</Data>
<Key name="aes1" type="AES">
<Base64>
- MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+ QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
<Permission accessor="web_app1"/>
<Permission accessor="web_app2"/>
<Cert name="test-encryption-certificate" exportable="true">
<!-- Note IV differs between items -->
<EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
- H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH
- N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE
- W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf
- 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B
- ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk
- QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi
- w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL
- /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+
- VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6
- W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO
- 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk
- 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg
- q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr
- GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ
- SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX
- SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX
- RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn
- yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+
- +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1
- xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm
- /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy
- 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq
- 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx
- j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD
- /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA=
+ pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
+ /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
+ l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
+ XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
+ /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
+ osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
+ 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
+ TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
+ ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
+ oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
+ ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
+ tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
+ kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
+ DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
+ LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
+ XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
+ 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
+ a+r+N4lsYPKJbX2ywUvDHg==
</EncryptedDER>
</Cert>
<Data name="test-ascii-data-encryption">
<Data name="test-binary-data-encryption">
<!-- this below decrypts to small PNG image -->
<EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
- weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0
- Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x
- sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn
- 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh
- qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD
- LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ
- IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+
- 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9
- Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk
- z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW
- 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq
- 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr
- v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ
- I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+
- aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ
- fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k
- mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo
- FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu
- TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C
- XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m
- KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk
- 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD
- ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU
- ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL
- fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td
- Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf
- EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms
- fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU
- TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11
- IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w
- IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT
- HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b
- A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h
- GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs
- BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD
- +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/
- 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk
- KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p
- 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd
- RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe
- JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY
- Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP
- iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw
- SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC
- Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH
- O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946
- k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/
- d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu
- 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF
- m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr
- 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT
- dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt
- dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v
- tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy
- QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo
- KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox
- ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no
- o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc
- LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE
- bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x
- XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1
- ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC
- myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6
- MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ
- /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8
- HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB
- avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0=
+ weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
+ Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
+ oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
+ kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
+ KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
+ iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
+ gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
+ yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
+ Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
+ ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
+ v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
+ NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
+ udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
+ FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
+ IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
+ ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
+ asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
+ +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
+ Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
+ Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
+ XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
+ gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
+ g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
+ DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
+ T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
+ MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
+ CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
+ traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
+ q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
+ ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
+ Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
+ gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
+ 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
+ YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
+ pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
+ nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
+ pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
+ 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
+ hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
+ VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
+ lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
+ 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
+ LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
+ UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
+ rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
+ sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
+ 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
+ H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
+ e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
+ ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
+ MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
+ zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
+ 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
+ TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
+ aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
+ eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
+ +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
+ 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
+ p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
+ fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
+ mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
+ ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
+ YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
+ aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
+ jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
+ vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
+ INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
+ wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
+ Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
+ ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
+ 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
+ Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
+ q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
+ eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
+ USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
+ qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
+ p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
+ 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
+ orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
+ BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
+ YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
+ ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
+ HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
+ TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
+ jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
+ ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
+ Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
+ V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
+ RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
+ Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
+ Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
+ PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
+ zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
+ e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
+ eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
+ zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
+ 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
+ eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
+ HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
+ by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
+ n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
+ mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
+ PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
+ xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
+ wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
+ ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
+ EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
+ d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
+ 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
+ F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
+ HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
+ yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
+ Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
+ lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
+ xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
+ LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
+ eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
+ CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
+ U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
+ +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
+ IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
+ 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
+ FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
+ yYRBt5UqwGovABM08jYkuA==
</EncryptedBinary>
</Data>
</InitialValues>
// Too generic. The name does not say anything aobut content.
struct DataEncryption {
+ DataEncryption() {};
+ DataEncryption(RawBuffer encKey, RawBuffer ivector)
+ : encryptedKey(std::move(encKey))
+ , iv(std::move(ivector))
+ {}
RawBuffer encryptedKey;
RawBuffer iv;
};
namespace Crypto {
namespace {
-CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable) {
+CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) {
+// Only software backend supports device encyption key
+ if (encrypted)
+ return CryptoBackend::OpenSSL;
+
// The list of items that MUST be support by OpenSSL
if (dataType.isCertificate())
return CryptoBackend::OpenSSL;
"Backend not available. BackendId: ", (int)cryptoBackend);
}
-GStore& Decider::getStore(DataType data, bool exportable) const {
- return getStore(chooseCryptoBackend(data, exportable));
+GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const {
+ return getStore(chooseCryptoBackend(data, exportable, encrypted));
}
} // namespace Crypto
public:
Decider();
GStore& getStore(const Token &token) const;
- GStore& getStore(DataType data, bool exportable) const;
+ GStore& getStore(DataType data, bool exportable, bool encrypted = false) const;
virtual ~Decider(){}
protected:
#include <xml-utils.h>
#include <base64.h>
+namespace
+{
+const char * const XML_ATTR_IV = "IV";
+}
+
namespace CKM {
namespace InitialValues {
BufferHandler::BufferHandler(EncodingType type) : m_encoding(type) {}
BufferHandler::~BufferHandler() {}
-void BufferHandler::Start(const XML::Parser::Attributes &)
+void BufferHandler::Start(const XML::Parser::Attributes &attr)
{
+ // get key type
+ if(attr.find(XML_ATTR_IV) != attr.end()) {
+ std::string IVstring = attr.at(XML_ATTR_IV);
+ Base64Decoder base64;
+ base64.reset();
+ base64.append(RawBuffer(IVstring.begin(), IVstring.end()));
+ base64.finalize();
+ m_IV = base64.get();
+ }
}
void BufferHandler::End()
{
+ // decoding section
switch(m_encoding)
{
// PEM requires that "----- END" section comes right after "\n" character
// Base64 decoder also does not accept any whitespaces
case DER:
case BASE64:
+ case ENCRYPTED:
{
std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end()));
Base64Decoder base64;
#include <parser.h>
#include <EncodingType.h>
#include <ckm/ckm-type.h>
+#include <generic-backend/gobj.h>
namespace CKM {
namespace InitialValues {
const RawBuffer & getData() const {
return m_data;
}
+ bool isEncrypted() const {
+ if(m_encoding == EncodingType::ENCRYPTED)
+ return true;
+ return false;
+ }
+ const RawBuffer & getIV() const {
+ return m_IV;
+ }
private:
- EncodingType m_encoding;
- RawBuffer m_data;
+ EncodingType m_encoding;
+ RawBuffer m_IV;
+ RawBuffer m_data;
};
}
class CertHandler : public InitialValueHandler
{
public:
- explicit CertHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {}
+ explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
+ : InitialValueHandler(db_logic, encryptedKey) {}
virtual ~CertHandler();
virtual DataType getDataType() const;
class DataHandler : public InitialValueHandler
{
public:
- explicit DataHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {}
+ explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
+ : InitialValueHandler(db_logic, encryptedKey) {}
virtual ~DataHandler();
virtual DataType getDataType() const;
PEM,
DER,
ASCII,
- BASE64
+ BASE64,
+ // encrypted
+ ENCRYPTED
};
}
void InitialValueHandler::End()
{
- if(m_bufferHandler)
+ if (!m_bufferHandler) {
+ LogError("Invalid data with name: " << m_name << ", reason: no key data!");
+ return;
+ }
+
+ // save data
+ Policy policy(m_password, m_exportable);
+
+ Crypto::DataEncryption de;
+ if(m_bufferHandler->isEncrypted()) {
+ de.encryptedKey = m_encryptedKey;
+ de.iv = m_bufferHandler->getIV();
+ }
+
+ int ec = m_db_logic.importInitialData(m_name,
+ Crypto::Data(getDataType(), m_bufferHandler->getData()),
+ de,
+ policy);
+
+ if(CKM_API_SUCCESS != ec) {
+ LogError("Saving type: " << getDataType() << " with params: name(" <<
+ m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec);
+ return;
+ }
+
+ // save permissions
+ for(const auto & permission : m_permissions)
{
- // save data
- Policy policy(m_password, m_exportable);
- int ec = m_db_logic.verifyAndSaveDataHelper(
+ ec = m_db_logic.setPermissionHelper(
Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM),
m_name,
OWNER_ID_SYSTEM,
- Crypto::Data(getDataType(), m_bufferHandler->getData()),
- PolicySerializable(policy));
- if(CKM_API_SUCCESS == ec)
- {
- // save permissions
- for(const auto & permission : m_permissions)
- {
- ec = m_db_logic.setPermissionHelper(
- Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM),
- m_name,
- OWNER_ID_SYSTEM,
- permission->getAccessor(),
- Permission::READ);
- if(CKM_API_SUCCESS != ec)
- LogError("Saving permission to: " << m_name << " with params: accessor("<<permission->getAccessor()<<") failed, code: " << ec);
- }
+ permission->getAccessor(),
+ Permission::READ);
+ if (CKM_API_SUCCESS != ec) {
+ LogError("Saving permission to: " << m_name <<
+ " with params: accessor(" << permission->getAccessor() <<
+ ") failed, code: " << ec);
}
- else
- LogError("Saving type: " << getDataType() << " with params: name("<<m_name<<"), exportable("<<m_exportable<<") failed, code: " << ec);
}
- else
- LogError("Invalid data with name: " << m_name << ", reason: no key data!");
-}
+}
+
BufferHandler::BufferHandlerPtr InitialValueHandler::CreateBufferHandler(EncodingType type)
{
public:
typedef std::shared_ptr<InitialValueHandler> InitialValueHandlerPtr;
- explicit InitialValueHandler(CKMLogic & db_logic) : m_exportable(false),
- m_db_logic(db_logic) {}
+ explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
+ : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {}
virtual ~InitialValueHandler() {};
BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type);
Password m_password;
bool m_exportable;
CKMLogic & m_db_logic;
+ const CKM::RawBuffer & m_encryptedKey;
BufferHandler::BufferHandlerPtr m_bufferHandler;
std::vector<PermissionHandler::PermissionHandlerPtr> m_permissions;
const char * const XML_TAG_DER = "DER";
const char * const XML_TAG_ASCII = "ASCII";
const char * const XML_TAG_BASE64 = "Base64";
+const char * const XML_TAG_ENCRYPTED_DER = "EncryptedDER";
+const char * const XML_TAG_ENCRYPTED_ASCII = "EncryptedASCII";
+const char * const XML_TAG_ENCRYPTED_BINARY = "EncryptedBinary";
const char * const XML_TAG_PERMISSION = "Permission";
const char * const XML_ATTR_VERSION = "version";
}
m_parser.RegisterElementCb(XML_TAG_KEY,
[this]() -> XML::Parser::ElementHandlerPtr
{
- return GetObjectHandler(ObjectType::KEY);
+ return GetObjectHandler(ObjectType::KEY, m_encryptedAESkey);
},
[this](const XML::Parser::ElementHandlerPtr &)
{
m_parser.RegisterElementCb(XML_TAG_CERT,
[this]() -> XML::Parser::ElementHandlerPtr
{
- return GetObjectHandler(ObjectType::CERT);
+ return GetObjectHandler(ObjectType::CERT, m_encryptedAESkey);
},
[this](const XML::Parser::ElementHandlerPtr &)
{
m_parser.RegisterElementCb(XML_TAG_DATA,
[this]() -> XML::Parser::ElementHandlerPtr
{
- return GetObjectHandler(ObjectType::DATA);
+ return GetObjectHandler(ObjectType::DATA, m_encryptedAESkey);
},
[this](const XML::Parser::ElementHandlerPtr &)
{
{
ReleaseBufferHandler(EncodingType::BASE64);
});
+ m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_DER,
+ [this]() -> XML::Parser::ElementHandlerPtr
+ {
+ return GetBufferHandler(EncodingType::ENCRYPTED);
+ },
+ [this](const XML::Parser::ElementHandlerPtr &)
+ {
+ ReleaseBufferHandler(EncodingType::ENCRYPTED);
+ });
+ m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_ASCII,
+ [this]() -> XML::Parser::ElementHandlerPtr
+ {
+ return GetBufferHandler(EncodingType::ENCRYPTED);
+ },
+ [this](const XML::Parser::ElementHandlerPtr &)
+ {
+ ReleaseBufferHandler(EncodingType::ENCRYPTED);
+ });
+ m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_BINARY,
+ [this]() -> XML::Parser::ElementHandlerPtr
+ {
+ return GetBufferHandler(EncodingType::ENCRYPTED);
+ },
+ [this](const XML::Parser::ElementHandlerPtr &)
+ {
+ ReleaseBufferHandler(EncodingType::ENCRYPTED);
+ });
m_parser.RegisterElementCb(XML_TAG_PERMISSION,
[this]() -> XML::Parser::ElementHandlerPtr
{
return ec;
}
-XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type)
+XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type,
+ const CKM::RawBuffer &encryptedKey)
{
switch(type)
{
case KEY:
- m_currentHandler = std::make_shared<KeyHandler>(m_db_logic);
+ m_currentHandler = std::make_shared<KeyHandler>(m_db_logic, encryptedKey);
break;
case CERT:
- m_currentHandler = std::make_shared<CertHandler>(m_db_logic);
+ m_currentHandler = std::make_shared<CertHandler>(m_db_logic, encryptedKey);
break;
case DATA:
- m_currentHandler = std::make_shared<DataHandler>(m_db_logic);
+ m_currentHandler = std::make_shared<DataHandler>(m_db_logic, encryptedKey);
break;
default:
DATA
};
- XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type);
+ XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type, const CKM::RawBuffer &encryptedKey);
void ReleaseObjectHandler(ObjectType type);
XML::Parser::ElementHandlerPtr GetBufferHandler(EncodingType type);
XML::Parser::ElementHandlerPtr GetPermissionHandler();
void ReleasePermissionHandler();
-private:
- std::string m_filename;
- XML::Parser m_parser;
- InitialValueHandler::InitialValueHandlerPtr m_currentHandler;
- CKMLogic & m_db_logic;
+private:
class HeaderHandler : public XML::Parser::ElementHandler
{
public:
InitialValuesFile & m_parent;
};
+ std::string m_filename;
+ XML::Parser m_parser;
+ InitialValueHandler::InitialValueHandlerPtr m_currentHandler;
+ CKMLogic & m_db_logic;
typedef std::shared_ptr<HeaderHandler> HeaderHandlerPtr;
typedef std::shared_ptr<EncryptionKeyHandler> EncryptionKeyHandlerPtr;
HeaderHandlerPtr m_header;
class KeyHandler : public InitialValueHandler
{
public:
- explicit KeyHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic),
- m_keyType(KeyType::KEY_NONE) {}
+ explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
+ : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {}
virtual ~KeyHandler();
virtual void Start(const XML::Parser::Attributes &);
return response.Pop();
}
+int CKMLogic::importInitialData(
+ const Name &name,
+ const Crypto::Data &data,
+ const Crypto::DataEncryption &enc,
+ const Policy &policy)
+{
+ if (CKM_API_SUCCESS != unlockSystemDB() )
+ ThrowErr(Exc::DatabaseLocked, "can not unlock system database");
+ auto &handler = m_userDataMap[SYSTEM_DB_UID];
+
+ if (!isNameValid(name))
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ Crypto::GStore& store =
+ m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty());
+
+ Token token;
+ if (enc.encryptedKey.empty())
+ token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password);
+ else
+ token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc);
+
+ DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast<int>(policy.extractable));
+ handler.crypto.encryptRow(row);
+
+ DB::Crypto::Transaction transaction(&handler.database);
+ handler.database.saveRow(row);
+ transaction.commit();
+
+ return CKM_API_SUCCESS;
+}
+
int CKMLogic::saveDataHelper(
const Credentials &cred,
const Name &name,
const PermissionMask permissionMask);
int setPermissionHelper(
- const Credentials &cred,
- const Name &name,
- const Label &ownerLabel,
- const Label &accessorLabel,
- const PermissionMask permissionMask);
+ const Credentials &cred,
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel,
+ const PermissionMask permissionMask);
int verifyAndSaveDataHelper(
const Credentials &cred,
const Crypto::Data &data,
const PolicySerializable &policy);
- int getKeyForService(const Credentials &cred,
- const Name &name,
- const Label &label,
- const Password& pass,
- Crypto::GObjShPtr& key);
+ int getKeyForService(
+ const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password& pass,
+ Crypto::GObjShPtr& key);
+
+ int importInitialData(
+ const Name &name,
+ const Crypto::Data &data,
+ const Crypto::DataEncryption &enc,
+ const Policy &policy);
protected:
int unlockSystemDB();
</Key>
<!-- key below is encrypted using AES-CBC algorithm.
The key used is decrypted <EncryptionKey> provided above.
+ IV is Base64 encoded.
Encryption:
* encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
-->
<Key name="test-encryption-prv" type="RSA_PRV">
- <EncryptedDER IV="_ThisIsIVForAES_">
+ <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
</Key>
<Cert name="test-encryption-certificate" exportable="true">
<!-- Note IV differs between items -->
- <EncryptedDER IV="IVdiffersFrItems">
- H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH
- N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE
- W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf
- 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B
- ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk
- QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi
- w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL
- /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+
- VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6
- W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO
- 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk
- 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg
- q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr
- GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ
- SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX
- SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX
- RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn
- yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+
- +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1
- xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm
- /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy
- 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq
- 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx
- j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD
- /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA=
+ <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
+ pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
+ /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
+ l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
+ XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
+ /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
+ osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
+ 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
+ TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
+ ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
+ oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
+ ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
+ tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
+ kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
+ DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
+ LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
+ XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
+ 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
+ a+r+N4lsYPKJbX2ywUvDHg==
</EncryptedDER>
</Cert>
<Data name="test-ascii-data-encryption">
<!-- this below decrypts to ASCII: "My secret data" -->
- <EncryptedASCII IV="__another_IV_2__">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
+ <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
</Data>
<Data name="test-binary-data-encryption">
<!-- this below decrypts to small PNG image -->
- <EncryptedBinary IV="PNGIVPNGIVPNGIVP">
+ <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0
Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x
sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn