|
||
The Crypto component (crypto.dll
) is provided for general use in certificate management: any certificate specification will use some or all of its functionality.
Elements of a certificate which are common across different certificate formats are implemented in this DLL as a set of abstract
base classes. Thus DLLs implementing a particular certificate specification such as X.509 or WTLS (i.e. X509.dll
, WTLSCert.dll
) are expected to link to this DLL and derive its own specific classes from these, as well as adding any classes which only
exist in that specification (X.509 extensions for example).
Classes defined here are agnostic about the particular encoding scheme used for objects so do not include any constructors for initialisation from binary data. So derived classes for a given specification will add constructors to initialise the objects from encoded binary data.
This DLL also helps localise the interface between certificate management and the cryptographic algorithms supporting it.
It is called crypto.dll
rather than cert.dll
because its role expands beyond certificates.
Public classes are defined in the header file signed.h
. Of the classes defined there, the following are intended for direct use by client code:
TAlgorithmId
— an enumeration of the asymmetric and digest algorithms supported.
CValidityPeriod
— consists of a start time and an end time, with accessors for each.
CAlgorithmIdentifier
— includes the TAlgorithmId
for the algorithm and the parameters in their encoded form. Also implements an equality operator.
CSigningAlgorithmIdentifier
— consists of two CAlgorithmIdentifier
classes, one for the digest algorithm and one for the asymmetric algorithm. Also implements an equality operator.
CSubjectPublicKeyInfo
— consists of an algorithm identifier and the encoded key.
CSignedObject
— this class implements a function to verify its signature given an encoded key. It also implements an ExternalizeL
function which simply streams out the encoding of the entire object which enables the fingerprint (and the signed data)
to be regenerated on restoring. Accessors are provided to return pointer descriptors to the encoding of the signed data,
the encoding of the signature, the fingerprint and the signing algorithm used. The fingerprint returned is the MD5 hash of
the encoding of the entire object.
CCertificate
— this is a subclass of CSignedObject
. It adds a serial number, validity period and subject public key along with corresponding accessors.