It provides APIs accessing on the secure repository and additional secure cryptographic operations.

Required Header

#include <ckmc/ckmc-manager.h>

Overview

It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.

Functions
int	ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
	Stores a key inside key manager based on the provided policy.
int	ckmc_remove_key (const char *alias) TIZEN_DEPRECATED_API
	Removes a key from key manager.
int	ckmc_get_key (const char alias, const char password, ckmc_key_s **ppkey)
	Gets a key from key manager.
int	ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all the alias of keys that the client can access.
int	ckmc_get_key_alias_info_list (ckmc_alias_info_list_s **ppalias_list)
	Gets the information about all the aliases of keys that the client can access.
int	ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
	Stores a certificate inside key manager based on the provided policy.
int	ckmc_remove_cert (const char *alias) TIZEN_DEPRECATED_API
	Removes a certificate from key manager.
int	ckmc_get_cert (const char alias, const char password, ckmc_cert_s **ppcert)
	Gets a certificate from key manager.
int	ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all alias of certificates which the client can access.
int	ckmc_get_cert_alias_info_list (ckmc_alias_info_list_s **ppalias_list)
	Gets the information about all the aliases of certificates that the client can access.
int	ckmc_save_pkcs12 (const char alias, const ckmc_pkcs12_s pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
	Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.
int	ckmc_get_pkcs12 (const char alias, const char key_password, const char cert_password, ckmc_pkcs12_s *pkcs12)
	Gets a pkcs12 from key manager.
int	ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
	Stores a data inside key manager based on the provided policy.
int	ckmc_remove_data (const char *alias) TIZEN_DEPRECATED_API
	Removes a data from key manager.
int	ckmc_get_data (const char alias, const char password, ckmc_raw_buffer_s **ppdata)
	Gets a data from key manager.
int	ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all alias of data which the client can access.
int	ckmc_get_data_alias_info_list (ckmc_alias_info_list_s **ppalias_list)
	Gets the information about all the aliases of data that the client can access.
int	ckmc_create_key_pair_rsa (const size_t size, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates RSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_key_pair_dsa (const size_t size, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates DSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_key_aes (size_t size, const char *key_alias, ckmc_policy_s key_policy)
	Creates AES key and stores it inside key manager based on the policy.
int	ckmc_create_signature (const char private_key_alias, const char password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature)
	Creates a signature on a given message using a private key and returns the signature.
int	ckmc_verify_signature (const char public_key_alias, const char password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding)
	Verifies a given signature on a given message using a public key and returns the signature status.
int	ckmc_get_cert_chain (const ckmc_cert_s cert, const ckmc_cert_list_s untrustedcerts, ckmc_cert_list_s **ppcert_chain_list)
	Verifies a certificate chain and returns that chain.
int	ckmc_get_cert_chain_with_alias (const ckmc_cert_s cert, const ckmc_alias_list_s untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API
	Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
int	ckmc_get_cert_chain_with_trustedcert (const ckmc_cert_s cert, const ckmc_cert_list_s untrustedcerts, const ckmc_cert_list_s trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s *ppcert_chain_list)
	Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates.
int	ckmc_ocsp_check (const ckmc_cert_list_s pcert_chain_list, ckmc_ocsp_status_e ocsp_status)
	Perform OCSP that checks certificate is whether revoked or not.
int	ckmc_allow_access (const char alias, const char accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API
	Allows another application to access client's application data.
int	ckmc_set_permission (const char alias, const char accessor, int permissions)
	Allows another application to access client's application data.
int	ckmc_deny_access (const char alias, const char accessor) TIZEN_DEPRECATED_API
	Revokes another application's access to client's application data.
int	ckmc_remove_alias (const char *alias)
	Removes an entry (no matter of type) from the key manager.
int	ckmc_encrypt_data (ckmc_param_list_h params, const char key_alias, const char password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted)
	Encrypts data using selected key and algorithm.
int	ckmc_decrypt_data (ckmc_param_list_h params, const char key_alias, const char password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted)
	Decrypts data using selected key and algorithm.

Function Documentation

int ckmc_allow_access	(	const char *	alias,
		const char *	accessor,
		ckmc_access_right_e	granted
	)

Allows another application to access client's application data.

Deprecated:: Deprecated since 2.4.[Use ckmc_set_permission() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; Data identified by alias should exist.

Parameters:

[in]	alias	Data alias for which access will be granted
[in]	accessor	Package id of the application that will gain access rights
[in]	granted	Rights granted for accessor application

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_deny_access()

int ckmc_create_key_aes	(	size_t	size,
		const char *	key_alias,
		ckmc_policy_s	key_policy
	)

Creates AES key and stores it inside key manager based on the policy.

Since :: 3.0

Remarks:: If password in the policy is provided, the key is additionally encrypted with the password in the policy.

Parameters:

[in]	size	The size of key strength to be created `128`, `192` and `256` are supported
[in]	key_alias	The name of key to be stored
[in]	key_policy	The policy about how to store the key securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa(); ckmc_policy_s

int ckmc_create_key_pair_dsa	(	const size_t	size,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates DSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If password in the policy is provided, the key is additionally encrypted with the password in the policy.

Parameters:

[in]	size	The size of key strength to be created `1024`, `2048`, `3072` and `4096` are supported
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_ecdsa(); ckmc_create_signature(); ckmc_verify_signature()

int ckmc_create_key_pair_ecdsa	(	const ckmc_ec_type_e	type,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates ECDSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If password in the policy is provided, the key is additionally encrypted with the password in the policy.

Parameters:

[in]	type	The type of elliptic curve of ECDSA
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_signature(); ckmc_verify_signature(); ckmc_ec_type_e

int ckmc_create_key_pair_rsa	(	const size_t	size,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates RSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If password in the policy is provided, the key is additionally encrypted with the password in the policy.

Parameters:

[in]	size	The size of key strength to be created `1024`, `2048`, and `4096` are supported
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa(); ckmc_create_signature(); ckmc_verify_signature()

int ckmc_create_signature	(	const char *	private_key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	message,
		const ckmc_hash_algo_e	hash,
		const ckmc_rsa_padding_algo_e	padding,
		ckmc_raw_buffer_s **	ppsignature
	)

Creates a signature on a given message using a private key and returns the signature.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If password of policy is provided during storing a key, the same password should be provided.; You must destroy the newly created ppsignature by calling ckmc_buffer_free() if it is no longer needed.

Parameters:

[in]	private_key_alias	The name of private key
[in]	password	The password used in decrypting a private key value
[in]	message	The message that is signed with a private key
[in]	hash	The hash algorithm used in creating signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
[in]	padding	The RSA padding algorithm used in creating signature It is used only when the signature algorithm is RSA. If padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE and the message must be equal to key length
[out]	ppsignature	The pointer to a newly created signature If an error occurs, *ppsignature will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_ecdsa(); ckmc_verify_signature(); ckmc_buffer_free(); ckmc_hash_algo_e; ckmc_rsa_padding_algo_e

int ckmc_decrypt_data	(	ckmc_param_list_h	params,
		const char *	key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	encrypted,
		ckmc_raw_buffer_s **	ppdecrypted
	)

Decrypts data using selected key and algorithm.

Since :: 3.0

Remarks:: Key identified by key_alias should exist.

Parameters:

[in]	params	Algorithm parameter list handle. You should use the same parameters that were used for encryption. See ckmc_param_list_h and ckmc_algo_type_e for details
[in]	key_alias	Alias of the key to be used for encryption
[in]	password	The password used in decrypting a key value If password of the policy is provided in ckmc_save_key(), the same password should be provided
[in]	encrypted	Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) Since Tizen 5.0, on chosen images where module is using TEE backend, data size is limited to at least 500 kB (TEE implementation-specific).
[out]	ppdecrypted	Decrypted data The caller is responsible for freeing decrypted with ckmc_buffer_free()

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid (missing or invalid mandatory algorithm parameter, GCM tag authentication failed, key or data is wrong, in case of RSA key is wrong or data too long, encrypted = NULL, ppdecrypted = NULL)
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Key with given alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Key decryption failed because password is incorrect
CKMC_ERROR_SERVER_ERROR	Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_buffer_free(); ckmc_param_list_new(); ckmc_param_list_free(); ckmc_param_list_set_integer(); ckmc_param_list_set_buffer(); ckmc_generate_new_params(); ckmc_param_list_h; ckmc_param_name_e; ckmc_algo_type_e

int ckmc_deny_access	(	const char *	alias,
		const char *	accessor
	)

Revokes another application's access to client's application data.

Deprecated:: Deprecated since 2.4.[Use ckmc_set_permission() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; Data identified by alias should exist.; Only access previously granted with ckmc_allow_access can be revoked.

Parameters:

[in]	alias	Data alias for which access will be revoked
[in]	accessor	Package id of the application that will lose access rights

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid or the accessor doesn't have access to alias
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_allow_access(); ckmc_set_permission()

int ckmc_encrypt_data	(	ckmc_param_list_h	params,
		const char *	key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	decrypted,
		ckmc_raw_buffer_s **	ppencrypted
	)

Encrypts data using selected key and algorithm.

Since :: 3.0

Remarks:: Key identified by key_alias should exist.

Parameters:

[in]	params	Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details
[in]	key_alias	Alias of the key to be used for encryption
[in]	password	The password used in decrypting a key value If password of the policy is provided in ckmc_save_key(), the same password should be provided
[in]	decrypted	Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data, if S/W backend is used. If module uses TEE backend (since Tizen 5.0 on chosen images), maximum size of data is implementation-specific and at least 500 kB. For RSA the size must be smaller or equal to key size in bytes - 42. Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86.
[out]	ppencrypted	Encrypted data (some algorithms may return additional information embedded in encrypted data. AES GCM is an example) The caller is responsible for freeing encrypted with ckmc_buffer_free()

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid (missing or invalid mandatory algorithm parameter or RSA data too long, decrypted = NULL, ppencrypted = NULL)
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Key with given alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Key decryption failed because password is incorrect
CKMC_ERROR_SERVER_ERROR	Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_buffer_free(); ckmc_param_list_new(); ckmc_param_list_free(); ckmc_param_list_set_integer(); ckmc_param_list_set_buffer(); ckmc_generate_new_params(); ckmc_param_list_h; ckmc_param_name_e; ckmc_algo_type_e

int ckmc_get_cert	(	const char *	alias,
		const char *	password,
		ckmc_cert_s **	ppcert
	)

Gets a certificate from key manager.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only certificate stored by the client.; A DER encoded certificate will be returned as a return value.; You must destroy the newly created ppcert by calling ckmc_cert_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a certificate to retrieve
[in]	password	The password used in decrypting a certificate value If password of policy is provided in ckmc_save_cert(), the same password should be provided
[out]	ppcert	The pointer to a newly created ckmc_cert_s handle

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exists
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_remove_alias(); ckmc_get_cert_alias_list()

int ckmc_get_cert_alias_info_list ( ckmc_alias_info_list_s ** ppalias_list )

Gets the information about all the aliases of certificates that the client can access.

Since :: 5.5

Remarks:: A client can access only data stored by the client and the entries from system database if it was explicitly permitted to.; You must destroy the newly created ppalias_list by calling ckmc_alias_info_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all certificate aliases
If there is no available certificate alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_remove_alias(); ckmc_get_cert()

int ckmc_get_cert_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all alias of certificates which the client can access.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_remove_alias(); ckmc_get_cert()

int ckmc_get_cert_chain	(	const ckmc_cert_s *	cert,
		const ckmc_cert_list_s *	untrustedcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain and returns that chain.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; The trusted root certificate of the chain should exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The untrusted CA certificates to be used in verifying a certificate chain
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: 0 on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_cert_list_all_free()

int ckmc_get_cert_chain_with_alias	(	const ckmc_cert_s *	cert,
		const ckmc_alias_list_s *	untrustedcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain using an alias list of untrusted certificates and return that chain.

Deprecated:: Deprecated since 2.4.[Use ckmc_get_cert_chain() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; The trusted root certificate of the chain should exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.; untrustedcerts shouldn't be protected with optional password.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: 0 on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Some certificates were encrypted with password and could not be used

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_get_cert_chain(); ckmc_cert_list_all_free()

int ckmc_get_cert_chain_with_trustedcert	(	const ckmc_cert_s *	cert,
		const ckmc_cert_list_s *	untrustedcerts,
		const ckmc_cert_list_s *	trustedcerts,
		const bool	use_trustedsystemcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates.

Since :: 2.4

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The untrusted CA certificates to be used in verifying a certificate chain
[in]	trustedcerts	The trusted CA certificates to be used in verifying a certificate chain
[in]	use_trustedsystemcerts	The flag indicating the use of the trusted root certificates in the system's certificate storage
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: 0 on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_cert_list_all_free()

int ckmc_get_data	(	const char *	alias,
		const char *	password,
		ckmc_raw_buffer_s **	ppdata
	)

Gets a data from key manager.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created ppdata by calling ckmc_buffer_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a data to retrieve
[in]	password	The password used in decrypting a data value If password of policy is provided in ckmc_save_data(), the same password should be provided
[out]	ppdata	The pointer to a newly created ckmc_raw_buffer_s handle

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_remove_alias(); ckmc_get_data_alias_list()

int ckmc_get_data_alias_info_list ( ckmc_alias_info_list_s ** ppalias_list )

Gets the information about all the aliases of data that the client can access.

Since :: 5.5

Remarks:: A client can access only data stored by the client and the entries from system database if it was explicitly permitted to.; You must destroy the newly created ppalias_list by calling ckmc_alias_info_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all data aliases
If there is no available data alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_remove_alias(); ckmc_get_data()

int ckmc_get_data_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all alias of data which the client can access.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_remove_alias(); ckmc_get_data()

int ckmc_get_key	(	const char *	alias,
		const char *	password,
		ckmc_key_s **	ppkey
	)

Gets a key from key manager.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created ppkey by calling ckmc_key_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a key to retrieve
[in]	password	The password used in decrypting a key value If password of policy is provided in ckmc_save_key(), the same password should be provided
[out]	ppkey	The pointer to a newly created ckmc_key_s handle

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_remove_alias(); ckmc_get_key_alias_list()

int ckmc_get_key_alias_info_list ( ckmc_alias_info_list_s ** ppalias_list )

Gets the information about all the aliases of keys that the client can access.

Since :: 5.5

Remarks:: A client can access only data stored by the client and the entries from system database if it was explicitly permitted to.; You must destroy the newly created ppalias_list by calling ckmc_alias_info_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing information about all key aliases
If there is no available key alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_remove_alias(); ckmc_get_key()

int ckmc_get_key_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all the alias of keys that the client can access.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_remove_alias(); ckmc_get_key()

int ckmc_get_pkcs12	(	const char *	alias,
		const char *	key_password,
		const char *	cert_password,
		ckmc_pkcs12_s **	pkcs12
	)

Gets a pkcs12 from key manager.

Since :: 2.4

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; A client can access only data stored by the client.; You must destroy the newly created pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a data to retrieve
[in]	key_password	Password that was used to encrypt privateKey (may be NULL)
[in]	cert_password	Password used to encrypt certificates (may be NULL)
[out]	pkcs12	The pointer to a newly created ckmc_pkcs12_s handle

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	key_password or cert_password does not match with password used to encrypt data

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_pkcs12(); ckmc_remove_alias()

int ckmc_ocsp_check	(	const ckmc_cert_list_s *	pcert_chain_list,
		ckmc_ocsp_status_e *	ocsp_status
	)

Perform OCSP that checks certificate is whether revoked or not.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/internet

Remarks:: http://tizen.org/privilege/internet (public level privilege) is required to use this API instead of http://tizen.org/privilege/keymanager (public level privilege) since 3.0.

Parameters:

[in]	pcert_chain_list	Valid certificate chain to perform OCSP check
[out]	ocsp_status	The pointer to status result of OCSP check

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_NOT_SUPPORTED	Device needed to run API is not supported

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.; pcert_chain_list is created with ckmc_get_certificate_chain() or ckmc_get_certificate_chain_with_alias().

See also:: ckmc_get_cert_chain()); ckmc_cert_list_all_free()

int ckmc_remove_alias ( const char * alias )

Removes an entry (no matter of type) from the key manager.

Since :: 2.4

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; To remove item, client must have remove permission to the specified item.; The item owner can remove by default.

Parameters:

[in] alias Item alias to be removed

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_save_cert(); ckmc_save_data(); ckmc_save_pkcs12(); ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa()

int ckmc_remove_cert ( const char * alias )

Removes a certificate from key manager.

Deprecated:: Deprecated since 2.4.[Use ckmc_remove_alias() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; To remove certificate, client must have remove permission to the specified certificate.; The key owner can remove by default.

Parameters:

[in] alias The name of a certificate to be removed

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_get_cert(); ckmc_get_cert_alias_list()

int ckmc_remove_data ( const char * alias )

Removes a data from key manager.

Deprecated:: Deprecated since 2.4.[Use ckmc_remove_alias() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; To remove data, client must have remove permission to the specified data object.; The data owner can remove by default.

Parameters:

[in] alias The name of a data to be removed

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_get_data(); ckmc_get_data_alias_list()

int ckmc_remove_key ( const char * alias )

Removes a key from key manager.

Deprecated:: Deprecated since 2.4.[Use ckmc_remove_alias() instead]

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; To remove key, client must have remove permission to the specified key.; The key owner can remove by default.

Parameters:

[in] alias The name of a key to be removed

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_get_key(); ckmc_get_key_alias_list()

int ckmc_save_cert	(	const char *	alias,
		const ckmc_cert_s	cert,
		const ckmc_policy_s	policy
	)

Stores a certificate inside key manager based on the provided policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0; The certificate's binary value will be converted and saved as binary DER encoded certificates.

Parameters:

[in]	alias	The name of a certificate to be stored
[in]	cert	The certificate's binary value to be stored
[in]	policy	The policy about how to store a certificate securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_INVALID_FORMAT	The format of raw_cert is not valid
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_cert(); ckmc_get_cert_alias_list(); ckmc_cert_s; ckmc_policy_s

int ckmc_save_data	(	const char *	alias,
		ckmc_raw_buffer_s	data,
		const ckmc_policy_s	policy
	)

Stores a data inside key manager based on the provided policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.

Parameters:

[in]	alias	The name of a data to be stored
[in]	data	The binary value to be stored
[in]	policy	The policy about how to store a data securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_data(); ckmc_get_data_alias_list(); ckmc_raw_buffer_s; ckmc_policy_s

int ckmc_save_key	(	const char *	alias,
		const ckmc_key_s	key,
		const ckmc_policy_s	policy
	)

Stores a key inside key manager based on the provided policy.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; Currently API supports seven types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, and AES symmetric key.; key_type in key may be set to CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.; Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the ckmc_key_s structure.; If password in policy is provided, the key is additionally encrypted with the password in the policy.

Parameters:

[in]	alias	The name of a key to be stored
[in]	key	The key's binary value to be stored
[in]	policy	The policy about how to store a key securely

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_INVALID_FORMAT	The format of raw_key is not valid
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_key(); ckmc_get_key_alias_list(); ckmc_key_s; ckmc_policy_s

int ckmc_save_pkcs12	(	const char *	alias,
		const ckmc_pkcs12_s *	pkcs,
		const ckmc_policy_s	key_policy,
		const ckmc_policy_s	cert_policy
	)

Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.

Since :: 2.4

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.

Parameters:

[in]	alias	The name of a data to be stored
[in]	pkcs	Pointer to the pkcs12 structure to be saved
[in]	key_policy	The policy about how to store pkcs's private key
[in]	cert_policy	The policy about how to store pkcs's certificate

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_pkcs12(); ckmc_get_data_alias_list(); ckmc_pkcs12_load(); ckmc_pkcs12_s; ckmc_policy_s

int ckmc_set_permission	(	const char *	alias,
		const char *	accessor,
		int	permissions
	)

Allows another application to access client's application data.

Since :: 2.4

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; Data identified by alias should exist.

Parameters:

[in]	alias	Data alias for which access will be granted
[in]	accessor	Package id of the application that will gain access rights
[in]	permissions	Mask of permissions granted for accessor application (ckmc_permission_e) (previous permission mask will be replaced with the new mask value)

Returns:: 0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

int ckmc_verify_signature	(	const char *	public_key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	message,
		const ckmc_raw_buffer_s	signature,
		const ckmc_hash_algo_e	hash,
		const ckmc_rsa_padding_algo_e	padding
	)

Verifies a given signature on a given message using a public key and returns the signature status.

Since :: 2.3

Remarks:: http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.; If password of policy is provided during storing a key, the same password should be provided.

Parameters:

[in]	public_key_alias	The name of public key
[in]	password	The password used in decrypting a public key value
[in]	message	The input on which the signature is created
[in]	signature	The signature that is verified with public key
[in]	hash	The hash algorithm used in verifying signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
[in]	padding	The RSA padding algorithm used in verifying signature It is used only when the signature algorithm is RSA. If padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE and the message must be equal to key length

Returns:: 0 on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The signature is invalid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_ecdsa(); ckmc_verify_signature(); ckmc_hash_algo_e; ckmc_rsa_padding_algo_e

Required Header

Overview

Functions

Function Documentation