Functions
int	ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
	Stores a key inside key manager based on the provided policy.
int	ckmc_remove_key (const char *alias)
	Removes a key from key manager.
int	ckmc_get_key (const char alias, const char password, ckmc_key_s **ppkey)
	Gets a key from key manager.
int	ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all the alias of keys that the client can access.
int	ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
	Stores a certificate inside key manager based on the provided policy.
int	ckmc_remove_cert (const char *alias)
	Removes a certificate from key manager.
int	ckmc_get_cert (const char alias, const char password, ckmc_cert_s **ppcert)
	Gets a certificate from key manager.
int	ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all alias of certificates which the client can access.
int	ckmc_save_pkcs12 (const char alias, const ckmc_pkcs12_s pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
	Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.
int	ckmc_get_pkcs12 (const char alias, const char key_password, const char cert_password, ckmc_pkcs12_s *pkcs12)
	Gets a pkcs12 from key manager.
int	ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
	Stores a data inside key manager based on the provided policy.
int	ckmc_remove_data (const char *alias)
	Removes a data from key manager.
int	ckmc_get_data (const char alias, const char password, ckmc_raw_buffer_s **ppdata)
	Gets a data from key manager.
int	ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list)
	Gets all alias of data which the client can access.
int	ckmc_create_key_pair_rsa (const size_t size, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates RSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_key_pair_dsa (const size_t size, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates DSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char private_key_alias, const char public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
	Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
int	ckmc_create_signature (const char private_key_alias, const char password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature)
	Creates a signature on a given message using a private key and returns the signature.
int	ckmc_verify_signature (const char public_key_alias, const char password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding)
	Verifies a given signature on a given message using a public key and returns the signature status.
int	ckmc_get_cert_chain (const ckmc_cert_s cert, const ckmc_cert_list_s untrustedcerts, ckmc_cert_list_s **ppcert_chain_list)
	Verifies a certificate chain and returns that chain.
int	ckmc_get_cert_chain_with_alias (const ckmc_cert_s cert, const ckmc_alias_list_s untrustedcerts, ckmc_cert_list_s **ppcert_chain_list)
	Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
int	ckmc_get_cert_chain_with_trustedcert (const ckmc_cert_s cert, const ckmc_cert_list_s untrustedcerts, const ckmc_cert_list_s trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s *ppcert_chain_list)
	Verifies a certificate chain and returns that chain using user entered trusted and untrusted CA certificates.
int	ckmc_ocsp_check (const ckmc_cert_list_s pcert_chain_list, ckmc_ocsp_status_e ocsp_status)
	Perform OCSP which checks certificate is whether revoked or not.
int	ckmc_allow_access (const char alias, const char accessor, ckmc_access_right_e granted)
	Allows another application to access client's application data.
int	ckmc_set_permission (const char alias, const char accessor, int permissions)
	Allows another application to access client's application data.
int	ckmc_deny_access (const char alias, const char accessor)
	Revokes another application's access to client's application data.
int	ckmc_remove_alias (const char *alias)
	Removes a an entry (no matter of type) from the key manager.

It provides APIs accessing on the secure repository and additional secure cryptographic operations.

Required Header

#include <ckmc/ckmc-manager.h>

Overview

It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.

Function Documentation

int ckmc_allow_access	(	const char *	alias,
		const char *	accessor,
		ckmc_access_right_e	granted
	)

Allows another application to access client's application data.

Deprecated:: Deprecated since 2.4. [Use ckmc_set_permission() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: Data identified by alias should exist.

Parameters:

[in]	alias	Data alias for which access will be granted
[in]	accessor	Package id of the application that will gain access rights
[in]	granted	Rights granted for accessor application

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_deny_access(); ckmc_set_permission(); ckmc_access_right_e

int ckmc_create_key_pair_dsa	(	const size_t	size,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates DSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If password in policy is provided, the key is additionally encrypted with the password in policy.

Parameters:

[in]	size	The size of key strength to be created `1024`, `2048`, `3072` and `4096` are supported
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_ecdsa(); ckmc_create_signature(); ckmc_verify_signature(); ckmc_policy_s

int ckmc_create_key_pair_ecdsa	(	const ckmc_ec_type_e	type,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates ECDSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If password in policy is provided, the key is additionally encrypted with the password in policy.

Parameters:

[in]	type	The type of elliptic curve of ECDSA
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_signature(); ckmc_verify_signature(); ckmc_ec_type_e; ckmc_policy_s

int ckmc_create_key_pair_rsa	(	const size_t	size,
		const char *	private_key_alias,
		const char *	public_key_alias,
		const ckmc_policy_s	policy_private_key,
		const ckmc_policy_s	policy_public_key
	)

Creates RSA private/public key pair and stores them inside key manager based on each policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If password in policy is provided, the key is additionally encrypted with the password in policy.

Parameters:

[in]	size	The size of key strength to be created `1024`, `2048`, and `4096` are supported
[in]	private_key_alias	The name of private key to be stored
[in]	public_key_alias	The name of public key to be stored
[in]	policy_private_key	The policy about how to store a private key securely
[in]	policy_public_key	The policy about how to store a public key securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa(); ckmc_create_signature(); ckmc_verify_signature(); ckmc_policy_s

int ckmc_create_signature	(	const char *	private_key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	message,
		const ckmc_hash_algo_e	hash,
		const ckmc_rsa_padding_algo_e	padding,
		ckmc_raw_buffer_s **	ppsignature
	)

Creates a signature on a given message using a private key and returns the signature.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If password of policy is provided during storing a key, the same password should be provided.; You must destroy the newly created ppsignature by calling ckmc_buffer_free() if it is no longer needed.

Parameters:

[in]	private_key_alias	The name of private key
[in]	password	The password used in decrypting a private key value
[in]	message	The message that is signed with a private key
[in]	hash	The hash algorithm used in creating signature
[in]	padding	The RSA padding algorithm used in creating signature It is used only when the signature algorithm is RSA
[out]	ppsignature	The pointer to a newly created signature If an error occurs, *ppsignature will be null

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_ecdsa(); ckmc_verify_signature(); ckmc_buffer_free(); ckmc_raw_buffer_s; ckmc_hash_algo_e; ckmc_rsa_padding_algo_e

int ckmc_deny_access	(	const char *	alias,
		const char *	accessor
	)

Revokes another application's access to client's application data.

Deprecated:: Deprecated since 2.4. [Use ckmc_set_permission() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: Data identified by alias should exist.; Only access previously granted with ckmc_allow_access() can be revoked.

Parameters:

[in]	alias	Data alias for which access will be revoked
[in]	accessor	Package id of the application that will lose access rights

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid or the accessor doesn't have access to alias
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_allow_access(); ckmc_set_permission()

int ckmc_get_cert	(	const char *	alias,
		const char *	password,
		ckmc_cert_s **	ppcert
	)

Gets a certificate from key manager.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only certificate stored by the client.; A DER encoded certificate will be returned as a return value.; You must destroy the newly created ppcert by calling ckmc_cert_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a certificate to retrieve
[in]	password	The password used in decrypting a certificate value If password of policy is provided in ckmc_save_cert(), the same password should be provided
[out]	ppcert	The pointer to a newly created ckmc_cert_s handle

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exists
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_remove_alias(); ckmc_get_cert_alias_list(); ckmc_cert_s

int ckmc_get_cert_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all alias of certificates which the client can access.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_remove_alias(); ckmc_get_cert(); ckmc_alias_list_all_free(); ckmc_alias_list_s

int ckmc_get_cert_chain	(	const ckmc_cert_s *	cert,
		const ckmc_cert_list_s *	untrustedcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain and returns that chain.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: The trusted root certificate of the chain should exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The untrusted CA certificates to be used in verifying a certificate chain
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_get_cert_chain_with_alias()); ckmc_cert_list_all_free(); ckmc_cert_list_s

int ckmc_get_cert_chain_with_alias	(	const ckmc_cert_s *	cert,
		const ckmc_alias_list_s *	untrustedcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain using an alias list of untrusted certificates and return that chain.

Deprecated:: Deprecated since 2.4. [Use ckmc_get_cert_chain() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: The trusted root certificate of the chain should exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.; untrustedcerts shouldn't be protected with optional password.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Some certificates were encrypted with password and could not be used

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_get_cert_chain(); ckmc_cert_list_all_free(); ckmc_cert_s; ckmc_alias_list_s; ckmc_cert_list_s

int ckmc_get_cert_chain_with_trustedcert	(	const ckmc_cert_s *	cert,
		const ckmc_cert_list_s *	untrustedcerts,
		const ckmc_cert_list_s *	trustedcerts,
		const bool	use_trustedsystemcerts,
		ckmc_cert_list_s **	ppcert_chain_list
	)

Verifies a certificate chain and returns that chain using user entered trusted and untrusted CA certificates.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage.; You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.

Parameters:

[in]	cert	The certificate to be verified
[in]	untrustedcerts	The untrusted CA certificates to be used in verifying a certificate chain
[in]	trustedcerts	The trusted CA certificates to be used in verifying a certificate chain
[in]	use_trustedsystemcerts	The flag indicating the use of the trusted root certificates in the system's certificate storage
[out]	ppcert_chain_list	The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null

Returns:: CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_INVALID_FORMAT	The format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_cert_list_all_free(); ckmc_cert_s; ckmc_cert_list_s

int ckmc_get_data	(	const char *	alias,
		const char *	password,
		ckmc_raw_buffer_s **	ppdata
	)

Gets a data from key manager.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created ppdata by calling ckmc_buffer_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a data to retrieve
[in]	password	The password used in decrypting a data value If password of policy is provided in ckmc_save_data(), the same password should be provided
[out]	ppdata	The pointer to a newly created ckmc_raw_buffer_s handle

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect.

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_remove_alias(); ckmc_get_data_alias_list(); ckmc_buffer_free(); ckmc_raw_buffer_s

int ckmc_get_data_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all alias of data which the client can access.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_remove_alias(); ckmc_get_data(); ckmc_alias_list_all_free(); ckmc_alias_list_s

int ckmc_get_key	(	const char *	alias,
		const char *	password,
		ckmc_key_s **	ppkey
	)

Gets a key from key manager.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created ppkey by calling ckmc_key_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a key to retrieve
[in]	password	The password used in decrypting a key value If password of policy is provided in ckmc_save_key(), the same password should be provided
[out]	ppkey	The pointer to a newly created ckmc_key_s handle

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_remove_alias(); ckmc_get_key_alias_list(); ckmc_key_free(); ckmc_key_s

int ckmc_get_key_alias_list ( ckmc_alias_list_s ** ppalias_list )

Gets all the alias of keys that the client can access.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.

Parameters:

[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_remove_alias(); ckmc_get_key(); ckmc_alias_list_all_free(); ckmc_alias_list_s

int ckmc_get_pkcs12	(	const char *	alias,
		const char *	key_password,
		const char *	cert_password,
		ckmc_pkcs12_s **	pkcs12
	)

Gets a pkcs12 from key manager.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: A client can access only data stored by the client.; You must destroy the newly created pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed.

Parameters:

[in]	alias	The name of a data to retrieve
[in]	key_password	Password that was used to encrypt privateKey (may be NULL)
[in]	cert_password	Password used to encrypt certificates (may be NULL)
[out]	pkcs12	The pointer to a newly created ckmc_pkcs12_s handle

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	keyPassword or certPassword does not match with password used to encrypt data

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_pkcs12(); ckmc_remove_alias(); ckmc_pkcs12_free(); ckmc_pkcs12_s

int ckmc_ocsp_check	(	const ckmc_cert_list_s *	pcert_chain_list,
		ckmc_ocsp_status_e *	ocsp_status
	)

Perform OCSP which checks certificate is whether revoked or not.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Parameters:

[in]	pcert_chain_list	Valid certificate chain to perform OCSP check
[out]	ocsp_status	The pointer to status result of OCSP check

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_NOT_SUPPORTED	Device needed to run API is not supported

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.; pcert_chain_list is created with ckmc_get_certificate_chain() or ckmc_get_certificate_chain_with_alias().

See also:: ckmc_get_cert_chain(); ckmc_get_cert_chain_with_alias(); ckmc_get_cert_chain_with_trustedcert(); ckmc_cert_list_all_free(); ckmc_cert_list_s; ckmc_ocsp_status_e

int ckmc_remove_alias ( const char * alias )

Removes a an entry (no matter of type) from the key manager.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: To remove item, client must have remove permission to the specified item.; The item owner can remove by default.

Parameters:

[in] alias Item alias to be removed

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_save_cert(); ckmc_save_data(); ckmc_save_pkcs12(); ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa()

int ckmc_remove_cert ( const char * alias )

Removes a certificate from key manager.

Deprecated:: Deprecated since 2.4. [Use ckmc_remove_alias() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: To remove certificate, client must have remove permission to the specified certificate.; The key owner can remove by default.

Parameters:

[in] alias The name of a certificate to be removed

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_cert(); ckmc_get_cert(); ckmc_get_cert_alias_list(); ckmc_remove_alias()

int ckmc_remove_data ( const char * alias )

Removes a data from key manager.

Deprecated:: Deprecated since 2.4. [Use ckmc_remove_alias() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: To remove data, client must have remove permission to the specified data object.; The data owner can remove by default.

Parameters:

[in] alias The name of a data to be removed

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_data(); ckmc_get_data(); ckmc_get_data_alias_list(); ckmc_remove_alias()

int ckmc_remove_key ( const char * alias )

Removes a key from key manager.

Deprecated:: Deprecated since 2.4. [Use ckmc_remove_alias() instead]

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: To remove key, client must have remove permission to the specified key.; The key owner can remove by default.

Parameters:

[in] alias The name of a key to be removed

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_save_key(); ckmc_get_key(); ckmc_get_key_alias_list(); ckmc_remove_alias()

int ckmc_save_cert	(	const char *	alias,
		const ckmc_cert_s	cert,
		const ckmc_policy_s	policy
	)

Stores a certificate inside key manager based on the provided policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: the certificate's binary value will be converted and saved as binary DER encoded certificates.

Parameters:

[in]	alias	The name of a certificate to be stored
[in]	cert	The certificate's binary value to be stored
[in]	policy	The policy about how to store a certificate securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_INVALID_FORMAT	The format of raw_cert is not valid
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_cert(); ckmc_get_cert_alias_list(); ckmc_cert_s; ckmc_policy_s

int ckmc_save_data	(	const char *	alias,
		ckmc_raw_buffer_s	data,
		const ckmc_policy_s	policy
	)

Stores a data inside key manager based on the provided policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Parameters:

[in]	alias	The name of a data to be stored
[in]	data	The binary value to be stored
[in]	policy	The policy about how to store a data securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_data(); ckmc_get_data_alias_list(); ckmc_raw_buffer_s; ckmc_policy_s

int ckmc_save_key	(	const char *	alias,
		const ckmc_key_s	key,
		const ckmc_policy_s	policy
	)

Stores a key inside key manager based on the provided policy.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: Currently only six types of keys are supported for this API. These are RSA public/private key, DSA public/private key and ECDSA public/private key.; key_type in key may be set to CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.; Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the ckmc_key_s structure.; If password in policy is provided, the key is additionally encrypted with the password in policy.

Parameters:

[in]	alias	The name of a key to be stored
[in]	key	The key's binary value to be stored
[in]	policy	The policy about how to store a key securely

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_INVALID_FORMAT	The format of raw_key is not valid
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_key(); ckmc_get_key_alias_list(); ckmc_key_free(); ckmc_key_s; ckmc_policy_s

int ckmc_save_pkcs12	(	const char *	alias,
		const ckmc_pkcs12_s *	pkcs,
		const ckmc_policy_s	key_policy,
		const ckmc_policy_s	cert_policy
	)

Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Parameters:

[in]	alias	The name of a data to be stored
[in]	pkcs	Pointer to the pkcs12 structure to be saved
[in]	key_policy	The policy about how to store pkcs's private key
[in]	cert_policy	The policy about how to store pkcs's certificate

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTS	Alias already exists
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_remove_alias(); ckmc_get_pkcs12(); ckmc_get_data_alias_list(); ckmc_pkcs12_load(); ckmc_pkcs12_s; ckmc_policy_s

int ckmc_set_permission	(	const char *	alias,
		const char *	accessor,
		int	permissions
	)

Allows another application to access client's application data.

Since :: 2.4

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: Data identified by alias should exist.

Parameters:

[in]	alias	Data alias for which access will be granted
[in]	accessor	Package id of the application that will gain access rights
[in]	permissions	Mask of ckmc_permission_e granted for accessor application Previous permission mask will be replaced with the new mask value

Returns:: CKMC_ERROR_NONE on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_permission_e

int ckmc_verify_signature	(	const char *	public_key_alias,
		const char *	password,
		const ckmc_raw_buffer_s	message,
		const ckmc_raw_buffer_s	signature,
		const ckmc_hash_algo_e	hash,
		const ckmc_rsa_padding_algo_e	padding
	)

Verifies a given signature on a given message using a public key and returns the signature status.

Since :: 2.3

Privilege Level:: public

Privilege:: http://tizen.org/privilege/keymanager

Remarks:: If password of policy is provided during storing a key, the same password should be provided.

Parameters:

[in]	public_key_alias	The name of public key
[in]	password	The password used in decrypting a public key value
[in]	message	The input on which the signature is created
[in]	signature	The signature that is verified with public key
[in]	hash	The hash algorithm used in verifying signature
[in]	padding	The RSA padding algorithm used in verifying signature It is used only when the signature algorithm is RSA

Returns:: CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_VERIFICATION_FAILED	The signature is invalid
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERROR	Failed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWN	Alias does not exist
CKMC_ERROR_PERMISSION_DENIED	Failed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILED	Decryption failed because password is incorrect

Precondition:: User is already logged in and the user key is already loaded into memory in plain text form.

See also:: ckmc_create_key_pair_rsa(); ckmc_create_key_pair_dsa(); ckmc_create_key_pair_ecdsa(); ckmc_raw_buffer_s; ckmc_hash_algo_e; ckmc_rsa_padding_algo_e

Functions

Required Header

Overview

Function Documentation