--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_ODE_KEYS_H__
+#define __CAPI_ODE_KEYS_H__
+
+#include <ode/common.h>
+
+/**
+ * @file keys.h
+ * @brief This file provides APIs to manage encryption keys of given block devices.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Enumeration for key generation parameters
+ * @since_tizen 4.0
+ */
+typedef enum {
+ /** Key length: 256 bits. Other parameters: default. */
+ ODE_KEY_DEFAULT_256BIT = 1,
+ /** Key length: 512 bits. Other parameters: default. */
+ ODE_KEY_DEFAULT_512BIT = 2,
+} ode_key_gen_params_e;
+
+/**
+ * @brief Checks whether the device's encryption key exists
+ *
+ * @details This API can be used to check whether the key used for
+ * @a device encryption exists i.e. it was initialized using
+ * ode_key_init().
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the key status is checked
+ * @param[out] result Whether @a device encryption key was created
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ *
+ * @see ode_key_init()
+ * @see ode_key_clean()
+ */
+ODE_API int ode_key_is_initialized(const char* device, bool* result);
+
+/**
+ * @brief Initializes device encryption key
+ *
+ * @details This API can be used to initialize the key that will be used for
+ * @a device encryption. This key will be encrypted by another key
+ * derived from user's password and stored in internal memory.
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the key will be set
+ * @param[in] password The password to use
+ * @param[in] method The type of key initialization method used
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ *
+ * @see ode_key_change_password()
+ * @see ode_key_clean()
+ * @see ode_key_is_initialized()
+ * @see ode_key_verify_password()
+ * @see #ode_key_method_e
+ */
+ODE_API int ode_key_init(const char* device,
+ const char* password,
+ ode_key_gen_params_e params = ODE_KEY_DEFAULT_256BIT);
+
+/**
+ * @brief Removes device encryption key
+ *
+ * @details This API can be used to delete the key used for @a device
+ * encryption.
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the key will be deleted
+ * @param[in] password The current password the key is secured with
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ *
+ * @pre The @a password must match the current password used for
+ * @a device key encryption
+ *
+ * @see ode_key_init()
+ * @see ode_key_change_password()
+ */
+ODE_API int ode_key_remove(const char* device, const char* password);
+
+/**
+ * @brief Changes the password used for device key encryption.
+ *
+ * @details This API can be use to change the current password used for
+ * @a device key encryption.
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device Device for which the password should be changed
+ * @param[in] cur_password Current password for @a device key encryption
+ * @param[in] new_password New password for @a device key encryption
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ *
+ * @pre The @a cur_password must match the current password used for
+ * @a device key encryption
+ *
+ * @see ode_key_init()
+ * @see ode_key_clean()
+ * @see ode_key_verify_password()
+ */
+ODE_API int ode_key_change_password(const char* device,
+ const char* cur_password,
+ const char* new_password);
+
+/**
+ * @brief Verifies the password used for device key encryption.
+ *
+ * @details This API can be used to check if given @a password matches the
+ * current password used for @a device key encryption.
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the password should be checked
+ * @param[in] password The password to be verified
+ * @param[out] result The result of verification
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ *
+ * @see ode_key_init()
+ * @see ode_key_change_password()
+ */
+ODE_API int ode_key_verify_password(const char* device,
+ const char* password,
+ bool* result);
+
+/*
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CAPI_ODE_KEYS_H__ */