|
||
Note: The strong cryptography API guide is not publically available.
Cryptography is the basis of the Symbian OS Security system. It is used by many components, including: Certman (Certificate Management), Software Installation, Secure Communication Protocols (e.g., SSL, TLS, IPSEC), and WTLS.
Before Symbian OS v9.5, cryptographic algorithms,
hash algorithms and
random number generation were
implemented by Symbian (in cryptography.dll
, hash.dll
and random.dll
). In v9.5 a framework called CryptoSPI
(cryptospi.dll
) was introduced, which allows alternative
implementations to be added by Symbian OS licensees, as plugin DLLs. Symbian's
legacy implementations and APIs were retained, so that existing code does not
need to be modified or recompiled.
The guide to CryptoSPI is not publically available, but the following documents show how to use CryptoSPI to generate random numbers and create a hash:
These algorithms allow data to be encrypted and decrypted, they include:
Symmetric ciphers — algorithms that require communicating parties to hold a shared secret. They are fast and used for the transmission of bulk data.
Asymmetric ciphers — algorithms which have two keys, one private to the keys' owner and one which can be published. They are slow compared to symmetric ciphers and are used to exchange a symmetric key before transmission of data encrypted using that key.
Until v9.5, the classes implementing the symmetric and asymmetric
ciphers were provided in cryptography.dll
.
Hash algorithms compact a message down to a short series of bytes from which it is impossible to regenerate the message. They are used with an asymmetric cipher to generate signatures.
Until v9.5, the classes implementing the hash algorithms were
provided in hash.dll
.
RNG is the basis for the cryptographic key generation, it uses the RANROT algorithm seeded by random data available on the target hardware (e.g. free running counters available on ARM processers).
Until v9.5, the random number library was provided by
random.dll
.
Password Based Encryption (PBE) — provides an API to encrypt and decrypt data with a user-supplied password
Until v9.5, the classes implementing PBE (e.g., for secure stream
encryption) were provided in pbe.dll
.
Padding — is extra bits concatenated with a key, password, or plaintext to make their length equal to the block size. It defines the way blocks are filled with data when the data to be encrypted is smaller than the block size. Padding is added at encryption and checked on decryption.
Big integers — arbitrarily large integers.
Note that although some functions are exported, the intent is
that big integers are only for use by the Cryptography library and not by
application code. Big integers are implemented in
cryptography.dll
.