--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=9" />
+ <link rel="stylesheet" type="text/css" href="../../css/styles.css" />
+ <link rel="stylesheet" type="text/css" href="../../css/snippet.css" />
+ <script type="text/javascript" src="../../scripts/snippet.js"></script>
+ <script type="text/javascript" src="../../scripts/jquery.util.js" charset="utf-8"></script>
+ <script type="text/javascript" src="../../scripts/common.js" charset="utf-8"></script>
+ <script type="text/javascript" src="../../scripts/core.js" charset="utf-8"></script>
+ <script type="text/javascript" src="../../scripts/search.js" charset="utf-8"></script>
+
+ <title>Secure Repository</title>
+</head>
+
+<body onload="prettyPrint()" style="overflow: auto;">
+
+<div id="toc-navigation">
+ <div id="profile">
+ <p><img alt="Mobile C#" src="../../images/mobile_s_cs.png"/> <img alt="TV C#" src="../../images/tv_s_cs.png"/></p>
+ </div>
+
+ <div id="toc_border"><div id="toc">
+ <p class="toc-title">Dependencies</p>
+ <ul class="toc">
+ <li>Tizen 4.0 and Higher for Mobile and TV</li>
+ </ul>
+ <p class="toc-title">Content</p>
+ <ul class="toc">
+ <li><a href="#aliases">Aliases</a></li>
+ <li><a href="#prerequisites">Prerequisites</a></li>
+ <li><a href="#save_get_remove_keys">Saving, Getting, or Removing a Key</a></li>
+ <li><a href="#save_get_remove_certs">Saving, Getting, or Removing a Certificate</a></li>
+ <li><a href="#save_get_remove_data">Saving, Getting, or Removing Data</a></li>
+ <li><a href="#creating_keys">Creating Keys</a></li>
+ <li><a href="#create_verify_sigs">Creating and Verifying Signatures</a></li>
+ <li><a href="#cert_chain">Verifying and Returning a Certificate Chain</a></li>
+ <li><a href="#load_file">Loading a Certificate File or a PKCS#12 File</a></li>
+ <li><a href="#access_control">Implementing Access Control</a></li>
+ </ul>
+ <p class="toc-title">Related Info</p>
+ <ul class="toc">
+ <li><a href="https://developer.tizen.org/dev-guide/csapi/namespaceTizen_1_1Security_1_1SecureRepository.html">Tizen.Security.SecureRepository Namespace</a></li>
+ </ul>
+ </div></div>
+</div>
+
+<div id="container"><div id="contents"><div class="content">
+
+<h1>Secure Repository</h1>
+
+<p>You can use a secure repository to store keys, certificates, and sensitive data related to users and their password-protected applications. In addition, the repository provides cryptographic operations for generating new key pairs and verifying signatures. The central secure repository is protected by a password.</p>
+
+<p>The secure repository features are provided by a key manager. An application functions as a key manager client, and accesses the secure repository through the key manager.</p>
+
+<p>The main features of the Tizen.Security.SecureRepository namespace include:</p>
+
+<ul>
+ <li>Data store policy
+ <p>A client can specify simple access rules when storing items in the secure repository:</p>
+ <ul>
+ <li>Extractable or non-extractable
+ <p>The secure repository returns the raw value only for items marked extractable. For items marked non-extractable, the secure repository provides secure cryptographic operations to handle it without revealing the key values to the client.</p>
+ </li>
+ <li>Per key password
+ <p>All items in the secure repository are protected by a user password. Additionally, a client can provide its own password to encrypt items when saving them into the repository. The same password must then be provided when getting the item from the secure repository.</p>
+ </li>
+ </ul>
+ </li>
+ <li>Access control
+ <p>By default, only the data owner can access the data. If the owner grants access to other applications, those applications can read or delete the data from the secure depository.</p>
+ <p>When an application is deleted, the data and access control information granted by the application are also removed.</p></li>
+</ul>
+
+ <p align="center"><strong>Figure: Key manager process</strong></p>
+ <p align="center"><img alt="Key manager process" src="../../images/key_manager.png" /></p>
+
+<p>The key manager provides 2 types of operations:</p>
+<ul>
+ <li>Secure repository operations
+ <p>You can:</p>
+ <ul>
+ <li><a href="#save_get_remove_keys">Save, get, or remove a key</a></li>
+ <li><a href="#save_get_remove_certs">Save, get, or remove a certificate</a></li>
+ <li><a href="#save_get_remove_data">Save, get, or remove data</a></li>
+ </ul>
+ </li>
+ <li>Secure crypto operations
+ <p>With non-extractable keys and certificates, you can:</p>
+ <ul>
+ <li><a href="#creating_keys">Create keys and key pairs</a></li>
+ <li><a href="#create_verify_sigs">Create or verify signatures</a></li>
+ <li><a href="#cert_chain">Verify and return a certificate chain</a></li>
+ <li><a href="#load_file">Load a certificate file or a PKCS#12 file</a></li>
+ <li><a href="#access_control">Implement access control</a></li>
+ </ul>
+ </li>
+</ul>
+
+<h2 id="aliases">Aliases</h2>
+All data stored in the secure repository is saved under an alias, which is a text string that must conform to certain conditions:
+<ul>
+ <li>The format of an alias is "<package_id> <name>" and the name cannot contain any white space characters.</li>
+ <li>If the client does not provide the package ID, the <code>CreateFullAlias()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1Manager.html">Tizen.Security.SecureRepository.Manager</a> class adds the client package ID to the name internally.</li>
+ <li>The client can only specify its own package ID in the alias when storing a key, certificate, or data.</li>
+ <li>The client must specify the package ID of the owner in the alias to retrieve a key, certificate, or data shared by other applications.</li>
+</ul>
+
+<h2 id="prerequisites">Prerequisites</h2>
+<p>To use the methods and properties of the <a href="https://developer.tizen.org/dev-guide/csapi/namespaceTizen_1_1Security_1_1SecureRepository.html">Tizen.Security.SecureRepository</a> namespace, include it in your application:</p>
+<pre class="prettyprint">
+using Tizen.Security.SecureRepository;
+</pre>
+
+<h2 id="save_get_remove_keys">Saving, Getting, or Removing a Key</h2>
+To store, retrieve, or remove a client's keys from the key manager:
+
+<ul>
+ <li>Save a new key by using the <code>Save()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1KeyManager.html">Tizen.Security.SecureRepository.KeyManager</a> class:
+<pre class="prettyprint">
+using System;
+using System.Text;
+
+string aliasAes = "C#API_AESKEY_TEST";
+string aliasPublic = "C#API_PUBLICKEY_TEST";
+string aliasPrivate = "C#API_PRIVATEKEY_TEST";
+
+byte[] bin = new byte[16];
+Random rnd = new Random();
+rnd.NextBytes(bin);
+
+Key keyAes = new Key(bin, KeyType.Aes, null);
+
+string privateKeyPasswd = "1234";
+string privateKeyString = "-----BEGIN RSA PRIVATE KEY-----\n" +
+ "Proc-Type: 4,ENCRYPTED\n" +
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n" +
+ "\n" +
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n" +
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n" +
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n" +
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n" +
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n" +
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n" +
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n" +
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n" +
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n" +
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n" +
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n" +
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n" +
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n" +
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n" +
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n" +
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n" +
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n" +
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n" +
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n" +
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n" +
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n" +
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n" +
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n" +
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n" +
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n" +
+ "-----END RSA PRIVATE KEY-----\n";
+Key keyPrivate = new Key(Encoding.UTF8.GetBytes(privateKeyString), KeyType.RsaPrivate, privateKeyPasswd);
+
+String publicKeyString = "-----BEGIN PUBLIC KEY-----\n" +
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" +
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" +
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" +
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" +
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" +
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" +
+ "zQIDAQAB\n" +
+ "-----END PUBLIC KEY-----\n";
+Key keyPublic = new Key(Encoding.UTF8.GetBytes(publicKeyString), KeyType.RsaPublic, null);
+
+try
+{
+ KeyManager.Save(aliasAes, keyAes, new Policy());
+ KeyManager.Save(aliasPrivate, keyPrivate, new Policy());
+ KeyManager.Save(aliasPublic, keyPublic, new Policy());
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Get a specific key with a given alias by using the <code>Get()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_KEY_TEST";
+
+try
+{
+ Key key = KeyManager.Get(alias, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre></li>
+ <li>Get the entire list of key aliases the client has access to by using the <code>GetAliases()</code> method:
+<pre class="prettyprint">
+try
+{
+ IEnumerable<string> aliases = KeyManager.GetAliases();
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Remove the key using the <code>RemoveAlias()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_KEY_TEST";
+
+try
+{
+ KeyManager.RemoveAlias(alias);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+<h2 id="save_get_remove_certs">Saving, Getting, or Removing a Certificate</h2>
+<p>To store, retrieve, or remove a client's certificates from the key manager:</p>
+
+<ul>
+ <li>Save a new certificate by using the <code>Save()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1CertificateManager.html">Tizen.Security.SecureRepository.CertificateManager</a> class:
+<pre class="prettyprint">
+using System.Text;
+
+string certPem = "-----BEGIN CERTIFICATE-----\n" +
+"MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n" +
+"BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n" +
+"cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n" +
+"WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"+
+"TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n" +
+"b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
+"ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n" +
+"gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n" +
+"HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n" +
+"d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n" +
+"wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n" +
+"xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n" +
+"BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n" +
+"CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n" +
+"L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n" +
+"b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n" +
+"BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n" +
+"MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n" +
+"bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n" +
+"ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n" +
+"xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n" +
+"dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n" +
+"9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n" +
+"9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n" +
+"rHva8A==\n" +
+"-----END CERTIFICATE-----\n";
+
+Certificate cert = new Certificate(Encoding.UTF8.GetBytes(certPem), DataFormat.Pem);
+string alias = " C#API_CERT_TEST";
+
+try
+{
+ CertificateManager.Save(alias, cert, new Policy());
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Get a specific certificate with a given alias by using the <code>Get()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_CERT_TEST";
+
+try
+{
+ Certificate cert = CertificateManager.Get(alias, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Get the entire list of certificate aliases the client has access to by using the <code>GetAliases()</code> method:
+<pre class="prettyprint">
+try
+{
+ IEnumerable<string> aliases = CertificateManager.GetAliases();
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Remove the certificate using the <code>RemoveAlias()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_CERT_TEST";
+
+try
+{
+ CertificateManager.RemoveAlias(alias);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+<h2 id="save_get_remove_data">Saving, Getting, or Removing Data</h2>
+<p>To store, retrieve, or remove a client's data from the key manager:</p>
+
+<ul>
+ <li>Save new data using the <code>Save()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1DataManager.html">Tizen.Security.SecureRepository.DataManager</a> class:
+<pre class="prettyprint">
+using System;
+
+string alias = "C#API_DATA_TEST";
+byte[] bin = new byte[16];
+Random rnd = new Random();
+rnd.NextBytes(bin);
+
+Key keyAes = new Key(bin, KeyType.Aes, null);
+
+try
+{
+ DataManager.Save(alias, bin, new Policy());
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Get a specific item of data with a given alias by using the <code>Get()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_KEY_TEST";
+
+try
+{
+ byte[] data = DataManager.Get(alias, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Get the entire list of data aliases the client has access to by using the <code>GetAliases()</code> method:
+<pre class="prettyprint">
+try
+{
+ IEnumerable<string> aliases = DataManager.GetAliases();
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Remove the item of data using the <code>RemoveAlias()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_KEY_TEST";
+
+try
+{
+ DataManager.RemoveAlias(alias);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+<h2 id="creating_keys">Creating Keys</h2>
+<p>You can create 4 kinds of keys or key pairs with the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1KeyManager.html">Tizen.Security.SecureRepository.KeyManager</a> class: RSA, ECDSA, DSA, and AES.</p>
+<p>To create keys:</p>
+<ul>
+ <li>Create an RSA key pair using the <code>CreateRsaKeyPair()</code> method:
+<pre class="prettyprint">
+string aliasPrivate = "C#API_KEY_PRIVATE";
+string aliasPublic = "C#API_KEY_PUBLIC";
+int size = 2048;
+
+try
+{
+ KeyManager.CreateRsaKeyPair(size, aliasPrivate, aliasPublic, new Policy(), new Policy());
+ Key keyPrivate = KeyManager.Get(aliasPrivate, null);
+ Key keyPublic = KeyManager.Get(aliasPublic, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Create an ECDSA key pair using the <code>CreateEcdsaKeyPair()</code> method:
+<pre class="prettyprint">
+string aliasPrivate = "C#API_KEY_PRIVATE";
+string aliasPublic = "C#API_KEY_PUBLIC";
+EllipticCurveType type = EllipticCurveType.Prime256V1;
+
+try
+{
+ KeyManager.CreateEcdsaKeyPair(type, aliasPrivate, aliasPublic, new Policy(), new Policy());
+ Key keyPrivate = KeyManager.Get(aliasPrivate, null);
+ Key keyPublic = KeyManager.Get(aliasPublic, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Create an DSA key pair using the <code>CreateDsaKeyPair()</code> method:
+<pre class="prettyprint">
+string aliasPrivate = "C#API_KEY_PRIVATE";
+string aliasPublic = "C#API_KEY_PUBLIC";
+int size = 2048;
+
+try
+{
+ KeyManager.CreateDsaKeyPair(size, aliasPrivate, aliasPublic, new Policy(), new Policy());
+ Key keyPrivate = KeyManager.Get(aliasPrivate, null);
+ Key keyPublic = KeyManager.Get(aliasPublic, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Create an AES key by using the <code>CreateAesKey()</code> method:
+<pre class="prettyprint">
+string alias = "C#API_KEY_TEST";
+
+try
+{
+ KeyManager.CreateAesKey(128, alias, new Policy());
+ Key key = KeyManager.Get(alias, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+
+<h2 id="create_verify_sigs">Creating and Verifying Signatures</h2>
+<p>To create and verify a signature:</p>
+<ol>
+ <li>Create an RSA key pair with the <code>CreateRsaKeyPair()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1KeyManager.html">Tizen.Security.SecureRepository.KeyManager</a> class:
+<pre class="prettyprint">
+string aliasPrivate = "C#API_KEY_PRIVATE";
+string aliasPublic = "C#API_KEY_PUBLIC";
+int size = 2048;
+
+try
+{
+ KeyManager.CreateRsaKeyPair(size, aliasPrivate, aliasPublic, new Policy(), new Policy());
+ Key keyPrivate = KeyManager.Get(aliasPrivate, null);
+ Key keyPublic = KeyManager.Get(aliasPublic, null);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Create the signature as a new instance of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1Crypto_1_1Signature.html">Tizen.Security.SecureRepository.Crypto.Signature</a> class:
+<pre class="prettyprint">
+using System;
+
+byte[] message = new byte[16];
+Random rnd = new Random();
+rnd.NextBytes(message);
+
+string aliasPrivate = "C#API_KEY_PRIVATE";
+string aliasPublic = "C#API_KEY_PUBLIC";
+
+try
+{
+ SecureRepository.Crypto.RsaSignatureParameters rsaParam = new SecureRepository.Crypto.RsaSignatureParameters();
+ rsaParam.HashAlgorithm = SecureRepository.Crypto.HashAlgorithm.Sha256;
+ rsaParam.RsaPadding = SecureRepository.Crypto.RsaPaddingAlgorithm.Pkcs1;
+
+ var signature = new SecureRepository.Crypto.Signature(rsaParam);
+</pre>
+ </li>
+ <li>Sign the message with the <code>Sign()</code> method of the <code>Tizen.Security.SecureRepository.Crypto.Signature</code> class:
+<pre class="prettyprint">
+ var sig = signature.Sign(aliasPrivate, null, message);
+</pre>
+ </li>
+ <li>Verify the signature with the <code>Verify()</code> method of the <code>Tizen.Security.SecureRepository.Crypto.Signature</code> class:
+<pre class="prettyprint">
+ bool valid = signature.Verify(aliasPublic, null, message, sig);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ol>
+
+<h2 id="cert_chain">Verifying and Returning a Certificate Chain</h2>
+<p>The certificate manager verifies a certificate chain and returns it. The trusted root certificate of the chain must exist in the system certificate storage or be specified in the parameters.</p>
+<p>To handle certificate chains:</p>
+<ul>
+ <li>Verify and return a certificate chain using the <code>GetCertificateChain()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1CertificateManager.html">Tizen.Security.SecureRepository.CertificateManager</a> class:
+<pre class="prettyprint">
+string certPath = "/tmp/ckmc_leaf_cert.pem";
+string certIntermediatePath = "/tmp/ckmc_intermediate_cert.pem";
+
+try
+{
+ var certLeaf = Certificate.Load(certPath);
+ var certIntermediate = Certificate.Load(certIntermediatePath);
+ var untrustedCerts = new List<Certificate>();
+ untrustedCerts.Add(certIntermediate);
+ var certChain = CertificateManager.GetCertificateChain(certLeaf, untrustedCerts);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Verify and return a certificate chain using trusted CA certificates in exactly the same way, by passing the additional list of trusted certificates to the <code>GetCertificateChain()</code> method as a parameter:
+<pre class="prettyprint">
+string certPath = "/tmp/ckmc_leaf_cert.pem";
+string certIntermediatePath = "/tmp/ckmc_intermediate_cert.pem";
+string certRootPath = "/tmp/ckmc_root_cert.pem";
+
+try
+{
+ var certLeaf = Certificate.Load(certPath);
+ var certIntermediate = Certificate.Load(certIntermediatePath);
+ var certRoot = Certificate.Load(certRootPath);
+
+ var untrustedCerts = new List<Certificate>();
+ untrustedCerts.Add(certIntermediate);
+ var trustedCerts = new List<Certificate>();
+ trustedCerts.Add(certRoot);
+
+ var certChain = CertificateManager.GetCertificateChain(certLeaf, untrustedCerts, trustedCerts, false);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+<h2 id="load_file">Loading a Certificate File or a PKCS#12 File</h2>
+<p>You can load a certificate from a file in the DER or PEM formats. The secure repository can also load a private key, certificate, or chain of CA certificates from a PKCS#12 file.</p>
+<p>To load files:</p>
+<ul>
+ <li>Load a certificate from an external file with the <code>Load()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1Certificate.html">Tizen.Security.SecureRepository.Certificate</a> class:
+<pre class="prettyprint">
+string certPath = "/tmp/ckmc_test_cert.pem";
+
+try
+{
+ Certificate cert = Certificate.Load(certPath);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Load keys, certificates, or certificate chains from a PKCS#12 file by using the <code>Load()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1Pkcs12.html">Tizen.Security.SecureRepository.Pkcs12</a> class:
+<pre class="prettyprint">
+string p12Path = "/tmp/ckmc_test_pkcs.p12";
+string p12Pass = "password";
+
+try
+{
+ Pkcs12 p12 = Pkcs12.Load(p12Path, p12Pass);
+
+ Key privateKey = p12.PrivateKey;
+ Certificate cert = p12.Certificate;
+ IEnumerable<Certificate> caChain = p12.CaChain;
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+</ul>
+
+
+<h2 id="access_control">Implementing Access Control</h2>
+<p>Each client can adjust access control rules for their own data, certificates, and keys.</p>
+<p>To implement access control rules:</p>
+
+<ol>
+ <li>Store the data for which you want to define access control rules by using the <code>Save()</code> method of the <a href="">Tizen.Security.SecureRepository.DataManager</a> class:
+<pre class="prettyprint">
+using System;
+using System.Text;
+
+string alias = "C#API_DATA_TEST";
+byte[] data = new byte[16];
+Random rnd = new Random();
+rnd.NextBytes(data);
+
+try
+{
+ DataManager.Save(alias, data, new Policy());
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Set access control rules:
+ <ul>
+ <li>Set a rule for a client application with the "other_package_id" package ID to give it permission to read or remove the data. Use the <code>SetPermission()</code> method of the <a href="https://developer.tizen.org/dev-guide/csapi/classTizen_1_1Security_1_1SecureRepository_1_1Manager.html">Tizen.Security.SecureRepository.Manager</a> class, and define the permissions in the third parameter by using the <a href="https://developer.tizen.org/dev-guide/csapi/namespaceTizen_1_1Security_1_1SecureRepository.html#a7b6d45c4d50c65f74aa95f01ee754483">Tizen.Security.SecureRepository.Permission</a> enumeration values:
+<pre class="prettyprint">
+try
+{
+ Manager.SetPermission(alias, "other_package_id", (int) Permission.Read | (int) Permission.Remove);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre>
+ </li>
+ <li>Set a rule for the same client application as above to deny it permission to access the data. In the<code>SetPermission()</code> method, set the third parameter to <code>None</code>:
+<pre class="prettyprint">
+try
+{
+ Manager.SetPermission(alias, "other_package_id", (int) Permission.None);
+}
+catch (Exception e)
+{
+ /// Error handling
+}
+</pre></li></ul>
+ </li>
+</ol>
+
+<script type="text/javascript" src="../../scripts/jquery.zclip.min.js"></script>
+<script type="text/javascript" src="../../scripts/showhide.js"></script>
+</div></div></div>
+
+<a class="top sms" href="#"><img src="../../images/btn_top.gif" alt="Go to top" /></a>
+
+<div id="footer">
+<p class="footer">Except as noted, this content - excluding the Code Examples - is licensed under <a href="http://creativecommons.org/licenses/by/3.0/legalcode" target="_blank">Creative Commons Attribution 3.0</a> and all of the Code Examples contained herein are licensed under <a href="https://www.tizen.org/bsd-3-clause-license" target="_blank">BSD-3-Clause</a>.<br/>For details, see the <a href="https://www.tizen.org/content-license" target="_blank">Content License</a>.</p>
+</div>
+
+<script type="text/javascript">
+var _gaq = _gaq || [];
+_gaq.push(['_setAccount', 'UA-25976949-1']);
+_gaq.push(['_trackPageview']);
+(function() {
+var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+})();
+</script>
+
+</body>
+</html>