Cryptography overview

Note: The strong cryptography API guide is not publically available.

Cryptography is the basis of the Symbian OS Security system. It is used by many components, including: Certman (Certificate Management), Software Installation, Secure Communication Protocols (e.g., SSL, TLS, IPSEC), and WTLS.

Before Symbian OS v9.5, cryptographic algorithms, hash algorithms and random number generation were implemented by Symbian (in cryptography.dll, hash.dll and random.dll). In v9.5 a framework called CryptoSPI (cryptospi.dll) was introduced, which allows alternative implementations to be added by Symbian OS licensees, as plugin DLLs. Symbian's legacy implementations and APIs were retained, so that existing code does not need to be modified or recompiled.

The guide to CryptoSPI is not publically available, but the following documents show how to use CryptoSPI to generate random numbers and create a hash:

• Generating random bytes

• Creating a hash value for a small data file

• Creating a HMAC hash value for a large data file (incremental method).

These algorithms allow data to be encrypted and decrypted, they include:

• Symmetric ciphers — algorithms that require communicating parties to hold a shared secret. They are fast and used for the transmission of bulk data.

• Asymmetric ciphers — algorithms which have two keys, one private to the keys' owner and one which can be published. They are slow compared to symmetric ciphers and are used to exchange a symmetric key before transmission of data encrypted using that key.

Until v9.5, the classes implementing the symmetric and asymmetric ciphers were provided in cryptography.dll.

Hash algorithms compact a message down to a short series of bytes from which it is impossible to regenerate the message. They are used with an asymmetric cipher to generate signatures.

Until v9.5, the classes implementing the hash algorithms were provided in hash.dll.

RNG is the basis for the cryptographic key generation, it uses the RANROT algorithm seeded by random data available on the target hardware (e.g. free running counters available on ARM processers).

Until v9.5, the random number library was provided by random.dll.

• Password Based Encryption (PBE) — provides an API to encrypt and decrypt data with a user-supplied password

  Until v9.5, the classes implementing PBE (e.g., for secure stream encryption) were provided in pbe.dll.

• Padding — is extra bits concatenated with a key, password, or plaintext to make their length equal to the block size. It defines the way blocks are filled with data when the data to be encrypted is smaller than the block size. Padding is added at encryption and checked on decryption.

• Big integers — arbitrarily large integers.

  Note that although some functions are exported, the intent is that big integers are only for use by the Cryptography library and not by application code. Big integers are implemented in cryptography.dll.