X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=Artifacts%2Fbin%2FTizen.Security.SecureRepository.xml;h=80b26db574775a54d13b2076125bbf7e3034a354;hb=7fe3a7b745e1539847e25bbc50112e5da0c21597;hp=88bd3c908be55809d8bcd09646d50e1b00709c71;hpb=4da4fdaf729055150ee519580129db53e4b61e3e;p=platform%2Fcore%2Fcsapi%2Ftizenfx.git
diff --git a/Artifacts/bin/Tizen.Security.SecureRepository.xml b/Artifacts/bin/Tizen.Security.SecureRepository.xml
index 88bd3c9..80b26db 100644
--- a/Artifacts/bin/Tizen.Security.SecureRepository.xml
+++ b/Artifacts/bin/Tizen.Security.SecureRepository.xml
@@ -1,1352 +1,1352 @@
-
-
-
- Tizen.Security.SecureRepository
-
-
-
-
- Class that represents a certificate.
-
- 3
-
-
-
- Load Certificate from the given file path.
-
- 3
- The path of certificate file to be loaded.
- Loaded certificate class instance.
-
- filePath should not be null
-
-
- Invalid certificate file format. Provided file path does not exist or
- cannot be accessed.
-
-
-
-
- A constructor of Certificate that takes the binary and its format.
-
- 3
- The binary data of a certificate.
- The format of the binary data.
-
-
-
- The binary value of a certificate.
-
- 3
-
-
-
- The format of the binary value.
-
- 3
-
-
-
- This class provides the methods handling certificates.
-
- 3
-
-
-
- Gets a certificate from secure repository.
-
- 3
- The name of a certificate to retrieve.
-
- The password used in decrypting a certificate value. If password of
- policy is provided in SaveCertificate(), the same password should be
- provided.
-
- A certificate specified by alias.
-
- Alias argument is null
-
-
- Alias argument is invalid format.
-
-
- Certificate does not exist with the alias or certificate-protecting
- password isn't matched.
-
-
-
-
- Gets all alias of certificates which the client can access.
-
- 3
- All alias of certificates which the client can access.
- No alias to get.
-
-
-
- Stores a certificate inside secure repository based on the provided policy.
-
- 3
- The name of a certificate to be stored.
- The certificate's binary value to be stored.
-
- The policy about how to store a certificate securely.
-
-
- Any of argument is null.
-
-
- Alias argument is invalid format. cert argument is invalid format.
-
-
- Certificate with alias does already exist.
-
-
-
-
- Verifies a certificate chain and returns that chain.
-
- 3
- The certificate to be verified.
-
- The untrusted CA certificates to be used in verifying a certificate chain.
-
- A newly created certificate chain.
-
- certificate argument is null.
-
-
- Some of certificate in arguments is invalid.
-
-
- Some of certificate in arguments is expired or not valid yet.
- Certificate cannot build chain.
- Root certificate is not in trusted system certificate store.
-
-
- The trusted root certificate of the chain should exist in the system's
- certificate storage.
-
-
- The trusted root certificate of the chain in system's certificate storage
- is added to the certificate chain.
-
-
-
-
- Verifies a certificate chain and returns that chain using user entered
- trusted and untrusted CA certificates.
-
- 3
- The certificate to be verified.
-
- The untrusted CA certificates to be used in verifying a certificate chain.
-
-
- The trusted CA certificates to be used in verifying a certificate chain.
-
-
- The flag indicating the use of the trusted root certificates in the
- system's certificate storage.
-
- A newly created certificate chain.
-
- certificate argument is null.
-
-
- Some of certificate in arguments is invalid.
-
-
- Some of certificate in arguments is expired or not valid yet.
- Certificate cannot build chain.
- Root certificate is not in trusted system certificate store.
-
-
- The trusted root certificate of the chain in system's certificate storage
- is added to the certificate chain.
-
-
-
-
- Perform OCSP which checks certificate is whether revoked or not.
-
- 3
-
- Valid certificate chain to perform OCSP check.
-
- A status result of OCSP check.
-
- certificateChain argument is null.
-
-
- certificateChain is not valid chain or certificate.
-
-
- some of certificate in chain is expired or not valid yet.
-
-
-
-
- A class holding parameters for AES algorithm with CBC mode.
-
- 3
-
-
-
- A default constructor
-
- 3
- The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCbc.
-
-
-
- A class holding parameters for AES algorithm with CFB mode.
-
- 3
-
-
-
- A default constructor
-
- 3
- The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCfb.
-
-
-
- A abstract class holding parameters for AES algorithm.
-
- 3
-
-
-
- An initialization vector.
-
- 3
-
-
-
- A class holding parameters for AES algorithm with counter mode.
-
- 3
-
-
-
- A default constructor
-
- 3
- The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCtr.
-
-
-
- Length of counter block in bits.
-
- 3
- Optional, only 128b is supported at the moment.
- value should be positive.
-
-
-
- A class holding parameters for AES algorithm with GCM mode.
-
- 3
-
-
-
- A default constructor
-
- 3
- The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesGcm.
-
-
-
- GCM tag length in bits.
-
- 3
- One of {32, 64, 96, 104, 112, 120, 128} (optional, if not present the length 128 is used.
- TagLength should be one of {32, 64, 96, 104, 112, 120, 128}
-
-
-
- Additional authentication data(optional)
-
- 3
-
-
-
- This class provides the methods encrypting and decrypting data.
-
- 3
-
-
-
- A constructor of Cipher that takes the algorithm specific parameters.
-
- 3
- The algorithm specific parameters.
-
-
-
- The algorithm specific parameters.
-
- 3
-
-
-
- Decrypts data using selected key and algorithm.
-
- 3
- Alias of the key to be used for decryption.
-
- The password used in decrypting a key value. If password of policy is
- provided in SaveKey(), the same password should be provided
-
-
- Data to be decrypted (some algorithms may require additional information
- embedded in encrypted data.AES GCM is an example).
-
- Decrypted data.
-
- keyAlias or cipherText is null.
-
-
- Mandatory algorithm parameter is missing or invalid.
- Optional algorithm parameter is invalid.
-
-
- Key-protecting password isn't matched.
- Key does not exist with keyAlias.
-
-
- The key type specified by keyAlias should be compatible with the algorithm
- specified in Parameters.
-
-
-
-
- Encrypts data using selected key and algorithm.
-
- 3
- Alias of the key to be used for encryption.
-
- The password used in decrypting a key value. If password of policy is
- provided in SaveKey(), the same password should be provided.
-
-
- Data to be encrypted. In case of AES algorithm there are no restrictions on
- the size of data. For RSA the size must be smaller or equal to (key_size_in
- bytes - 42). Example: for 1024 RSA key the maximum data size is
- 1024/8 - 42 = 86.
-
- Encrypted data.
-
- keyAlias or plainText is null.
-
-
- Mandatory algorithm parameter is missing or invalid.
- Optional algorithm parameter is invalid.
-
-
- Key-protecting password isn't matched.
- Key does not exist with keyAlias.
-
-
- The key type specified by keyAlias should be compatible with the algorithm
- specified in Parameters.
-
-
-
-
- Enumeration for crypto cipher algorithm types.
-
- 3
-
-
-
- AES-CTR algorithm
- Supported parameters:
- - ParameterName.AlgorithmType = AesCtr(mandatory),
- - ParameterName.IV = 16 - byte initialization vector(mandatory)
- - ParameterName.CounterLength = length of counter block in bits
- (optional, only 128b is supported at the moment)
-
-
-
-
- AES-CBC algorithm
- Supported parameters:
- - ParameterName.AlgorithmType = AesCbc(mandatory),
- - ParameterName.IV = 16-byte initialization vector(mandatory)
-
-
-
-
- AES-GCM algorithm
- Supported parameters:
- - ParameterName.AlgorithmType = AesGcm(mandatory),
- - ParameterName.IV = initialization vector(mandatory)
- - ParameterName.TagLength = GCM tag length in bits. One of
- {32, 64, 96, 104, 112, 120, 128} (optional, if not present the length 128 is used)
- - CKMC_PARAM_ED_AAD = additional authentication data(optional)
-
-
-
-
- AES-CFB algorithm
- Supported parameters:
- - ParameterName.AlgorithmType = AesCfb(mandatory),
- - ParameterName.IV = 16-byte initialization vector(mandatory)
-
-
-
-
- RSA-OAEP algorithm
- Supported parameters:
- - ParameterName.AlgorithmType = RsaOaep(required),
- - ParameterName.Label = label to be associated with the message
- (optional, not supported at the moment)
-
-
-
-
- Enumeration for cipher algorithm parameters.
-
- 3
-
-
-
- Algorithm Type
-
-
-
-
- Initial Vector, 16B buffer (up to 2^64-1 bytes long in case of AES GCM)
-
-
-
-
- Integer - ctr length in bits
-
-
-
-
- Additional authenticated data(AAD)
-
-
-
-
- Tag Length
-
-
-
-
- Label
-
-
-
-
- A abstract class holding parameters for encryption and decryption.
-
- 3
-
-
-
- Cipher algorithm type.
-
- 3
-
-
-
- A class holding parameters for DSA signature algorithm.
-
- 3
-
-
-
- A default constructor
-
- 3
-
-
-
- A class holding parameters for ECDSA signature algorithm.
-
- 3
-
-
-
- A default constructor
-
- 3
-
-
-
- Enumeration for hash algorithm
-
- 3
-
-
-
- No Hash Algorithm
-
-
-
-
- Hash Algorithm SHA1
-
-
-
-
- Hash Algorithm SHA256
-
-
-
-
- Hash Algorithm SHA384
-
-
-
-
- Hash Algorithm SHA512
-
-
-
-
- A class holding parameters for RSA algorithm with OAEP mode.
-
- 3
-
-
-
- A default constructor
-
- 3
- The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.RsaOaep.
-
-
-
- Enumeration for RSA padding algorithm
-
- 3
-
-
-
- No Padding
-
-
-
-
- PKCS#1 Padding
-
-
-
-
- X9.31 padding
-
-
-
-
- A class holding parameters for RSA signature algorithm.
-
- 3
-
-
-
- A default constructor
-
- 3
- The RsaPadding is set to RsaPaddingAlgorithm.None.
-
-
-
- RSA padding algorithm
-
- 3
-
-
-
- This class provides the methods creating and verifying a signature.
-
- 3
-
-
-
- A constructor of Signature that takes the algorithm specific parameters.
-
- 3
- The algorithm specific parameters.
-
-
-
- The algorithm specific parameters.
-
- 3
-
-
-
- Creates a signature on a given message using a private key and returns
- the signature.
-
- 3
- The name of private key.
-
- The password used in decrypting a private key value.
-
- The message that is signed with a private key.
- A newly created signature.
-
- privateKeyAlias or message is null.
-
-
- privateKeyAlias is invalid format.
-
-
- Key-protecting password isn't matched.
- Key does not exist with privateKeyAlias.
-
-
- The key type specified by privateKeyAlias should be compatible with the
- algorithm specified in Parameters.
-
-
- If password of policy is provided during storing a key, the same password
- should be provided.
-
-
-
-
- Verifies a given signature on a given message using a public key and returns
- the signature status.
-
- 3
- The name of public key.
-
- The password used in decrypting a public key value.
-
- The input on which the signature is created.
- The signature that is verified with public key.
-
- The signature status. True is returned when the signature is valid.
-
-
- publicKeyAlias, message or signature is null.
-
-
- publicKeyAlias is invalid format.
-
-
- Key-protecting password isn't matched.
- Key does not exist with publicKeyAlias.
-
-
- The key type specified by publicKeyAlias should be compatible with the
- algorithm specified in Parameters.
-
-
- If password of policy is provided during storing a key, the same password
- should be provided.
-
-
-
-
- Enumeration for signature algorithm types.
-
- 3
-
-
-
- RSA signature algorithm
-
-
-
-
- DSA signature algorithm
-
-
-
-
- ECDSA signature algorithm
-
-
-
-
- Enumeration for signature algorithm parameters.
-
- 3
-
-
-
- Signaturea Algorithm Type
-
-
-
-
- Hash Algorithm Type
-
-
-
-
- RSA Padding Algorithm Type
-
-
-
-
- A abstract class holding parameters for signing and verification.
-
- 3
-
-
-
- Signature algorithm type.
-
- 3
-
-
-
- Hash algorithm used in signing anve verification.
-
- 3
-
-
-
- Enumeration for data format
-
- 3
-
-
-
- DER format base64 encoded data
-
-
-
-
- DER encoded data
-
-
-
-
- PEM encoded data. It consists of the DER format base64 encoded
- with additional header and footer lines.
-
-
-
-
- This class provides the methods storing and retrieving data.
-
- 3
-
-
-
- Gets data from secure repository.
-
- 3
- The name of a certificate to retrieve.
-
- The password used in decrypting a data value.
- If password of policy is provided in SaveData(), the same password should
- be provided.
-
- Data specified by alias.
-
- Alias argument is null.
-
-
- Alias argument is invalid format.
-
-
- Data does not exist with the alias or data-protecting password isn't matched.
-
-
-
-
- Gets all alias of data which the client can access.
-
- 3
- All alias of data which the client can access.
- No alias to get.
-
-
-
- Stores data inside secure repository based on the provided policy.
-
- 3
- The name of data to be stored.
- The binary value to be stored.
- The policy about how to store data securely.
-
- Any of argument is null.
-
-
- Alias argument is invalid format. Data policy cannot be unextractable.
-
-
- Data with alias does already exist.
-
-
-
-
- Enumeration for elliptic curve
-
- 3
-
-
-
- Elliptic curve domain "secp192r1" listed in "SEC 2" recommended elliptic curve domain
-
-
-
-
- "SEC 2" recommended elliptic curve domain - secp256r1
-
-
-
-
- NIST curve P-384(covers "secp384r1", the elliptic curve domain listed in See SEC 2
-
-
-
-
- Class that represents a key.
-
- 3
-
-
-
- A constructor of Key that takes the binary, its type, and optional password
- of binary.
-
- 3
-
- The binary value of a key. This binary may be encrypted with binaryPassword.
-
- The key's type.
-
- The password used to decrypt binary when binary is encrypted.
-
-
-
-
- The binary value of a key.
-
- 3
-
-
-
- The key's type.
-
- 3
-
-
-
- The password used to decrypt binary when binary is encrypted. It's optional.
-
- 3
-
-
-
- This class provides the methods storing, retrieving, and creating keys.
-
- 3
-
-
-
- Gets a key from secure repository.
-
- 3
- The name of a key to retrieve.
-
- The password used in decrypting a key value.
- If password of policy is provided in SaveKey(), the same password should
- be provided.
-
- A key specified by alias.
-
- Alias argument is null.
-
-
- Alias argument is invalid format.
-
-
- Key does not exist with the alias or key-protecting password isn't matched.
-
-
-
-
- Gets all alias of keys which the client can access.
-
- 3
- All alias of keys which the client can access.
- No alias to get.
-
-
-
- Stores a key inside secure repository based on the provided policy.
-
- 3
- The name of a key to be stored.
- The key's binary value to be stored.
- The policy about how to store a key securely.
-
- Any of argument is null.
-
-
- Alias argument is invalid format. key argument is invalid format.
-
-
- Key with alias does already exist.
-
-
- Type in key may be set to KeyType.None as an input.
- Type is determined inside secure reposioty during storing keys.
-
-
- If password in policy is provided, the key is additionally encrypted with
- the password in policy.
-
-
-
-
- Creates RSA private/public key pair and stores them inside secure repository
- based on each policy.
-
- 3
-
- The size of key strength to be created. 1024, 2048, and 4096 are supported.
-
- The name of private key to be stored.
- The name of public key to be stored.
-
- The policy about how to store a private key securely.
-
-
- The policy about how to store a public key securely.
-
-
- Any of argument is null.
-
-
- size is invalid. privateKeyAlias or publicKeyAlias is invalid format.
-
-
- Key with privateKeyAlias or publicKeyAlias does already exist.
-
-
- If password in policy is provided, the key is additionally encrypted with the
- password in policy.
-
-
-
-
- Creates DSA private/public key pair and stores them inside secure repository
- based on each policy.
-
- 3
-
- The size of key strength to be created. 1024, 2048, 3072, and 4096 are
- supported.
-
- The name of private key to be stored.
- The name of public key to be stored.
-
- The policy about how to store a private key securely.
-
-
- The policy about how to store a public key securely.
-
-
- Any of argument is null.
-
-
- size is invalid. privateKeyAlias or publicKeyAlias is invalid format.
-
-
- Key with privateKeyAlias or publicKeyAlias does already exist.
-
-
- If password in policy is provided, the key is additionally encrypted with
- the password in policy.
-
-
-
-
- Creates ECDSA private/public key pair and stores them inside secure repository
- based on each policy.
-
- 3
- The type of elliptic curve of ECDSA.
- The name of private key to be stored.
- The name of public key to be stored.
-
- The policy about how to store a private key securely.
-
-
- The policy about how to store a public key securely.
-
-
- Any of argument is null.
-
-
- Elliptic curve type is invalid. privateKeyAlias or publicKeyAlias is
- invalid format.
-
-
- Key with privateKeyAlias or publicKeyAlias does already exist.
-
-
- If password in policy is provided, the key is additionally encrypted with
- the password in policy.
-
-
-
-
- Creates AES key and stores it inside secure repository based on each policy.
-
- 3
-
- The size of key strength to be created. 128, 192 and 256 are supported.
-
- The name of key to be stored.
- The policy about how to store the key securely.
-
- keyAlias or policy is null.
-
-
- Key size is invalid. keyAlias is invalid format.
-
-
- Key with privateKeyAlias or publicKeyAlias does already exist.
-
-
- If password in policy is provided, the key is additionally encrypted with
- the password in policy.
-
-
-
-
- Enumeration for key types of key manager.
-
- 3
-
-
-
- Key type not specified
-
-
-
-
- RSA public key
-
-
-
-
- RSA private key
-
-
-
-
- ECDSA public key
-
-
-
-
- ECDSA private key
-
-
-
-
- DSA public key
-
-
-
-
- DSA private key
-
-
-
-
- AES key
-
-
-
-
- This class is a base class of XxxManager classes. It provides the common methods
- for all sub classes.
-
- 3
-
-
-
- Creates a new full alias which is concatenation of owner id and alias.
-
- 3
- Data owner's id. This should be package id if data
- owner is application. If you want to access data stored by system services,
- use CreateFullSystemAlias() instead.
- Data alias.
-
-
-
- Creates a new full alias which is concatenation of system service's
- owner id and alias.
-
- 3
- Data alias which is owned by system service.
-
-
-
- Removes a an entry (no matter of type) from the key manager.
-
- 3
- Item alias to be removed.
- alias is null.
- alias is invalid format.
- alias does not exist.
-
- To remove item, client must have remove permission to the specified item.
-
- The item owner can remove by default.
-
-
-
- Allows another application to access client's application data.
-
- 3
- Item alias for which access will be granted.
-
- Package id of the application that will gain access rights.
-
-
- Mask of permissions(Permission enum) granted for an application with
- otherPackageId.
-
-
- alias or otherPackageId is null.
-
-
- alias or otherPackageId is invalid format.
-
- alias does not exist.
- Data identified by alias should exist.
- The item owner can set permissions.
-
-
-
- Enumeration for OCSP status.
-
- 3
-
-
-
- OCSP status is good
-
-
-
-
- The certificate is revoked
-
-
-
-
- Unknown error
-
-
-
-
- The certificate does not provide OCSP extension
-
-
-
-
- The invalid URL in certificate OCSP extension
-
-
-
-
- The invalid response from OCSP server
-
-
-
-
- OCSP remote server error
-
-
-
-
- Network connection error
-
-
-
-
- Internal error
-
-
-
-
- Enumeration for permissions to access/modify alias.
-
- 3
-
-
-
- Clear permissions
-
-
-
-
- Eead allowed
-
-
-
-
- Remove allowed
-
-
-
-
- Class that represents a PKCS#12 contents.
- It has a private key or its certificate or all the members of a chain of trust.
-
- 3
-
-
-
- Load Pkcs12 from the given PKCS#12 file path.
-
- 3
- The path of PKCS12 file to be loaded.
- The passphrase used to decrypt the PCKS12 file.
- If PKCS12 file is not encrypted, passphrase can be null.
- filePath is null.
-
- No file on filePath.
- No permission to access file.
- File is invalid PKCS12 format.
- File cannot be extracted with provided filePassword.
-
-
-
-
- A constructor of Key that takes a private key.
-
- 3
- A private key.
-
-
-
- A constructor of Key that takes a private key, its corresponding certicate,
- and CA's certificate chain.
-
- 3
- A private key.
- A certificate corresponding the private key
-
- A certificate chain of CA(Certificate Authority) that issued the certificate.
-
-
-
-
- A private key.
-
- 3
-
-
-
- A certificate corresponding the private key.
-
- 3
-
-
-
- A certificate chain of CA(Certificate Authority) that issued the certificate.
-
- 3
-
-
-
- This class provides the methods storing, retrieving Pkcs12 contents.
-
- 3
-
-
-
- Gets Pkcs12 contents from secure repository.
-
- 3
- The name of data to retrieve.
-
- The password used in decrypting a private key value. If password of
- keyPolicy is provided in SavePkcs12(), the same password should be provided
-
-
- The password used in decrypting a certificate value. If password of
- certificatePolicy is provided in SavePkcs12(), the same password should be
- provided
-
- A Pkcs12 data specified by alias.
- Alias argument is null.
-
- Alias argument is invalid format.
-
-
- Pkcs12 does not exist with the alias.
- Optional password of key in Pkcs12 isn't matched.
- Optional password of certificate in Pkcs12 isn't matched.
-
-
-
-
- Stores PKCS12's contents inside key manager based on the provided policies.
- All items from the PKCS12 will use the same alias.
-
- 3
- The name of a data to be stored.
- The pkcs12 data to be stored.
-
- The policy about how to store pkcs's private key.
-
-
- The policy about how to store pkcs's certificate.
-
- Any of argument is null.
-
- Alias argument is invalid format. Pkcs12 argument is invalid format.
-
-
- Pkcs12 with alias does already exist.
-
-
-
-
- A class for a policy for storing key, certificate, and binary data.
-
- 3
-
-
-
- A default constructor of Policy with default policy.
-
- 3
- The default value for Password is null and the default value for Extractabl is false.
-
-
-
- A constructor of Key that takes the password and the flag for extractable.
-
- 3
- Used to encrypt data secure repository.
- If true key may be extracted from secure repository.
-
-
-
- Used to encrypt data secure repository. If it is not null, the data
- (or key, or certificate) is stored encrypted with this password inside secure repository
-
- 3
-
-
-
- If true key may be extracted from secure repository.
-
- 3
-
-
-
+
+
+
+ Tizen.Security.SecureRepository
+
+
+
+
+ Class that represents a certificate.
+
+ 3
+
+
+
+ Load Certificate from the given file path.
+
+ 3
+ The path of certificate file to be loaded.
+ Loaded certificate class instance.
+
+ filePath should not be null
+
+
+ Invalid certificate file format. Provided file path does not exist or
+ cannot be accessed.
+
+
+
+
+ A constructor of Certificate that takes the binary and its format.
+
+ 3
+ The binary data of a certificate.
+ The format of the binary data.
+
+
+
+ The binary value of a certificate.
+
+ 3
+
+
+
+ The format of the binary value.
+
+ 3
+
+
+
+ This class provides the methods handling certificates.
+
+ 3
+
+
+
+ Gets a certificate from secure repository.
+
+ 3
+ The name of a certificate to retrieve.
+
+ The password used in decrypting a certificate value. If password of
+ policy is provided in SaveCertificate(), the same password should be
+ provided.
+
+ A certificate specified by alias.
+
+ Alias argument is null
+
+
+ Alias argument is invalid format.
+
+
+ Certificate does not exist with the alias or certificate-protecting
+ password isn't matched.
+
+
+
+
+ Gets all alias of certificates which the client can access.
+
+ 3
+ All alias of certificates which the client can access.
+ No alias to get.
+
+
+
+ Stores a certificate inside secure repository based on the provided policy.
+
+ 3
+ The name of a certificate to be stored.
+ The certificate's binary value to be stored.
+
+ The policy about how to store a certificate securely.
+
+
+ Any of argument is null.
+
+
+ Alias argument is invalid format. cert argument is invalid format.
+
+
+ Certificate with alias does already exist.
+
+
+
+
+ Verifies a certificate chain and returns that chain.
+
+ 3
+ The certificate to be verified.
+
+ The untrusted CA certificates to be used in verifying a certificate chain.
+
+ A newly created certificate chain.
+
+ certificate argument is null.
+
+
+ Some of certificate in arguments is invalid.
+
+
+ Some of certificate in arguments is expired or not valid yet.
+ Certificate cannot build chain.
+ Root certificate is not in trusted system certificate store.
+
+
+ The trusted root certificate of the chain should exist in the system's
+ certificate storage.
+
+
+ The trusted root certificate of the chain in system's certificate storage
+ is added to the certificate chain.
+
+
+
+
+ Verifies a certificate chain and returns that chain using user entered
+ trusted and untrusted CA certificates.
+
+ 3
+ The certificate to be verified.
+
+ The untrusted CA certificates to be used in verifying a certificate chain.
+
+
+ The trusted CA certificates to be used in verifying a certificate chain.
+
+
+ The flag indicating the use of the trusted root certificates in the
+ system's certificate storage.
+
+ A newly created certificate chain.
+
+ certificate argument is null.
+
+
+ Some of certificate in arguments is invalid.
+
+
+ Some of certificate in arguments is expired or not valid yet.
+ Certificate cannot build chain.
+ Root certificate is not in trusted system certificate store.
+
+
+ The trusted root certificate of the chain in system's certificate storage
+ is added to the certificate chain.
+
+
+
+
+ Perform OCSP which checks certificate is whether revoked or not.
+
+ 3
+
+ Valid certificate chain to perform OCSP check.
+
+ A status result of OCSP check.
+
+ certificateChain argument is null.
+
+
+ certificateChain is not valid chain or certificate.
+
+
+ some of certificate in chain is expired or not valid yet.
+
+
+
+
+ A class holding parameters for AES algorithm with CBC mode.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCbc.
+
+
+
+ A class holding parameters for AES algorithm with CFB mode.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCfb.
+
+
+
+ A abstract class holding parameters for AES algorithm.
+
+ 3
+
+
+
+ An initialization vector.
+
+ 3
+
+
+
+ A class holding parameters for AES algorithm with counter mode.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesCtr.
+
+
+
+ Length of counter block in bits.
+
+ 3
+ Optional, only 128b is supported at the moment.
+ value should be positive.
+
+
+
+ A class holding parameters for AES algorithm with GCM mode.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.AesGcm.
+
+
+
+ GCM tag length in bits.
+
+ 3
+ One of {32, 64, 96, 104, 112, 120, 128} (optional, if not present the length 128 is used.
+ TagLength should be one of {32, 64, 96, 104, 112, 120, 128}
+
+
+
+ Additional authentication data(optional)
+
+ 3
+
+
+
+ This class provides the methods encrypting and decrypting data.
+
+ 3
+
+
+
+ A constructor of Cipher that takes the algorithm specific parameters.
+
+ 3
+ The algorithm specific parameters.
+
+
+
+ The algorithm specific parameters.
+
+ 3
+
+
+
+ Decrypts data using selected key and algorithm.
+
+ 3
+ Alias of the key to be used for decryption.
+
+ The password used in decrypting a key value. If password of policy is
+ provided in SaveKey(), the same password should be provided
+
+
+ Data to be decrypted (some algorithms may require additional information
+ embedded in encrypted data.AES GCM is an example).
+
+ Decrypted data.
+
+ keyAlias or cipherText is null.
+
+
+ Mandatory algorithm parameter is missing or invalid.
+ Optional algorithm parameter is invalid.
+
+
+ Key-protecting password isn't matched.
+ Key does not exist with keyAlias.
+
+
+ The key type specified by keyAlias should be compatible with the algorithm
+ specified in Parameters.
+
+
+
+
+ Encrypts data using selected key and algorithm.
+
+ 3
+ Alias of the key to be used for encryption.
+
+ The password used in decrypting a key value. If password of policy is
+ provided in SaveKey(), the same password should be provided.
+
+
+ Data to be encrypted. In case of AES algorithm there are no restrictions on
+ the size of data. For RSA the size must be smaller or equal to (key_size_in
+ bytes - 42). Example: for 1024 RSA key the maximum data size is
+ 1024/8 - 42 = 86.
+
+ Encrypted data.
+
+ keyAlias or plainText is null.
+
+
+ Mandatory algorithm parameter is missing or invalid.
+ Optional algorithm parameter is invalid.
+
+
+ Key-protecting password isn't matched.
+ Key does not exist with keyAlias.
+
+
+ The key type specified by keyAlias should be compatible with the algorithm
+ specified in Parameters.
+
+
+
+
+ Enumeration for crypto cipher algorithm types.
+
+ 3
+
+
+
+ AES-CTR algorithm
+ Supported parameters:
+ - ParameterName.AlgorithmType = AesCtr(mandatory),
+ - ParameterName.IV = 16 - byte initialization vector(mandatory)
+ - ParameterName.CounterLength = length of counter block in bits
+ (optional, only 128b is supported at the moment)
+
+
+
+
+ AES-CBC algorithm
+ Supported parameters:
+ - ParameterName.AlgorithmType = AesCbc(mandatory),
+ - ParameterName.IV = 16-byte initialization vector(mandatory)
+
+
+
+
+ AES-GCM algorithm
+ Supported parameters:
+ - ParameterName.AlgorithmType = AesGcm(mandatory),
+ - ParameterName.IV = initialization vector(mandatory)
+ - ParameterName.TagLength = GCM tag length in bits. One of
+ {32, 64, 96, 104, 112, 120, 128} (optional, if not present the length 128 is used)
+ - CKMC_PARAM_ED_AAD = additional authentication data(optional)
+
+
+
+
+ AES-CFB algorithm
+ Supported parameters:
+ - ParameterName.AlgorithmType = AesCfb(mandatory),
+ - ParameterName.IV = 16-byte initialization vector(mandatory)
+
+
+
+
+ RSA-OAEP algorithm
+ Supported parameters:
+ - ParameterName.AlgorithmType = RsaOaep(required),
+ - ParameterName.Label = label to be associated with the message
+ (optional, not supported at the moment)
+
+
+
+
+ Enumeration for cipher algorithm parameters.
+
+ 3
+
+
+
+ Algorithm Type
+
+
+
+
+ Initial Vector, 16B buffer (up to 2^64-1 bytes long in case of AES GCM)
+
+
+
+
+ Integer - ctr length in bits
+
+
+
+
+ Additional authenticated data(AAD)
+
+
+
+
+ Tag Length
+
+
+
+
+ Label
+
+
+
+
+ A abstract class holding parameters for encryption and decryption.
+
+ 3
+
+
+
+ Cipher algorithm type.
+
+ 3
+
+
+
+ A class holding parameters for DSA signature algorithm.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+
+
+
+ A class holding parameters for ECDSA signature algorithm.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+
+
+
+ Enumeration for hash algorithm
+
+ 3
+
+
+
+ No Hash Algorithm
+
+
+
+
+ Hash Algorithm SHA1
+
+
+
+
+ Hash Algorithm SHA256
+
+
+
+
+ Hash Algorithm SHA384
+
+
+
+
+ Hash Algorithm SHA512
+
+
+
+
+ A class holding parameters for RSA algorithm with OAEP mode.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The CipherAlgorithmType in CipherParameters is set to CipherAlgorithmType.RsaOaep.
+
+
+
+ Enumeration for RSA padding algorithm
+
+ 3
+
+
+
+ No Padding
+
+
+
+
+ PKCS#1 Padding
+
+
+
+
+ X9.31 padding
+
+
+
+
+ A class holding parameters for RSA signature algorithm.
+
+ 3
+
+
+
+ A default constructor
+
+ 3
+ The RsaPadding is set to RsaPaddingAlgorithm.None.
+
+
+
+ RSA padding algorithm
+
+ 3
+
+
+
+ This class provides the methods creating and verifying a signature.
+
+ 3
+
+
+
+ A constructor of Signature that takes the algorithm specific parameters.
+
+ 3
+ The algorithm specific parameters.
+
+
+
+ The algorithm specific parameters.
+
+ 3
+
+
+
+ Creates a signature on a given message using a private key and returns
+ the signature.
+
+ 3
+ The name of private key.
+
+ The password used in decrypting a private key value.
+
+ The message that is signed with a private key.
+ A newly created signature.
+
+ privateKeyAlias or message is null.
+
+
+ privateKeyAlias is invalid format.
+
+
+ Key-protecting password isn't matched.
+ Key does not exist with privateKeyAlias.
+
+
+ The key type specified by privateKeyAlias should be compatible with the
+ algorithm specified in Parameters.
+
+
+ If password of policy is provided during storing a key, the same password
+ should be provided.
+
+
+
+
+ Verifies a given signature on a given message using a public key and returns
+ the signature status.
+
+ 3
+ The name of public key.
+
+ The password used in decrypting a public key value.
+
+ The input on which the signature is created.
+ The signature that is verified with public key.
+
+ The signature status. True is returned when the signature is valid.
+
+
+ publicKeyAlias, message or signature is null.
+
+
+ publicKeyAlias is invalid format.
+
+
+ Key-protecting password isn't matched.
+ Key does not exist with publicKeyAlias.
+
+
+ The key type specified by publicKeyAlias should be compatible with the
+ algorithm specified in Parameters.
+
+
+ If password of policy is provided during storing a key, the same password
+ should be provided.
+
+
+
+
+ Enumeration for signature algorithm types.
+
+ 3
+
+
+
+ RSA signature algorithm
+
+
+
+
+ DSA signature algorithm
+
+
+
+
+ ECDSA signature algorithm
+
+
+
+
+ Enumeration for signature algorithm parameters.
+
+ 3
+
+
+
+ Signaturea Algorithm Type
+
+
+
+
+ Hash Algorithm Type
+
+
+
+
+ RSA Padding Algorithm Type
+
+
+
+
+ A abstract class holding parameters for signing and verification.
+
+ 3
+
+
+
+ Signature algorithm type.
+
+ 3
+
+
+
+ Hash algorithm used in signing anve verification.
+
+ 3
+
+
+
+ Enumeration for data format
+
+ 3
+
+
+
+ DER format base64 encoded data
+
+
+
+
+ DER encoded data
+
+
+
+
+ PEM encoded data. It consists of the DER format base64 encoded
+ with additional header and footer lines.
+
+
+
+
+ This class provides the methods storing and retrieving data.
+
+ 3
+
+
+
+ Gets data from secure repository.
+
+ 3
+ The name of a certificate to retrieve.
+
+ The password used in decrypting a data value.
+ If password of policy is provided in SaveData(), the same password should
+ be provided.
+
+ Data specified by alias.
+
+ Alias argument is null.
+
+
+ Alias argument is invalid format.
+
+
+ Data does not exist with the alias or data-protecting password isn't matched.
+
+
+
+
+ Gets all alias of data which the client can access.
+
+ 3
+ All alias of data which the client can access.
+ No alias to get.
+
+
+
+ Stores data inside secure repository based on the provided policy.
+
+ 3
+ The name of data to be stored.
+ The binary value to be stored.
+ The policy about how to store data securely.
+
+ Any of argument is null.
+
+
+ Alias argument is invalid format. Data policy cannot be unextractable.
+
+
+ Data with alias does already exist.
+
+
+
+
+ Enumeration for elliptic curve
+
+ 3
+
+
+
+ Elliptic curve domain "secp192r1" listed in "SEC 2" recommended elliptic curve domain
+
+
+
+
+ "SEC 2" recommended elliptic curve domain - secp256r1
+
+
+
+
+ NIST curve P-384(covers "secp384r1", the elliptic curve domain listed in See SEC 2
+
+
+
+
+ Class that represents a key.
+
+ 3
+
+
+
+ A constructor of Key that takes the binary, its type, and optional password
+ of binary.
+
+ 3
+
+ The binary value of a key. This binary may be encrypted with binaryPassword.
+
+ The key's type.
+
+ The password used to decrypt binary when binary is encrypted.
+
+
+
+
+ The binary value of a key.
+
+ 3
+
+
+
+ The key's type.
+
+ 3
+
+
+
+ The password used to decrypt binary when binary is encrypted. It's optional.
+
+ 3
+
+
+
+ This class provides the methods storing, retrieving, and creating keys.
+
+ 3
+
+
+
+ Gets a key from secure repository.
+
+ 3
+ The name of a key to retrieve.
+
+ The password used in decrypting a key value.
+ If password of policy is provided in SaveKey(), the same password should
+ be provided.
+
+ A key specified by alias.
+
+ Alias argument is null.
+
+
+ Alias argument is invalid format.
+
+
+ Key does not exist with the alias or key-protecting password isn't matched.
+
+
+
+
+ Gets all alias of keys which the client can access.
+
+ 3
+ All alias of keys which the client can access.
+ No alias to get.
+
+
+
+ Stores a key inside secure repository based on the provided policy.
+
+ 3
+ The name of a key to be stored.
+ The key's binary value to be stored.
+ The policy about how to store a key securely.
+
+ Any of argument is null.
+
+
+ Alias argument is invalid format. key argument is invalid format.
+
+
+ Key with alias does already exist.
+
+
+ Type in key may be set to KeyType.None as an input.
+ Type is determined inside secure reposioty during storing keys.
+
+
+ If password in policy is provided, the key is additionally encrypted with
+ the password in policy.
+
+
+
+
+ Creates RSA private/public key pair and stores them inside secure repository
+ based on each policy.
+
+ 3
+
+ The size of key strength to be created. 1024, 2048, and 4096 are supported.
+
+ The name of private key to be stored.
+ The name of public key to be stored.
+
+ The policy about how to store a private key securely.
+
+
+ The policy about how to store a public key securely.
+
+
+ Any of argument is null.
+
+
+ size is invalid. privateKeyAlias or publicKeyAlias is invalid format.
+
+
+ Key with privateKeyAlias or publicKeyAlias does already exist.
+
+
+ If password in policy is provided, the key is additionally encrypted with the
+ password in policy.
+
+
+
+
+ Creates DSA private/public key pair and stores them inside secure repository
+ based on each policy.
+
+ 3
+
+ The size of key strength to be created. 1024, 2048, 3072, and 4096 are
+ supported.
+
+ The name of private key to be stored.
+ The name of public key to be stored.
+
+ The policy about how to store a private key securely.
+
+
+ The policy about how to store a public key securely.
+
+
+ Any of argument is null.
+
+
+ size is invalid. privateKeyAlias or publicKeyAlias is invalid format.
+
+
+ Key with privateKeyAlias or publicKeyAlias does already exist.
+
+
+ If password in policy is provided, the key is additionally encrypted with
+ the password in policy.
+
+
+
+
+ Creates ECDSA private/public key pair and stores them inside secure repository
+ based on each policy.
+
+ 3
+ The type of elliptic curve of ECDSA.
+ The name of private key to be stored.
+ The name of public key to be stored.
+
+ The policy about how to store a private key securely.
+
+
+ The policy about how to store a public key securely.
+
+
+ Any of argument is null.
+
+
+ Elliptic curve type is invalid. privateKeyAlias or publicKeyAlias is
+ invalid format.
+
+
+ Key with privateKeyAlias or publicKeyAlias does already exist.
+
+
+ If password in policy is provided, the key is additionally encrypted with
+ the password in policy.
+
+
+
+
+ Creates AES key and stores it inside secure repository based on each policy.
+
+ 3
+
+ The size of key strength to be created. 128, 192 and 256 are supported.
+
+ The name of key to be stored.
+ The policy about how to store the key securely.
+
+ keyAlias or policy is null.
+
+
+ Key size is invalid. keyAlias is invalid format.
+
+
+ Key with privateKeyAlias or publicKeyAlias does already exist.
+
+
+ If password in policy is provided, the key is additionally encrypted with
+ the password in policy.
+
+
+
+
+ Enumeration for key types of key manager.
+
+ 3
+
+
+
+ Key type not specified
+
+
+
+
+ RSA public key
+
+
+
+
+ RSA private key
+
+
+
+
+ ECDSA public key
+
+
+
+
+ ECDSA private key
+
+
+
+
+ DSA public key
+
+
+
+
+ DSA private key
+
+
+
+
+ AES key
+
+
+
+
+ This class is a base class of XxxManager classes. It provides the common methods
+ for all sub classes.
+
+ 3
+
+
+
+ Creates a new full alias which is concatenation of owner id and alias.
+
+ 3
+ Data owner's id. This should be package id if data
+ owner is application. If you want to access data stored by system services,
+ use CreateFullSystemAlias() instead.
+ Data alias.
+
+
+
+ Creates a new full alias which is concatenation of system service's
+ owner id and alias.
+
+ 3
+ Data alias which is owned by system service.
+
+
+
+ Removes a an entry (no matter of type) from the key manager.
+
+ 3
+ Item alias to be removed.
+ alias is null.
+ alias is invalid format.
+ alias does not exist.
+
+ To remove item, client must have remove permission to the specified item.
+
+ The item owner can remove by default.
+
+
+
+ Allows another application to access client's application data.
+
+ 3
+ Item alias for which access will be granted.
+
+ Package id of the application that will gain access rights.
+
+
+ Mask of permissions(Permission enum) granted for an application with
+ otherPackageId.
+
+
+ alias or otherPackageId is null.
+
+
+ alias or otherPackageId is invalid format.
+
+ alias does not exist.
+ Data identified by alias should exist.
+ The item owner can set permissions.
+
+
+
+ Enumeration for OCSP status.
+
+ 3
+
+
+
+ OCSP status is good
+
+
+
+
+ The certificate is revoked
+
+
+
+
+ Unknown error
+
+
+
+
+ The certificate does not provide OCSP extension
+
+
+
+
+ The invalid URL in certificate OCSP extension
+
+
+
+
+ The invalid response from OCSP server
+
+
+
+
+ OCSP remote server error
+
+
+
+
+ Network connection error
+
+
+
+
+ Internal error
+
+
+
+
+ Enumeration for permissions to access/modify alias.
+
+ 3
+
+
+
+ Clear permissions
+
+
+
+
+ Eead allowed
+
+
+
+
+ Remove allowed
+
+
+
+
+ Class that represents a PKCS#12 contents.
+ It has a private key or its certificate or all the members of a chain of trust.
+
+ 3
+
+
+
+ Load Pkcs12 from the given PKCS#12 file path.
+
+ 3
+ The path of PKCS12 file to be loaded.
+ The passphrase used to decrypt the PCKS12 file.
+ If PKCS12 file is not encrypted, passphrase can be null.
+ filePath is null.
+
+ No file on filePath.
+ No permission to access file.
+ File is invalid PKCS12 format.
+ File cannot be extracted with provided filePassword.
+
+
+
+
+ A constructor of Key that takes a private key.
+
+ 3
+ A private key.
+
+
+
+ A constructor of Key that takes a private key, its corresponding certicate,
+ and CA's certificate chain.
+
+ 3
+ A private key.
+ A certificate corresponding the private key
+
+ A certificate chain of CA(Certificate Authority) that issued the certificate.
+
+
+
+
+ A private key.
+
+ 3
+
+
+
+ A certificate corresponding the private key.
+
+ 3
+
+
+
+ A certificate chain of CA(Certificate Authority) that issued the certificate.
+
+ 3
+
+
+
+ This class provides the methods storing, retrieving Pkcs12 contents.
+
+ 3
+
+
+
+ Gets Pkcs12 contents from secure repository.
+
+ 3
+ The name of data to retrieve.
+
+ The password used in decrypting a private key value. If password of
+ keyPolicy is provided in SavePkcs12(), the same password should be provided
+
+
+ The password used in decrypting a certificate value. If password of
+ certificatePolicy is provided in SavePkcs12(), the same password should be
+ provided
+
+ A Pkcs12 data specified by alias.
+ Alias argument is null.
+
+ Alias argument is invalid format.
+
+
+ Pkcs12 does not exist with the alias.
+ Optional password of key in Pkcs12 isn't matched.
+ Optional password of certificate in Pkcs12 isn't matched.
+
+
+
+
+ Stores PKCS12's contents inside key manager based on the provided policies.
+ All items from the PKCS12 will use the same alias.
+
+ 3
+ The name of a data to be stored.
+ The pkcs12 data to be stored.
+
+ The policy about how to store pkcs's private key.
+
+
+ The policy about how to store pkcs's certificate.
+
+ Any of argument is null.
+
+ Alias argument is invalid format. Pkcs12 argument is invalid format.
+
+
+ Pkcs12 with alias does already exist.
+
+
+
+
+ A class for a policy for storing key, certificate, and binary data.
+
+ 3
+
+
+
+ A default constructor of Policy with default policy.
+
+ 3
+ The default value for Password is null and the default value for Extractabl is false.
+
+
+
+ A constructor of Key that takes the password and the flag for extractable.
+
+ 3
+ Used to encrypt data secure repository.
+ If true key may be extracted from secure repository.
+
+
+
+ Used to encrypt data secure repository. If it is not null, the data
+ (or key, or certificate) is stored encrypted with this password inside secure repository
+
+ 3
+
+
+
+ If true key may be extracted from secure repository.
+
+ 3
+
+
+