+/**
+ * @brief Unwraps one key with another and stores it inside key manager.
+ *
+ * @since_tizen 7.5
+ *
+ * @remarks The wrapping key must be either symmetric (#CKMC_KEY_AES) or private RSA
+ * (#CKMC_KEY_RSA_PRIVATE).
+ * @remarks key_type in @a wrapped_key may be set to #CKMC_KEY_NONE as an input. In such case the
+ * key type is determined inside key manager during storing keys.
+ * @remarks password in @a wrapped_key must be set to NULL. There's no need to additionally encrypt
+ * a wrapped key.
+ * @remarks If password in @a policy is provided, the stored key is additionally encrypted with it.
+ * @remarks If extractable in @a policy is set to false, the stored key may still be exported in a
+ * wrapped form.
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_AES_CTR,
+ * - #CKMC_ALGO_AES_CBC,
+ * - #CKMC_ALGO_AES_GCM,
+ * - #CKMC_ALGO_AES_CFB,
+ * - #CKMC_ALGO_RSA_OAEP
+ * @param[in] wrapping_key_alias The name of the wrapping key.
+ * @param[in] wrapping_key_password An optional password of the wrapping key
+ * @param[in] alias The name of a key to be stored
+ * @param[in] wrapped_key The wrapped key to be unwrapped and stored
+ * @param[in] policy The policy about how to store a key securely
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, GCM tag authentication failed,
+ * @a wrapping_key_alias = NULL, @a alias = NULL,
+ * @a wrapped_key = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a wrapping_key_alias does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a alias already exists
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of @a wrapped_key is not valid
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because
+ * @a wrapping_key_password is incorrect
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_export_wrapped_key()
+ * @see #ckmc_key_s
+ * @see #ckmc_param_list_h
+ * @see #ckmc_policy_s
+ */
+int ckmc_import_wrapped_key(const ckmc_param_list_h params,
+ const char *wrapping_key_alias,
+ const char *wrapping_key_password,
+ const char *alias,
+ const ckmc_key_s *wrapped_key,
+ const ckmc_policy_s policy);
+
+
+/**
+ * @brief Wraps one key with another and returns it to the client.
+ *
+ * @since_tizen 7.5
+ *
+ * @remarks The wrapping key must be either symmetric (#CKMC_KEY_AES) or public RSA
+ * (#CKMC_KEY_RSA_PUBLIC).
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_AES_CTR,
+ * - #CKMC_ALGO_AES_CBC,
+ * - #CKMC_ALGO_AES_GCM,
+ * - #CKMC_ALGO_AES_CFB,
+ * - #CKMC_ALGO_RSA_OAEP
+ * @param[in] wrapping_key_alias The name of the wrapping key
+ * @param[in] wrapping_key_password An optional password of the wrapping key
+ * @param[in] alias The name of the key to be wrapped and exported
+ * @param[in] password An optional password used to decrypt the key pointed by @a alias
+ * @param[out] ppwrapped_key The wrapped key
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, GCM tag authentication failed,
+ * @a wrapping_key_alias = NULL, @a alias = NULL,
+ * @a wrapped_key = NULL, @a ppwrapped_key = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a wrapping_key_alias or @a alias does not exist
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because
+ * @a wrapping_key_password is incorrect
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_import_wrapped_key()
+ * @see #ckmc_key_s
+ * @see #ckmc_param_list_h
+ */
+int ckmc_export_wrapped_key(const ckmc_param_list_h params,
+ const char *wrapping_key_alias,
+ const char *wrapping_key_password,
+ const char *alias,
+ const char *password,
+ ckmc_key_s **ppwrapped_key);
+
+
+/**
+ * @brief Derives a key from another key/secret and stores it inside key manager.
+ *
+ * @since_tizen 7.5
+ *
+ * @remarks The derived key will be a symmetric one. It will be stored as a #CKMC_KEY_AES.
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_KBKDF,
+ * - #CKMC_ALGO_ECDH,
+ * @param[in] secret_alias Alias of the secret/key to use as an input
+ * @param[in] secret_password Optional password of the secret/key used as an input
+ * @param[in] new_key_alias The name under which the derived key will be stored
+ * @param[in] new_key_policy Policy used to store the derived key
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, @a secret_alias = NULL,
+ * @a new_key_alias = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a secret_alias does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a new_key_alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Secret decryption failed because @a secret_password is
+ * incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_key_derive_ecdh()
+ * @see #ckmc_param_list_h
+ * @see #ckmc_policy_s
+ */
+int ckmc_key_derive(const ckmc_param_list_h params,
+ const char *secret_alias,
+ const char *secret_password,
+ const char *new_key_alias,
+ ckmc_policy_s new_key_policy);
+