about all of the aliases of keys that the client can access. | |
| int | ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) | 
| Stores a certificate inside key manager based on the provided policy. | |
| int | ckmc_update_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) | 
| Updates the certificate inside the key manager based on the provided policy. | |
| int | ckmc_remove_cert (const char *alias) TIZEN_DEPRECATED_API | 
| Removes a certificate from key manager. | |
| int | ckmc_get_cert (const char *alias, const char *password, ckmc_cert_s **ppcert) | 
| Gets a certificate from key manager. | |
| int | ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list) | 
| Gets all alias of certificates which the client can access. | |
| int | ckmc_get_cert_alias_info_list (ckmc_alias_info_list_s **ppalias_list) | 
| Gets the information about all the aliases of certificates that the client can access. | |
| int | ckmc_save_pkcs12 (const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) | 
| Stores PKCS12's contents inside key manager based on the provided policies. | |
| int | ckmc_update_pkcs12 (const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) | 
| Updates PKCS12's contents inside the key manager based on the provided policies. All items from the PKCS12 use the same alias. | |
| int | ckmc_get_pkcs12 (const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) | 
| Gets a pkcs12 from key manager. | |
| int | ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) | 
| Stores a data inside key manager based on the provided policy. | |
| int | ckmc_update_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) | 
| Updates the data inside the key manager based on the provided policy. | |
| int | ckmc_remove_data (const char *alias) TIZEN_DEPRECATED_API | 
| Removes a data from key manager. | |
| int | ckmc_get_data (const char *alias, const char *password, ckmc_raw_buffer_s **ppdata) | 
| Gets a data from key manager. | |
| int | ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list) | 
| Gets all alias of data which the client can access. | |
| int | ckmc_get_data_alias_info_list (ckmc_alias_info_list_s **ppalias_list) | 
| Gets the information about all the aliases of data that the client can access. | |
| int | ckmc_create_key_pair_rsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) | 
| Creates RSA private/public key pair and stores them inside key manager based on each policy. | |
| int | ckmc_create_key_pair_dsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) | 
| Creates DSA private/public key pair and stores them inside key manager based on each policy. | |
| int | ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) | 
| Creates ECDSA private/public key pair and stores them inside key manager based on each policy. | |
| int | ckmc_create_key_aes (size_t size, const char *key_alias, ckmc_policy_s key_policy) | 
| Creates AES key and stores it inside key manager based on the policy. | |
| int | ckmc_create_signature (const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature) | 
| Creates and returns a signature for a given message using a private key. | |
| int | ckmc_verify_signature (const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding) | 
| Verifies a given signature created for a given message using a public key and returns the signature's status. | |
| int | ckmc_get_cert_chain (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) | 
| Verifies a certificate chain and returns that chain. | |
| int | ckmc_get_cert_chain_with_alias (const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API | 
| Verifies a certificate chain using an alias list of untrusted certificates and returns that chain. | |
| int | ckmc_get_cert_chain_with_trustedcert (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list) | 
| Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. | |
| int | ckmc_ocsp_check (const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) TIZEN_DEPRECATED_API | 
| Performs OCSP that checks whether a certificate is revoked or not. | |
| int | ckmc_allow_access (const char *alias, const char *accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API | 
| Allows another application to access client's application data. | |
| int | ckmc_set_permission (const char *alias, const char *accessor, int permissions) | 
| Allows another application to access client's application data. | |
| int | ckmc_deny_access (const char *alias, const char *accessor) TIZEN_DEPRECATED_API | 
| Revokes another application's access to client's application data. | |
| int | ckmc_remove_alias (const char *alias) | 
| Removes an entry (no matter of type) from the key manager. | |
| int | ckmc_encrypt_data (ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted) | 
| Encrypts data using selected key and algorithm. | |
| int | ckmc_decrypt_data (ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted) | 
| Decrypts data using selected key and algorithm. | |
| int | ckmc_import_wrapped_key (const ckmc_param_list_h params, const char *wrapping_key_alias, const char *wrapping_key_password, const char *alias, const ckmc_key_s *wrapped_key, const ckmc_policy_s policy) | 
| Unwraps one key with another and stores it inside key manager. | |
| int | ckmc_export_wrapped_key (const ckmc_param_list_h params, const char *wrapping_key_alias, const char *wrapping_key_password, const char *alias, const char *password, ckmc_key_s **ppwrapped_key) | 
| Wraps one key with another and returns it to the client. | |
| int | ckmc_key_derive (const ckmc_param_list_h params, const char *secret_alias, const char *secret_password, const char *new_key_alias, ckmc_policy_s new_key_policy) | 
| Derives a secret or key from another key/secret and stores it inside key manager. | |
| int | ckmc_cipher_initialize (ckmc_param_list_h params, const char *key_alias, const char *key_password, bool encrypt, ckmc_cipher_ctx_h *context) | 
| Sets up a symmetric encryption or decryption context with given key and parameters. | |
| int | ckmc_cipher_update (ckmc_cipher_ctx_h context, const ckmc_raw_buffer_s in, ckmc_raw_buffer_s **ppout) | 
| Performs symmetric encryption or decryption of the input and places the result in the output. | |
| int | ckmc_cipher_finalize (ckmc_cipher_ctx_h context, const ckmc_raw_buffer_s *in, ckmc_raw_buffer_s **ppout) | 
| Finalizes symmetric encryption or decryption and returns remaining output if any. | |
| void | ckmc_cipher_free (ckmc_cipher_ctx_h context) | 
| Destroys the encryption/decryption context and releases all its resources. | |
| int | ckmc_get_backend_info (ckmc_backend_id_e backend, ckmc_backend_info_h *ppinfo) | 
| Retrieves backend information. | |
Function Documentation
| int ckmc_allow_access | ( | const char * | alias, | 
| const char * | accessor, | ||
| ckmc_access_right_e | granted | ||
| ) | 
Allows another application to access client's application data.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_set_permission() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- Data identified by alias should exist.
- Parameters:
- 
  [in] alias Data alias for which access will be granted [in] accessor Package id of the application that will gain access rights [in] granted Rights granted for accessor application 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or modify permissions CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_deny_access()
| int ckmc_cipher_finalize | ( | ckmc_cipher_ctx_h | context, | 
| const ckmc_raw_buffer_s * | in, | ||
| ckmc_raw_buffer_s ** | ppout | ||
| ) | 
Finalizes symmetric encryption or decryption and returns remaining output if any.
- Since :
- 6.0
- Remarks:
- After the call to this function the ckmc_cipher_update() can be called no more.
- The newly created ppout must be destroyed using ckmc_buffer_free() when it's no longer needed.
- When using CKMC_ALGO_AES_GCM decryption the GCM tag must be passed as in. In other cases in should be set to NULL.
- When using CKMC_ALGO_AES_GCM encryption the GCM tag will be returned in ppout.
- The ppout will be set to NULL if the output is empty.
- Parameters:
- 
  [in] context Encryption/decryption context created with ckmc_cipher_initialize() [in] in Optional additional decryption input required by some of the modes [out] ppout Encryption/decryption output 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (context = NULL, ppout = NULL) CKMC_ERROR_SERVER_ERROR Unknown error 
| void ckmc_cipher_free | ( | ckmc_cipher_ctx_h | context | ) | 
Destroys the encryption/decryption context and releases all its resources.
- Since :
- 6.0
- Parameters:
- 
  [in] context Encryption/decryption context created with ckmc_cipher_initialize() 
| int ckmc_cipher_initialize | ( | ckmc_param_list_h | params, | 
| const char * | key_alias, | ||
| const char * | key_password, | ||
| bool | encrypt, | ||
| ckmc_cipher_ctx_h * | context | ||
| ) | 
Sets up a symmetric encryption or decryption context with given key and parameters.
- Since :
- 6.0
- Remarks:
- The newly created context must be destroyed using ckmc_cipher_free() when it's no longer needed.
- The context must point to NULL if it's the first call. Otherwise, it must point to the previously returned context.
- To perform the encryption/decryption, one or more calls to ckmc_cipher_update() must be followed by one call to ckmc_cipher_finalize().
- To pass CKMC_PARAM_ED_AAD in multiple chunks call the ckmc_cipher_initialize() multiple times with consecutive portions of the AAD in the params and the context returned from the first call. It must be done before the first call to ckmc_cipher_update().
- Parameters:
- 
  [in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] key_alias Alias of the key to be used for encryption/decryption [in] key_password Optional password of the key used for encryption/decryption [in] encrypt Encryption/decryption switch (true=encryption, false=decryption) [out] context Encryption/decryption context 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager or the key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter, key_alias = NULL, context = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN key_alias does not exist CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because key_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_cipher_update | ( | ckmc_cipher_ctx_h | context, | 
| const ckmc_raw_buffer_s | in, | ||
| ckmc_raw_buffer_s ** | ppout | ||
| ) | 
Performs symmetric encryption or decryption of the input and places the result in the output.
- Since :
- 6.0
- Remarks:
- The function may be called multiple times to encrypt successive blocks of data.
- The newly created ppout must be destroyed using ckmc_buffer_free() when it's no longer needed.
- The ppout will be set to NULL if the output is empty.
- Note that the backend may impose limit on the maximum size of processed data (ckmc_backend_get_max_chunk_size()).
- Parameters:
- 
  [in] context Encryption/decryption context created with ckmc_cipher_initialize() [in] in Encryption/decryption input [out] ppout Encryption/decryption output 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (context = NULL, ppout = NULL) CKMC_ERROR_SERVER_ERROR Unknown error 
| int ckmc_create_key_aes | ( | size_t | size, | 
| const char * | key_alias, | ||
| ckmc_policy_s | key_policy | ||
| ) | 
Creates AES key and stores it inside key manager based on the policy.
- Since :
- 3.0
- Remarks:
- The supported sizes are: 128,192and256bits.
- If password in the policy is provided, the key is additionally encrypted with the password in the policy.
- Parameters:
- 
  [in] size The size of key strength to be created [in] key_alias The name of key to be stored [in] key_policy Key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager or to create the key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_create_key_pair_dsa | ( | const size_t | size, | 
| const char * | private_key_alias, | ||
| const char * | public_key_alias, | ||
| const ckmc_policy_s | policy_private_key, | ||
| const ckmc_policy_s | policy_public_key | ||
| ) | 
Creates DSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- 
The supported sizes are: 1024,2048,3072and (Since 7.0)4096bits.
- If password in the policy is provided, the key is additionally encrypted with the password in the policy.
- The private_key_alias must be different than public_key_alias.
- Parameters:
- 
  [in] size The size of key strength to be created [in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key Private key storing policy [in] policy_public_key Public key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_create_key_pair_ecdsa | ( | const ckmc_ec_type_e | type, | 
| const char * | private_key_alias, | ||
| const char * | public_key_alias, | ||
| const ckmc_policy_s | policy_private_key, | ||
| const ckmc_policy_s | policy_public_key | ||
| ) | 
Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- If password in the policy is provided, the key is additionally encrypted with the password in the policy.
- Currently supported elliptic curves of ECDSA are: CKMC_EC_PRIME192V1, CKMC_EC_PRIME256V1, CKMC_EC_SECP384R1
- The private_key_alias must be different than public_key_alias.
- Parameters:
- 
  [in] type The type of elliptic curve of ECDSA [in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key Private key storing policy [in] policy_public_key Public key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_create_key_pair_rsa | ( | const size_t | size, | 
| const char * | private_key_alias, | ||
| const char * | public_key_alias, | ||
| const ckmc_policy_s | policy_private_key, | ||
| const ckmc_policy_s | policy_public_key | ||
| ) | 
Creates RSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- 
The supported sizes are: 1024,2048,3072and4096bits.
- If password in the policy is provided, the key is additionally encrypted with the password in the policy.
- The private_key_alias must be different than public_key_alias.
- Parameters:
- 
  [in] size The size of key strength to be created [in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key Private key storing policy [in] policy_public_key Public key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_create_signature | ( | const char * | private_key_alias, | 
| const char * | password, | ||
| const ckmc_raw_buffer_s | message, | ||
| const ckmc_hash_algo_e | hash, | ||
| const ckmc_rsa_padding_algo_e | padding, | ||
| ckmc_raw_buffer_s ** | ppsignature | ||
| ) | 
Creates and returns a signature for a given message using a private key.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- If policy contains password when storing a key, the same password should be provided.
- The newly created ppsignature must be destroyed by calling ckmc_buffer_free() if it is no longer needed.
- CKMC_HASH_NONE is invalid for DSA, ECDSA and RSA with X9.31 padding.
- If padding is CKMC_NONE_PADDING the user must use CKMC_HASH_NONE and the message must be equal to the key length.
- The padding is used only when the signature algorithm is RSA.
- If an error occurs the *ppsignature will be NULL on return.
- Parameters:
- 
  [in] private_key_alias The name of private key [in] password The password used in decrypting a private key value [in] message The message that is signed with a private key [in] hash The hash algorithm used in signature creation [in] padding The RSA padding algorithm used in signature creation [out] ppsignature The pointer to a newly created signature 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_decrypt_data | ( | ckmc_param_list_h | params, | 
| const char * | key_alias, | ||
| const char * | password, | ||
| const ckmc_raw_buffer_s | encrypted, | ||
| ckmc_raw_buffer_s ** | ppdecrypted | ||
| ) | 
Decrypts data using selected key and algorithm.
- Since :
- 3.0
- Remarks:
- Key identified by key_alias should exist.
- The ppdecrypted must be destroyed with ckmc_buffer_free().
- Parameters:
- 
  [in] params Algorithm parameter list handle. User should use the same parameters that were used for encryption. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] key_alias Alias of the key to be used for encryption [in] password The password used in decrypting a key value. If password of the policy is provided in ckmc_save_key(), the same password should be provided [in] encrypted Data to be decrypted. CKMC_ALGO_AES_GCM mode requires GCM tag to be appended at the end. In case of AES algorithm the backend may impose limit on the maximum size of processed data (ckmc_backend_get_max_chunk_size()). [out] ppdecrypted Decrypted data 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or the decrypting key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter, GCM tag authentication failed, key or data is wrong, in case of RSA key is wrong or data too long, encrypted = NULL, ppdecrypted = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect CKMC_ERROR_SERVER_ERROR Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_deny_access | ( | const char * | alias, | 
| const char * | accessor | ||
| ) | 
Revokes another application's access to client's application data.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_set_permission() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- Data identified by alias should exist.
- Only access previously granted with ckmc_allow_access() can be revoked.
- Parameters:
- 
  [in] alias Data alias for which access will be revoked [in] accessor Package id of the application that will lose access rights 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or modify permissions CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the accessor doesn't have access to alias CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_allow_access()
- ckmc_set_permission()
| int ckmc_encrypt_data | ( | ckmc_param_list_h | params, | 
| const char * | key_alias, | ||
| const char * | password, | ||
| const ckmc_raw_buffer_s | decrypted, | ||
| ckmc_raw_buffer_s ** | ppencrypted | ||
| ) | 
Encrypts data using selected key and algorithm.
- Since :
- 3.0
- Remarks:
- Key identified by key_alias should exist.
- If password of the policy is provided in ckmc_save_key(), the same password should be provided.
- In case of AES algorithm the backend may impose limit on the maximum size of processed data (ckmc_backend_get_max_chunk_size()).
- For RSA the size must be smaller or equal to: key size in bytes - 2 * hash function output size in bytes - 2. Example: for 1024 RSA key and hash SHA1 the maximum data size is 1024/8 - 2*160/8 = 86.
- The ppencrypted must be destroyed with ckmc_buffer_free().
- In CKMC_ALGO_AES_GCM mode the ppencrypted includes the GCM tag appended at the end.
- Parameters:
- 
  [in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] key_alias Alias of the key to be used for encryption [in] password The password used in decrypting a key value [in] decrypted Data to be encrypted [out] ppencrypted Encrypted data 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or the encrypting key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter or RSA data too long, decrypted = NULL, ppencrypted = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect CKMC_ERROR_SERVER_ERROR Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_export_wrapped_key | ( | const ckmc_param_list_h | params, | 
| const char * | wrapping_key_alias, | ||
| const char * | wrapping_key_password, | ||
| const char * | alias, | ||
| const char * | password, | ||
| ckmc_key_s ** | ppwrapped_key | ||
| ) | 
Wraps one key with another and returns it to the client.
- Since :
- 6.0
- Remarks:
- The wrapping key must be either symmetric (CKMC_KEY_AES) or public RSA (CKMC_KEY_RSA_PUBLIC).
- The ppwrapped_key should be released using ckmc_key_free().
- The key denoted by alias can only be CKMC_KEY_AES.
- If the wrapping key is public RSA, the key size denoted by alias must be smaller than: wrapping key size in bits - 2* hash function output size in bits - 16. Example: for 1024 RSA wrapping key and hash SHA384 the key size must be smaller than: 1024 - 2*384 - 16 = 240 bits.
- 
Considering the key size limit it's recommended to use RSA key longer than 1024bits.
- In CKMC_ALGO_AES_GCM mode the ppwrapped_key includes the GCM tag appended at the end.
- Parameters:
- 
  [in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] wrapping_key_alias The name of the wrapping key [in] wrapping_key_password An optional password of the wrapping key [in] alias The name of the key to be wrapped and exported [in] password An optional password used to decrypt the key pointed by alias [out] ppwrapped_key The wrapped key 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager, the wrapping key or the key being wrapped CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter, GCM tag authentication failed, wrapping_key_alias = NULL, alias = NULL, ppwrapped_key = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN wrapping_key_alias or alias does not exist CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because wrapping_key_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_backend_info | ( | ckmc_backend_id_e | backend, | 
| ckmc_backend_info_h * | ppinfo | ||
| ) | 
Retrieves backend information.
- Since :
- 6.0
- Remarks:
- The newly created ppinfo must be destroyed using ckmc_backend_info_free() when it's no longer needed.
- Parameters:
- 
  [in] backend Backend identifier [out] ppinfo Backend information handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (backend is invalid, ppinfo = NULL) CKMC_ERROR_SERVER_ERROR Unknown error 
| int ckmc_get_cert | ( | const char * | alias, | 
| const char * | password, | ||
| ckmc_cert_s ** | ppcert | ||
| ) | 
Gets a certificate from key manager.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access certificate stored by the client.
- A DER encoded certificate will be returned as a return value.
- If policy contains password in ckmc_save_cert(), the same password should be provided.
- The newly created ppcert must be destroyed by calling ckmc_cert_free() if it is no longer needed.
- Parameters:
- 
  [in] alias The name of a certificate to retrieve [in] password The password used in decrypting a certificate value [out] ppcert The pointer to a newly created ckmc_cert_s handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_cert_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) | 
Gets the information about all the aliases of certificates that the client can access.
- Since :
- 5.5
- Remarks:
- A client can only access data stored by the client and the entries from system database if it was explicitly permitted to.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_info_list_all_free() if it is no longer needed.
- If there is no available certificate alias, ppalias_list will return NULL.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all certificate aliases 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager or to read the alias list CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_cert_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) | 
Gets all alias of certificates which the client can access.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- If there is no available key alias the ppalias_list will be NULL on return.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_cert_chain | ( | const ckmc_cert_s * | cert, | 
| const ckmc_cert_list_s * | untrustedcerts, | ||
| ckmc_cert_list_s ** | ppcert_chain_list | ||
| ) | 
Verifies a certificate chain and returns that chain.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- The trusted root certificate of the chain should exist in the system's certificate storage.
- The newly created ppcert_chain_list must be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
- If an error occurs the ppcert_chain_list will be NULL on return.
- Parameters:
- 
  [in] cert The certificate to be verified [in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain [out] ppcert_chain_list The pointer to a newly created certificate chain's handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_cert_list_all_free()
| int ckmc_get_cert_chain_with_alias | ( | const ckmc_cert_s * | cert, | 
| const ckmc_alias_list_s * | untrustedcerts, | ||
| ckmc_cert_list_s ** | ppcert_chain_list | ||
| ) | 
Verifies a certificate chain using an alias list of untrusted certificates and returns that chain.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_get_cert_chain() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- The trusted root certificate of the chain should exist in the system's certificate storage.
- The newly created ppcert_chain_list must be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
- untrustedcerts shouldn't be protected with optional password.
- If an error occurs the ppcert_chain_list will be NULL on return.
- Parameters:
- 
  [in] cert The certificate to be verified [in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used to verify a certificate chain [out] ppcert_chain_list The pointer to a newly created certificate chain's handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_cert_chain_with_trustedcert | ( | const ckmc_cert_s * | cert, | 
| const ckmc_cert_list_s * | untrustedcerts, | ||
| const ckmc_cert_list_s * | trustedcerts, | ||
| const bool | use_trustedsystemcerts, | ||
| ckmc_cert_list_s ** | ppcert_chain_list | ||
| ) | 
Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates.
- Since :
- 2.4
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage.
- The newly created ppcert_chain_list must be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
- If an error occurs the ppcert_chain_list will be NULL on return.
- Parameters:
- 
  [in] cert The certificate to be verified [in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain [in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain [in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage [out] ppcert_chain_list The pointer to a newly created certificate chain's handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_cert_list_all_free()
| int ckmc_get_data | ( | const char * | alias, | 
| const char * | password, | ||
| ckmc_raw_buffer_s ** | ppdata | ||
| ) | 
Gets a data from key manager.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- If policy contains password in ckmc_save_data(), the same password should be provided.
- The newly created ppdata must be destroyed by calling ckmc_buffer_free() if it is no longer needed.
- Parameters:
- 
  [in] alias The name of data to retrieve [in] password The password used in decrypting a data value [out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_data_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) | 
Gets the information about all the aliases of data that the client can access.
- Since :
- 5.5
- Remarks:
- A client can only access data stored by the client and the entries from system database if it was explicitly permitted to.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_info_list_all_free() if it is no longer needed.
- If there is no available data alias the ppalias_list will be NULL on return.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all data aliases 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager or to read the alias list CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_data_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) | 
Gets all alias of data which the client can access.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- If there is no available key alias, ppalias_list will be NULL on return.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_key | ( | const char * | alias, | 
| const char * | password, | ||
| ckmc_key_s ** | ppkey | ||
| ) | 
Gets a key from key manager.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- If policy contains password in ckmc_save_key(), the same password should be provided.
- The newly created ppkey must be destroyed by calling ckmc_key_free() if it is no longer needed.
- Parameters:
- 
  [in] alias The name of a key to retrieve [in] password The password used in decrypting a key value [out] ppkey The pointer to a newly created ckmc_key_s handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_key_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) | 
Gets the information about all of the aliases of keys that the client can access.
- Since :
- 5.5
- Remarks:
- A client can only access data stored by the client and the entries from system database if it was explicitly permitted to.
- If there is no available key alias the ppalias_list will be NULL on return.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_info_list_all_free() if it is no longer needed.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all keys aliases 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager or to read the alias list CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_key_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) | 
Gets a list of all of the keys aliases that the client can access.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- If there is no available key alias the ppalias_list will be NULL on return.
- The newly created ppalias_list must be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
- 
  [out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available aliases of keys 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_get_pkcs12 | ( | const char * | alias, | 
| const char * | key_password, | ||
| const char * | cert_password, | ||
| ckmc_pkcs12_s ** | pkcs12 | ||
| ) | 
Gets a pkcs12 from key manager.
- Since :
- 2.4
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- A client can only access data stored by the client.
- The newly created pkcs12 must be destroyed by calling ckmc_pkcs12_free() if it is no longer needed.
- Parameters:
- 
  [in] alias The name of a data to retrieve [in] key_password Password that was used to encrypt privateKey (may be NULL) [in] cert_password Password used to encrypt certificates (may be NULL) [out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED key_password or cert_password does not match with password used to encrypt data 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_save_pkcs12()
- ckmc_remove_alias()
| int ckmc_import_wrapped_key | ( | const ckmc_param_list_h | params, | 
| const char * | wrapping_key_alias, | ||
| const char * | wrapping_key_password, | ||
| const char * | alias, | ||
| const ckmc_key_s * | wrapped_key, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Unwraps one key with another and stores it inside key manager.
- Since :
- 6.0
- Remarks:
- The wrapping key must be either symmetric (CKMC_KEY_AES) or private RSA (CKMC_KEY_RSA_PRIVATE).
- key_type in wrapped_key can only be CKMC_KEY_AES.
- password in wrapped_key must be set to NULL. There's no need to additionally encrypt a wrapped key.
- If password in policy is provided, the stored key is additionally encrypted with it.
- If extractable in policy is set to false, the stored key may still be exported in a wrapped form.
- Note that the backend may impose limit on the maximum size of wrapped_key (ckmc_backend_get_max_chunk_size()).
- CKMC_ALGO_AES_GCM mode requires GCM tag to be appended at the end of the wrapped_key.
- Parameters:
- 
  [in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] wrapping_key_alias The name of the wrapping key. [in] wrapping_key_password An optional password of the wrapping key [in] alias The name of a key to be stored [in] wrapped_key The wrapped key to be unwrapped and stored [in] policy Key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager, the wrapping key or to create the unwrapped key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter, GCM tag authentication failed, wrapping_key_alias = NULL, alias = NULL, wrapped_key = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN wrapping_key_alias does not exist CKMC_ERROR_DB_ALIAS_EXISTS alias already exists CKMC_ERROR_INVALID_FORMAT The format of wrapped_key is not valid CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because wrapping_key_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_key_derive | ( | const ckmc_param_list_h | params, | 
| const char * | secret_alias, | ||
| const char * | secret_password, | ||
| const char * | new_key_alias, | ||
| ckmc_policy_s | new_key_policy | ||
| ) | 
Derives a secret or key from another key/secret and stores it inside key manager.
- Since :
- 6.0
- Remarks:
- In case of CKMC_ALGO_KBKDF algorithm, the secret pointed to by secret_alias must be a binary data or a symmetric key (CKMC_KEY_AES). The derived key pointed to by new_key_alias will be a symmetric one. It will be stored as a CKMC_KEY_AES.
- In case of CKMC_ALGO_ECDH algorithm, the key pointed to by secret_alias must be a private EC key (CKMC_KEY_ECDSA_PRIVATE). The derived secret pointed to by new_key_alias will be in binary data form.
- Parameters:
- 
  [in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] secret_alias Alias of the secret/key to use as an input [in] secret_password Optional password of the secret/key used as an input [in] new_key_alias The name under which the derived key or secret will be stored [in] new_key_policy Policy used to store the derived key or secret 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager, the secret or to create the new key/secret CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter, secret_alias = NULL, new_key_alias = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN secret_alias does not exist CKMC_ERROR_DB_ALIAS_EXISTS new_key_alias already exists CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Secret decryption failed because secret_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- Example
- int key_derive(const ckmc_raw_buffer_s* peers_public) { int ret; const char* const SECRET_ALIAS = "shared_secret"; const char* const KEY_ALIAS = "derived_key"; const char* const OURS_PRV_ALIAS = "ours_private"; const char* const OURS_PUB_ALIAS = "ours_public"; char label[] = "label"; char context[] = "context"; ckmc_param_list_h ecdh_params = nullptr; ckmc_param_list_h kbkdf_params = nullptr; ckmc_raw_buffer_s* label_buf = nullptr; ckmc_raw_buffer_s* context_buf = nullptr; ckmc_policy_s unexportable { nullptr, false }; ckmc_policy_s exportable { nullptr, true }; // generate EC key pair ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, OURS_PRV_ALIAS, OURS_PUB_ALIAS, unexportable, exportable); if (ret != CKMC_ERROR_NONE) return -1; // set ECDH params ret = ckmc_param_list_new(&ecdh_params); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(ecdh_params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_buffer(ecdh_params, CKMC_PARAM_ECDH_PUBKEY, peers_public); if (ret != CKMC_ERROR_NONE) goto exit; // derive shared secret ret = ckmc_key_derive(ecdh_params, OURS_PRV_ALIAS, nullptr, SECRET_ALIAS, unexportable); if (ret != CKMC_ERROR_NONE) goto exit; // set KBKDF params ret = ckmc_param_list_new(&kbkdf_params); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(kbkdf_params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_KBKDF); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(kbkdf_params, CKMC_PARAM_KDF_PRF, CKMC_KDF_PRF_HMAC_SHA256); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(kbkdf_params, CKMC_PARAM_KBKDF_MODE, CKMC_KBKDF_MODE_COUNTER); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(kbkdf_params, CKMC_PARAM_KBKDF_COUNTER_LOCATION, CKMC_KBKDF_COUNTER_BEFORE_FIXED); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(label), strlen(label), &label_buf); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_buffer(kbkdf_params, CKMC_PARAM_KBKDF_LABEL, label_buf); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(context), strlen(context), &context_buf); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_buffer(kbkdf_params, CKMC_PARAM_KBKDF_CONTEXT, context_buf); if (ret != CKMC_ERROR_NONE) goto exit; ret = ckmc_param_list_set_integer(kbkdf_params, CKMC_PARAM_KDF_LEN, 32); if (ret != CKMC_ERROR_NONE) goto exit; // derive symmetric key ret = ckmc_key_derive(kbkdf_params, SECRET_ALIAS, nullptr, KEY_ALIAS, unexportable); exit: ckmc_remove_alias(OURS_PRV_ALIAS); ckmc_remove_alias(OURS_PUB_ALIAS); ckmc_param_list_free(ecdh_params); ckmc_buffer_free(label_buf); ckmc_buffer_free(context_buf); ckmc_param_list_free(kbkdf_params); ckmc_remove_alias(SECRET_ALIAS); return ret; } 
- See also:
- ckmc_param_list_h
- ckmc_policy_s
| int ckmc_ocsp_check | ( | const ckmc_cert_list_s * | pcert_chain_list, | 
| ckmc_ocsp_status_e * | ocsp_status | ||
| ) | 
Performs OCSP that checks whether a certificate is revoked or not.
- Deprecated:
- Deprecated since 6.5. Use raw OpenSSL instead.
- Since :
- 2.4
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/internet
- Remarks:
- http://tizen.org/privilege/internet (public level privilege) is required to use this function instead of http://tizen.org/privilege/keymanager (public level privilege) since 3.0.
- Parameters:
- 
  [in] pcert_chain_list Valid certificate chain to perform OCSP check [out] ocsp_status The pointer to the status of the result of OCSP check 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- pcert_chain_list is created with ckmc_get_cert_chain() or ckmc_get_cert_chain_with_alias().
| int ckmc_remove_alias | ( | const char * | alias | ) | 
Removes an entry (no matter of type) from the key manager.
- Since :
- 2.4
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- To remove item, client must have removal permission to the specified item.
- The item owner can remove it by default.
- Parameters:
- 
  [in] alias Item alias to be removed 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or the item to remove CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_remove_cert | ( | const char * | alias | ) | 
Removes a certificate from key manager.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_remove_alias() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- To remove certificate, client must have removal permission to the specified certificate.
- The certificate owner can remove it by default.
- Parameters:
- 
  [in] alias The name of a certificate to be removed 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_remove_data | ( | const char * | alias | ) | 
Removes a data from key manager.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_remove_alias() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- To remove data, client must have removal permission to the specified data object.
- The data owner can remove it by default.
- Parameters:
- 
  [in] alias The name of data to be removed 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_remove_key | ( | const char * | alias | ) | 
Removes a key from key manager.
- Deprecated:
- Deprecated since 2.4 [Use ckmc_remove_alias() instead]
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- To remove a key, client must have removal permission to the specified key.
- The key owner can remove it by default.
- Parameters:
- 
  [in] alias The name of a key to be removed 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_save_cert | ( | const char * | alias, | 
| const ckmc_cert_s | cert, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Stores a certificate inside key manager based on the provided policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0
- The certificate's binary value will be converted and saved as binary DER encoded certificates.
- Parameters:
- 
  [in] alias The name of a certificate to be stored [in] cert The certificate's binary value to be stored [in] policy Certificate storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_save_data | ( | const char * | alias, | 
| ckmc_raw_buffer_s | data, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Stores a data inside key manager based on the provided policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- Parameters:
- 
  [in] alias The name of a data to be stored [in] data The binary value to be stored [in] policy Data storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_save_key | ( | const char * | alias, | 
| const ckmc_key_s | key, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Stores a key inside key manager based on the provided policy.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- Currently API supports nine types of keys. These are: RSA public/private key, DSA public/private key, ECDSA public/private key, KEM public/private key and AES symmetric key.
- key_type in key may be set to CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing.
- Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the ckmc_key_s structure.
- If password in policy is provided, the key is additionally encrypted with the password in the policy.
- Parameters:
- 
  [in] alias The name of a key to be stored [in] key The key's binary value to be stored [in] policy Key storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_save_pkcs12 | ( | const char * | alias, | 
| const ckmc_pkcs12_s * | pkcs, | ||
| const ckmc_policy_s | key_policy, | ||
| const ckmc_policy_s | cert_policy | ||
| ) | 
Stores PKCS12's contents inside key manager based on the provided policies.
- Since :
- 2.4
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- All items from the PKCS12 will use the same alias.
- Parameters:
- 
  [in] alias The name of data to be stored [in] pkcs Pointer to the pkcs12 structure to be saved [in] key_policy Pkcs's private key storing policy [in] cert_policy Pkcs's certificate storing policy 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_set_permission | ( | const char * | alias, | 
| const char * | accessor, | ||
| int | permissions | ||
| ) | 
Allows another application to access client's application data.
- Since :
- 2.4
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- Data identified by alias should exist.
- Previous permission mask will be replaced with the new mask value passed by permissions.
- Parameters:
- 
  [in] alias Data alias for which access will be granted [in] accessor Package id of the application that will gain access rights [in] permissions Mask of permissions granted for accessor application (ckmc_permission_e) 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager or modify permissions CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_update_cert | ( | const char * | alias, | 
| const ckmc_cert_s | cert, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Updates the certificate inside the key manager based on the provided policy.
- Since :
- 8.0
- Remarks:
- The certificate's binary value will be converted and updated as binary DER encoded certificate.
- If password exists in the provided policy, the certificate is additionally encrypted with the password from the provided policy.
- If password changes in the provided policy, the certificate is re-encrypted with the new password inside the key manager.
- If nothing exists inside the key manager under the provided alias, the certificate is saved inside the key manager based on the provided policy.
- If anything exists inside the key manager under the provided alias, the old data is replaced with the certificate inside the key manager based on the provided policy.
- If extractable flag changes in the provided policy, the extractable flag is updated inside the key manager.
- If backend changes, the certificate is removed from the old backend and saved in the new backend.
- Existing permissions are reset inside the key manager.
- Parameters:
- 
  [in] alias The name of the certificate to be updated [in] cert The certificate's binary value to be stored [in] policy The policy about how to update the certificate securely 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_update_data | ( | const char * | alias, | 
| ckmc_raw_buffer_s | data, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Updates the data inside the key manager based on the provided policy.
- Since :
- 8.0
- Remarks:
- If password exists in the provided policy, the data is additionally encrypted with the password from the provided policy.
- If password changes in the provided policy, the data is re-encrypted with the new password inside the key manager.
- If nothing exists inside the key manager under the provided alias, the data is saved inside the key manager based on the provided policy.
- If anything exists inside the key manager under the provided alias, the old data is replaced with the new data inside the key manager based on the provided policy.
- If extractable flag changes in the provided policy, the extractable flag is updated inside the key manager.
- If backend changes, the data is removed from the old backend and saved in the new backend.
- Existing permissions are reset inside the key manager.
- Parameters:
- 
  [in] alias The name of the data to be updated [in] data The binary value to be stored [in] policy The policy about how to store the data securely 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_update_key | ( | const char * | alias, | 
| const ckmc_key_s | key, | ||
| const ckmc_policy_s | policy | ||
| ) | 
Updates the key inside the key manager based on the provided policy.
- Since :
- 8.0
- Remarks:
- Currently API supports nine types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, KEM public/private key and AES symmetric key.
- key_type in the key manager may be set to CKMC_KEY_NONE as an input. key_type is determined inside the key manager during updating key.
- Some private key files are protected with the password. If raw_key in the key is encrypted with the password, the password should be provided in the ckmc_key_s structure.
- If password exists in the provided policy, the key is additionally encrypted with the password from the provided policy.
- If password changes in the provided policy, the key is re-encrypted with the new password inside the key manager.
- If nothing exists inside the key manager under the provided alias, the key is saved inside the key manager based on the provided policy.
- If anything exists inside the key manager under the provided alias, the old data is replaced with the key inside the key manager based on the provided policy.
- If extractable flag changes in the provided policy, the extractable flag is updated inside the key manager.
- If backend changes, the key is removed from the old backend and saved in the new backend.
- Existing permissions are reset inside the key manager.
- Parameters:
- 
  [in] alias The name of the key to be updated [in] key The key's binary value to be updated [in] policy The policy about how to update the key securely 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access the key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED The user key is not loaded in memory (a user is not logged in) CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_update_pkcs12 | ( | const char * | alias, | 
| const ckmc_pkcs12_s * | pkcs, | ||
| const ckmc_policy_s | key_policy, | ||
| const ckmc_policy_s | cert_policy | ||
| ) | 
Updates PKCS12's contents inside the key manager based on the provided policies. All items from the PKCS12 use the same alias.
- Since :
- 8.0
- Remarks:
- If password exists in the provided key/certificate policy, the key/certificate/chain is additionally encrypted with the password from the provided key/certificate policy.
- If password changes in the provided key/certificate policy, the key/certificate/chain is re-encrypted with the new password inside the key manager.
- If nothing exists inside the key manager under the provided alias, the pkcs12 is saved inside the key manager based on the provided policy.
- If anything exists inside the key manager under the provided alias, the old data is replaced with the pkcs12 inside the key manager based on the provided policy.
- If extractable flag changes in the provided policy, the extractable flag is updated inside the key manager.
- If backend changes, the pkcs12 is removed from the old backend and saved in the new backend.
- Existing permissions are reset inside the key manager.
- Parameters:
- 
  [in] alias The name of the pkcs12 to be updated [in] pkcs Pointer to the pkcs12 structure to be updated [in] key_policy The policy about how to store pkcs's private key [in] cert_policy The policy about how to store pkcs's certificate and certificate chain 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_INVALID_FORMAT The format of raw_key or raw_cert is not valid CKMC_ERROR_DB_ERROR Failed due to a database error 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
| int ckmc_verify_signature | ( | const char * | public_key_alias, | 
| const char * | password, | ||
| const ckmc_raw_buffer_s | message, | ||
| const ckmc_raw_buffer_s | signature, | ||
| const ckmc_hash_algo_e | hash, | ||
| const ckmc_rsa_padding_algo_e | padding | ||
| ) | 
Verifies a given signature created for a given message using a public key and returns the signature's status.
- Since :
- 2.3
- Remarks:
- http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this function since 3.0.
- If policy contains password when storing a key, the same password should be provided.
- CKMC_HASH_NONE is invalid for DSA, ECDSA and RSA with X9.31 padding.
- If padding is CKMC_NONE_PADDING the user must use CKMC_HASH_NONE and the message must be equal to key length.
- The padding is used only when the signature algorithm is RSA.
- Parameters:
- 
  [in] public_key_alias The name of public key [in] password The password used in decrypting a public key value [in] message The message for which the signature is created [in] signature The signature to be verified with public key [in] hash The hash algorithm used in signature verification [in] padding The RSA padding algorithm used in signature verification 
- Returns:
- 0on success, otherwise a negative error value
- Return values:
- 
  CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_VERIFICATION_FAILED The signature is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect 
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.