Tizen Native API
|
It provides APIs accessing on the secure repository and additional secure cryptographic operations.
Required Header
#include <ckmc/ckmc-manager.h>
Overview
It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
Functions | |
int | ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) |
Stores a key inside key manager based on the provided policy. | |
int | ckmc_remove_key (const char *alias) |
Removes a key from key manager. | |
int | ckmc_get_key (const char *alias, const char *password, ckmc_key_s **ppkey) |
Gets a key from key manager. | |
int | ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all the alias of keys that the client can access. | |
int | ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) |
Stores a certificate inside key manager based on the provided policy. | |
int | ckmc_remove_cert (const char *alias) |
Removes a certificate from key manager. | |
int | ckmc_get_cert (const char *alias, const char *password, ckmc_cert_s **ppcert) |
Gets a certificate from key manager. | |
int | ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all alias of certificates which the client can access. | |
int | ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) |
Stores a data inside key manager based on the provided policy. | |
int | ckmc_remove_data (const char *alias) |
Removes a data from key manager. | |
int | ckmc_get_data (const char *alias, const char *password, ckmc_raw_buffer_s **ppdata) |
Gets a data from key manager. | |
int | ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all alias of data which the client can access. | |
int | ckmc_create_key_pair_rsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates RSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_key_pair_dsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates DSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates ECDSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_signature (const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature) |
Creates a signature on a given message using a private key and returns the signature. | |
int | ckmc_verify_signature (const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding) |
Verifies a given signature on a given message using a public key and returns the signature status. | |
int | ckmc_get_cert_chain (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) |
Verifies a certificate chain and returns that chain. | |
int | ckmc_get_cert_chain_with_alias (const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) |
Verifies a certificate chain using an alias list of untrusted certificates and return that chain. | |
int | ckmc_allow_access (const char *alias, const char *accessor, ckmc_access_right_e granted) |
Allows another application to access client's application data. | |
int | ckmc_deny_access (const char *alias, const char *accessor) |
Revokes another application's access to client's application data. |
Function Documentation
int ckmc_allow_access | ( | const char * | alias, |
const char * | accessor, | ||
ckmc_access_right_e | granted | ||
) |
Allows another application to access client's application data.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- Data identified by alias should exist
- Parameters:
-
[in] alias Data alias for which access will be granted [in] accessor Package id of the application that will gain access rights [in] granted Rights granted for accessor application
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_deny_access()
int ckmc_create_key_pair_dsa | ( | const size_t | size, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates DSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- If password in policy is provided, the key is additionally encrypted with the password in policy.
- Parameters:
-
[in] size The size of key strength to be created
1024
,2048
,3072
and4096
are supported.[in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key The policy about how to store a private key securely [in] policy_public_key The policy about how to store a public key securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_create_key_pair_ecdsa | ( | const ckmc_ec_type_e | type, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- If password in policy is provided, the key is additionally encrypted with the password in policy.
- Parameters:
-
[in] type The type of elliptic curve of ECDSA [in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key The policy about how to store a private key securely [in] policy_public_key The policy about how to store a public key securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_create_key_pair_rsa | ( | const size_t | size, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates RSA private/public key pair and stores them inside key manager based on each policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- If password in policy is provided, the key is additionally encrypted with the password in policy.
- Parameters:
-
[in] size The size of key strength to be created
1024
,2048
, and4096
are supported.[in] private_key_alias The name of private key to be stored [in] public_key_alias The name of public key to be stored [in] policy_private_key The policy about how to store a private key securely [in] policy_public_key The policy about how to store a public key securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_create_signature | ( | const char * | private_key_alias, |
const char * | password, | ||
const ckmc_raw_buffer_s | message, | ||
const ckmc_hash_algo_e | hash, | ||
const ckmc_rsa_padding_algo_e | padding, | ||
ckmc_raw_buffer_s ** | ppsignature | ||
) |
Creates a signature on a given message using a private key and returns the signature.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- If password of policy is provided during storing a key, the same password should be provided.
- You must destroy the newly created ppsignature by calling ckmc_buffer_free() if it is no longer needed.
- Parameters:
-
[in] private_key_alias The name of private key [in] password The password used in decrypting a private key value [in] message The message that is signed with a private key [in] hash The hash algorithm used in creating signature [in] padding The RSA padding algorithm used in creating signature
It is used only when the signature algorithm is RSA.[out] ppsignature The pointer to a newly created signature
If an error occurs, *ppsignature will be null.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_deny_access | ( | const char * | alias, |
const char * | accessor | ||
) |
Revokes another application's access to client's application data.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- Data identified by alias should exist
- Only access previously granted with ckmc_allow_access can be revoked.
- Parameters:
-
[in] alias Data alias for which access will be revoked [in] accessor Package id of the application that will lose access rights
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the accessor doesn't have access to alias CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
- See also:
- ckmc_allow_access()
int ckmc_get_cert | ( | const char * | alias, |
const char * | password, | ||
ckmc_cert_s ** | ppcert | ||
) |
Gets a certificate from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only certificate stored by the client.
- A DER encoded certificate will be returned as a return value.
- You must destroy the newly created ppcert by calling ckmc_cert_free() if it is no longer needed.
- Parameters:
-
[in] alias The name of a certificate to retrieve [in] password The password used in decrypting a certificate value
If password of policy is provided in ckmc_save_cert(), the same password should be provided.[out] ppcert The pointer to a newly created ckmc_cert_s handle
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_cert_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all alias of certificates which the client can access.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only data stored by the client.
- You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
-
[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_cert_chain | ( | const ckmc_cert_s * | cert, |
const ckmc_cert_list_s * | untrustedcerts, | ||
ckmc_cert_list_s ** | ppcert_chain_list | ||
) |
Verifies a certificate chain and returns that chain.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- The trusted root certificate of the chain should exist in the system's certificate storage.
- You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
- Parameters:
-
[in] cert The certificate to be verified [in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain [out] ppcert_chain_list The pointer to a newly created certificate chain's handle
If an error occurs, *ppcert_chain_list will be null.
- Returns:
0
on success and the signature is valid, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_cert_chain_with_alias | ( | const ckmc_cert_s * | cert, |
const ckmc_alias_list_s * | untrustedcerts, | ||
ckmc_cert_list_s ** | ppcert_chain_list | ||
) |
Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- The trusted root certificate of the chain should exist in the system's certificate storage.
- You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
- Parameters:
-
[in] cert The certificate to be verified [in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain [out] ppcert_chain_list The pointer to a newly created certificate chain's handle
If an error occurs, *ppcert_chain_list will be null.
- Returns:
0
on success and the signature is valid, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_data | ( | const char * | alias, |
const char * | password, | ||
ckmc_raw_buffer_s ** | ppdata | ||
) |
Gets a data from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only data stored by the client.
- You must destroy the newly created ppdata by calling ckmc_buffer_free() if it is no longer needed.
- Parameters:
-
[in] alias The name of a data to retrieve [in] password The password used in decrypting a data value
If password of policy is provided in ckmc_save_data(), the same password should be provided.[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_data_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all alias of data which the client can access.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only data stored by the client.
- You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
-
[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_key | ( | const char * | alias, |
const char * | password, | ||
ckmc_key_s ** | ppkey | ||
) |
Gets a key from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only data stored by the client.
- You must destroy the newly created ppkey by calling ckmc_key_free() if it is no longer needed.
- Parameters:
-
[in] alias The name of a key to retrieve [in] password The password used in decrypting a key value
If password of policy is provided in ckmc_save_key(), the same password should be provided.[out] ppkey The pointer to a newly created ckmc_key_s handle
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_get_key_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all the alias of keys that the client can access.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- A client can access only data stored by the client.
- You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
- Parameters:
-
[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_remove_cert | ( | const char * | alias | ) |
Removes a certificate from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- To remove certificate, client must have remove permission to the specified certificate.
- The key owner can remove by default.
- Parameters:
-
[in] alias The name of a certificate to be removed
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_remove_data | ( | const char * | alias | ) |
Removes a data from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- To remove data, client must have remove permission to the specified data object.
- The data owner can remove by default.
- Parameters:
-
[in] alias The name of a data to be removed
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_remove_key | ( | const char * | alias | ) |
Removes a key from key manager.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- To remove key, client must have remove permission to the specified key.
- The key owner can remove by default.
- Parameters:
-
[in] alias The name of a key to be removed
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_save_cert | ( | const char * | alias, |
const ckmc_cert_s | cert, | ||
const ckmc_policy_s | policy | ||
) |
Stores a certificate inside key manager based on the provided policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- the certificate's binary value will be converted and saved as binary DER encoded certificates.
- Parameters:
-
[in] alias The name of a certificate to be stored [in] cert The certificate's binary value to be stored [in] policy The policy about how to store a certificate securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_save_data | ( | const char * | alias, |
ckmc_raw_buffer_s | data, | ||
const ckmc_policy_s | policy | ||
) |
Stores a data inside key manager based on the provided policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Parameters:
-
[in] alias The name of a data to be stored [in] data The binary value to be stored [in] policy The policy about how to store a data securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_save_key | ( | const char * | alias, |
const ckmc_key_s | key, | ||
const ckmc_policy_s | policy | ||
) |
Stores a key inside key manager based on the provided policy.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- Currently only six types of keys are supported for this API. These are RSA public/private key, DSA public/private key and ECDSA public/private key.
- key_type in key may be set to CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
- Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the ckmc_key_s structure.
- If password in policy is provided, the key is additionally encrypted with the password in policy.
- Parameters:
-
[in] alias The name of a key to be stored [in] key The key's binary value to be stored [in] policy The policy about how to store a key securely
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
int ckmc_verify_signature | ( | const char * | public_key_alias, |
const char * | password, | ||
const ckmc_raw_buffer_s | message, | ||
const ckmc_raw_buffer_s | signature, | ||
const ckmc_hash_algo_e | hash, | ||
const ckmc_rsa_padding_algo_e | padding | ||
) |
Verifies a given signature on a given message using a public key and returns the signature status.
- Since :
- 2.3.1
- Privilege Level:
- public
- Privilege:
- http://tizen.org/privilege/keymanager
- Remarks:
- If password of policy is provided during storing a key, the same password should be provided.
- Parameters:
-
[in] public_key_alias The name of public key [in] password The password used in decrypting a public key value [in] message The input on which the signature is created [in] signature The signature that is verified with public key [in] hash The hash algorithm used in verifying signature [in] padding The RSA padding algorithm used in verifying signature
It is used only when the signature algorithm is RSA.
- Returns:
0
on success and the signature is valid, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_VERIFICATION_FAILED The signature is invalid CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist CKMC_ERROR_PERMISSION_DENIED Failed to access key manager CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect.
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.