Tizen Native API
Key Manager Client

It provides APIs accessing on the secure repository and additional secure cryptographic operations.

Required Header

#include <ckmc/ckmc-manager.h>

Overview

It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.

Functions

int ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
 Stores a key inside key manager based on the provided policy.
int ckmc_remove_key (const char *alias)
 Removes a key from key manager.
int ckmc_get_key (const char *alias, const char *password, ckmc_key_s **ppkey)
 Gets a key from key manager.
int ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list)
 Gets all the alias of keys that the client can access.
int ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
 Stores a certificate inside key manager based on the provided policy.
int ckmc_remove_cert (const char *alias)
 Removes a certificate from key manager.
int ckmc_get_cert (const char *alias, const char *password, ckmc_cert_s **ppcert)
 Gets a certificate from key manager.
int ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list)
 Gets all alias of certificates which the client can access.
int ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
 Stores a data inside key manager based on the provided policy.
int ckmc_remove_data (const char *alias)
 Removes a data from key manager.
int ckmc_get_data (const char *alias, const char *password, ckmc_raw_buffer_s **ppdata)
 Gets a data from key manager.
int ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list)
 Gets all alias of data which the client can access.
int ckmc_create_key_pair_rsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
 Creates RSA private/public key pair and stores them inside key manager based on each policy.
int ckmc_create_key_pair_dsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
 Creates DSA private/public key pair and stores them inside key manager based on each policy.
int ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key)
 Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
int ckmc_create_signature (const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature)
 Creates a signature on a given message using a private key and returns the signature.
int ckmc_verify_signature (const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding)
 Verifies a given signature on a given message using a public key and returns the signature status.
int ckmc_get_cert_chain (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list)
 Verifies a certificate chain and returns that chain.
int ckmc_get_cert_chain_with_alias (const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list)
 Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
int ckmc_allow_access (const char *alias, const char *accessor, ckmc_access_right_e granted)
 Allows another application to access client's application data.
int ckmc_deny_access (const char *alias, const char *accessor)
 Revokes another application's access to client's application data.

Function Documentation

int ckmc_allow_access ( const char *  alias,
const char *  accessor,
ckmc_access_right_e  granted 
)

Allows another application to access client's application data.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
Data identified by alias should exist
Parameters:
[in]aliasData alias for which access will be granted
[in]accessorPackage id of the application that will gain access rights
[in]grantedRights granted for accessor application
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_deny_access()
int ckmc_create_key_pair_dsa ( const size_t  size,
const char *  private_key_alias,
const char *  public_key_alias,
const ckmc_policy_s  policy_private_key,
const ckmc_policy_s  policy_public_key 
)

Creates DSA private/public key pair and stores them inside key manager based on each policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
If password in policy is provided, the key is additionally encrypted with the password in policy.
Parameters:
[in]sizeThe size of key strength to be created
1024, 2048, 3072 and 4096 are supported.
[in]private_key_aliasThe name of private key to be stored
[in]public_key_aliasThe name of public key to be stored
[in]policy_private_keyThe policy about how to store a private key securely
[in]policy_public_keyThe policy about how to store a public key securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_DB_ERRORFailed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_create_key_pair_rsa()
ckmc_create_key_pair_ecdsa()
ckmc_create_signature()
ckmc_verify_signature()
int ckmc_create_key_pair_ecdsa ( const ckmc_ec_type_e  type,
const char *  private_key_alias,
const char *  public_key_alias,
const ckmc_policy_s  policy_private_key,
const ckmc_policy_s  policy_public_key 
)

Creates ECDSA private/public key pair and stores them inside key manager based on each policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
If password in policy is provided, the key is additionally encrypted with the password in policy.
Parameters:
[in]typeThe type of elliptic curve of ECDSA
[in]private_key_aliasThe name of private key to be stored
[in]public_key_aliasThe name of public key to be stored
[in]policy_private_keyThe policy about how to store a private key securely
[in]policy_public_keyThe policy about how to store a public key securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_DB_ERRORFailed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_create_key_pair_rsa()
ckmc_create_key_pair_dsa()
ckmc_create_signature()
ckmc_verify_signature()
ckmc_ec_type_e
int ckmc_create_key_pair_rsa ( const size_t  size,
const char *  private_key_alias,
const char *  public_key_alias,
const ckmc_policy_s  policy_private_key,
const ckmc_policy_s  policy_public_key 
)

Creates RSA private/public key pair and stores them inside key manager based on each policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
If password in policy is provided, the key is additionally encrypted with the password in policy.
Parameters:
[in]sizeThe size of key strength to be created
1024, 2048, and 4096 are supported.
[in]private_key_aliasThe name of private key to be stored
[in]public_key_aliasThe name of public key to be stored
[in]policy_private_keyThe policy about how to store a private key securely
[in]policy_public_keyThe policy about how to store a public key securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_DB_ERRORFailed due to other DB transaction unexpectedly
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_create_key_pair_dsa()
ckmc_create_key_pair_ecdsa()
ckmc_create_signature()
ckmc_verify_signature()
int ckmc_create_signature ( const char *  private_key_alias,
const char *  password,
const ckmc_raw_buffer_s  message,
const ckmc_hash_algo_e  hash,
const ckmc_rsa_padding_algo_e  padding,
ckmc_raw_buffer_s **  ppsignature 
)

Creates a signature on a given message using a private key and returns the signature.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
If password of policy is provided during storing a key, the same password should be provided.
You must destroy the newly created ppsignature by calling ckmc_buffer_free() if it is no longer needed.
Parameters:
[in]private_key_aliasThe name of private key
[in]passwordThe password used in decrypting a private key value
[in]messageThe message that is signed with a private key
[in]hashThe hash algorithm used in creating signature
[in]paddingThe RSA padding algorithm used in creating signature
It is used only when the signature algorithm is RSA.
[out]ppsignatureThe pointer to a newly created signature
If an error occurs, *ppsignature will be null.
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_create_key_pair_rsa()
ckmc_create_key_pair_ecdsa()
ckmc_verify_signature()
ckmc_buffer_free()
ckmc_hash_algo_e
ckmc_rsa_padding_algo_e
int ckmc_deny_access ( const char *  alias,
const char *  accessor 
)

Revokes another application's access to client's application data.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
Data identified by alias should exist
Only access previously granted with ckmc_allow_access can be revoked.
Parameters:
[in]aliasData alias for which access will be revoked
[in]accessorPackage id of the application that will lose access rights
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid or the accessor doesn't have access to alias
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_allow_access()
int ckmc_get_cert ( const char *  alias,
const char *  password,
ckmc_cert_s **  ppcert 
)

Gets a certificate from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only certificate stored by the client.
A DER encoded certificate will be returned as a return value.
You must destroy the newly created ppcert by calling ckmc_cert_free() if it is no longer needed.
Parameters:
[in]aliasThe name of a certificate to retrieve
[in]passwordThe password used in decrypting a certificate value
If password of policy is provided in ckmc_save_cert(), the same password should be provided.
[out]ppcertThe pointer to a newly created ckmc_cert_s handle
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exists
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_cert()
ckmc_remove_cert()
ckmc_get_cert_alias_list()
int ckmc_get_cert_alias_list ( ckmc_alias_list_s **  ppalias_list)

Gets all alias of certificates which the client can access.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only data stored by the client.
You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
Parameters:
[out]ppalias_listThe pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_cert()
ckmc_remove_cert()
ckmc_get_cert()
int ckmc_get_cert_chain ( const ckmc_cert_s cert,
const ckmc_cert_list_s untrustedcerts,
ckmc_cert_list_s **  ppcert_chain_list 
)

Verifies a certificate chain and returns that chain.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
The trusted root certificate of the chain should exist in the system's certificate storage.
You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
Parameters:
[in]certThe certificate to be verified
[in]untrustedcertsThe untrusted CA certificates to be used in verifying a certificate chain
[out]ppcert_chain_listThe pointer to a newly created certificate chain's handle
If an error occurs, *ppcert_chain_list will be null.
Returns:
0 on success and the signature is valid, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_VERIFICATION_FAILEDThe certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_INVALID_FORMATThe format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_get_cert_chain_with_alias())
ckmc_cert_list_all_free()
int ckmc_get_cert_chain_with_alias ( const ckmc_cert_s cert,
const ckmc_alias_list_s untrustedcerts,
ckmc_cert_list_s **  ppcert_chain_list 
)

Verifies a certificate chain using an alias list of untrusted certificates and return that chain.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
The trusted root certificate of the chain should exist in the system's certificate storage.
You must destroy the newly created ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
Parameters:
[in]certThe certificate to be verified
[in]untrustedcertsThe alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
[out]ppcert_chain_listThe pointer to a newly created certificate chain's handle
If an error occurs, *ppcert_chain_list will be null.
Returns:
0 on success and the signature is valid, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_VERIFICATION_FAILEDThe certificate chain is not valid
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_INVALID_FORMATThe format of certificate is not valid
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDSome certificates were encrypted with password and could not be used.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_get_cert_chain()
ckmc_cert_list_all_free()
int ckmc_get_data ( const char *  alias,
const char *  password,
ckmc_raw_buffer_s **  ppdata 
)

Gets a data from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only data stored by the client.
You must destroy the newly created ppdata by calling ckmc_buffer_free() if it is no longer needed.
Parameters:
[in]aliasThe name of a data to retrieve
[in]passwordThe password used in decrypting a data value
If password of policy is provided in ckmc_save_data(), the same password should be provided.
[out]ppdataThe pointer to a newly created ckmc_raw_buffer_s handle
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_data()
ckmc_remove_data()
ckmc_get_data_alias_list()
int ckmc_get_data_alias_list ( ckmc_alias_list_s **  ppalias_list)

Gets all alias of data which the client can access.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only data stored by the client.
You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
Parameters:
[out]ppalias_listThe pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_data()
ckmc_remove_data()
ckmc_get_data()
int ckmc_get_key ( const char *  alias,
const char *  password,
ckmc_key_s **  ppkey 
)

Gets a key from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only data stored by the client.
You must destroy the newly created ppkey by calling ckmc_key_free() if it is no longer needed.
Parameters:
[in]aliasThe name of a key to retrieve
[in]passwordThe password used in decrypting a key value
If password of policy is provided in ckmc_save_key(), the same password should be provided.
[out]ppkeyThe pointer to a newly created ckmc_key_s handle
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_key()
ckmc_remove_key()
ckmc_get_key_alias_list()
int ckmc_get_key_alias_list ( ckmc_alias_list_s **  ppalias_list)

Gets all the alias of keys that the client can access.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
A client can access only data stored by the client.
You must destroy the newly created ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
Parameters:
[out]ppalias_listThe pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys
If there is no available key alias, *ppalias_list will be null.
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_key()
ckmc_remove_key()
ckmc_get_key()
int ckmc_remove_cert ( const char *  alias)

Removes a certificate from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
To remove certificate, client must have remove permission to the specified certificate.
The key owner can remove by default.
Parameters:
[in]aliasThe name of a certificate to be removed
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_cert()
ckmc_get_cert()
ckmc_get_cert_alias_list()
int ckmc_remove_data ( const char *  alias)

Removes a data from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
To remove data, client must have remove permission to the specified data object.
The data owner can remove by default.
Parameters:
[in]aliasThe name of a data to be removed
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_data()
ckmc_get_data()
ckmc_get_data_alias_list()
int ckmc_remove_key ( const char *  alias)

Removes a key from key manager.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
To remove key, client must have remove permission to the specified key.
The key owner can remove by default.
Parameters:
[in]aliasThe name of a key to be removed
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_save_key()
ckmc_get_key()
ckmc_get_key_alias_list()
int ckmc_save_cert ( const char *  alias,
const ckmc_cert_s  cert,
const ckmc_policy_s  policy 
)

Stores a certificate inside key manager based on the provided policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
the certificate's binary value will be converted and saved as binary DER encoded certificates.
Parameters:
[in]aliasThe name of a certificate to be stored
[in]certThe certificate's binary value to be stored
[in]policyThe policy about how to store a certificate securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_INVALID_FORMATThe format of raw_cert is not valid
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_remove_cert()
ckmc_get_cert()
ckmc_get_cert_alias_list()
ckmc_cert_s
ckmc_policy_s
int ckmc_save_data ( const char *  alias,
ckmc_raw_buffer_s  data,
const ckmc_policy_s  policy 
)

Stores a data inside key manager based on the provided policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Parameters:
[in]aliasThe name of a data to be stored
[in]dataThe binary value to be stored
[in]policyThe policy about how to store a data securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_remove_data()
ckmc_get_data()
ckmc_get_data_alias_list()
ckmc_raw_buffer_s
ckmc_policy_s
int ckmc_save_key ( const char *  alias,
const ckmc_key_s  key,
const ckmc_policy_s  policy 
)

Stores a key inside key manager based on the provided policy.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
Currently only six types of keys are supported for this API. These are RSA public/private key, DSA public/private key and ECDSA public/private key.
key_type in key may be set to CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the ckmc_key_s structure.
If password in policy is provided, the key is additionally encrypted with the password in policy.
Parameters:
[in]aliasThe name of a key to be stored
[in]keyThe key's binary value to be stored
[in]policyThe policy about how to store a key securely
Returns:
0 on success, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_EXISTSAlias already exists
CKMC_ERROR_INVALID_FORMATThe format of raw_key is not valid
CKMC_ERROR_DB_ERRORFailed due to a database error
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_remove_key()
ckmc_get_key()
ckmc_get_key_alias_list()
ckmc_key_s
ckmc_policy_s
int ckmc_verify_signature ( const char *  public_key_alias,
const char *  password,
const ckmc_raw_buffer_s  message,
const ckmc_raw_buffer_s  signature,
const ckmc_hash_algo_e  hash,
const ckmc_rsa_padding_algo_e  padding 
)

Verifies a given signature on a given message using a public key and returns the signature status.

Since :
2.3.1
Privilege Level:
public
Privilege:
http://tizen.org/privilege/keymanager
Remarks:
If password of policy is provided during storing a key, the same password should be provided.
Parameters:
[in]public_key_aliasThe name of public key
[in]passwordThe password used in decrypting a public key value
[in]messageThe input on which the signature is created
[in]signatureThe signature that is verified with public key
[in]hashThe hash algorithm used in verifying signature
[in]paddingThe RSA padding algorithm used in verifying signature
It is used only when the signature algorithm is RSA.
Returns:
0 on success and the signature is valid, otherwise a negative error value
Return values:
CKMC_ERROR_NONESuccessful
CKMC_ERROR_VERIFICATION_FAILEDThe signature is invalid
CKMC_ERROR_INVALID_PARAMETERInput parameter is invalid
CKMC_ERROR_DB_LOCKEDA user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ERRORFailed due to the error with unknown reason
CKMC_ERROR_DB_ALIAS_UNKNOWNAlias does not exist
CKMC_ERROR_PERMISSION_DENIEDFailed to access key manager
CKMC_ERROR_AUTHENTICATION_FAILEDDecryption failed because password is incorrect.
Precondition:
User is already logged in and the user key is already loaded into memory in plain text form.
See also:
ckmc_create_key_pair_rsa()
ckmc_create_key_pair_ecdsa()
ckmc_verify_signature()
ckmc_hash_algo_e
ckmc_rsa_padding_algo_e