Namespace Tizen.Security.SecureRepository

Description

Secure Repository function is provided by key-manager module in Tizen. The key manager provides a secure repository for keys, certificates, and sensitive data related to users and their password-protected APPs. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing the key values to clients.

Overview

Secure Repository stores keys, certificates, and sensitive user data in a central secure repository. The central secure repository is protected by a password.

Data Store Policy

A client can specify simple access rules when storing data in the key manager:

  • Extractable or non-extractable
    • Only for data tagged as extractable, the key manager returns the raw value of the data.
    • If data is tagged as non-extractable, the key manager does not return its raw value. In that case, the key manager provides secure cryptographic operations for non-exportable keys without revealing the key values to the clients.
  • Per key password
    • All data in the key manager is protected by a user password.
    • A client can encrypt its data using their own password additionally.
    • If a client provides a password when storing data, the data is encrypted with the password. This password must be provided when getting the data from the key manager.

Data Access Control

  • By default, only the owner of a data can access to the data.
  • If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB.
  • When an application is deleted, the data and access control information granted by the application are also removed.

Alias Format

  • The format of alias is "package_id name" and the name should not contain any white space characters.
  • If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
  • The client can specify only its own pacakge id in the alias when storing a key, certificate, or data.
  • A client should specify the pacakge id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
  • Aliases are returned from the key-manager as the format of package_id name.

Classes

Certificate

The class that represents a certificate.

CertificateManager

This class provides the methods handling certificates.

DataManager

This class provides the methods for storing and retrieving data.

Key

The class that represents a key.

KeyManager

This class provides the methods for storing, retrieving, and creating keys.

Manager

This class is a base class of the XxxManager classes. It provides the common methods for all sub classes.

Pkcs12

The class that represents a PKCS#12 contents. It has a private key or its certificate or all the members of a chain of trust.

Pkcs12Manager

This class provides the methods for storing and retrieving the Pkcs12 contents.

Policy

A class for a policy for storing key, certificate, and binary data.

Enums

DataFormat

Enumeration for data format.

EllipticCurveType

Enumeration for the elliptic curve.

KeyType

Enumeration for key types of key manager.

OcspStatus

Enumeration for the OCSP status.

Permission

Enumeration for permissions to access/modify alias.