Finding Keys

You can find a specific set of keys using the unified keystore. This section explains the process of finding keys.

The unified keystore allows you to search all keys on a device regardless of which keystore they are in.

You can specify a filter object that determines which keys are returned. The criteria by which you can filter the keys are as follows:
Filter Criteria Description
The key identifier Used when searching for a particular key.
The key usage Used when searching for a key usage, for example encryption.
The key owner UID Used when searching for a key owner.

Applications must use this to prevent them seeing insecure keys that might have been added by a malicious application.

The key algorithm Used when searching for a particular key algorithm, for example RSA.

The following steps explain the process of finding keys in a keystore:

  1. Create a file system session using an RFs object.
  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC().
  3. Initialize the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize().
  4. Specify a filter object corresponding to the type of keys that are to be returned.
  5. Use the CUnifiedKeyStore::List() function to list the filtered keys.

Keys are listed based on the specified filter criteria.

Example

The following code snippet shows how to set a file system session object, initialize the keystore and its member functions, specify filter criteria for the types of keys to be listed, and then list the specific set of keys.



//Create a file system session object
RFs iFs;
CleanupClosePushL(&iFs);


//Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(iFs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


//Specify the filter criteria
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the keys found
TCTKeyAttributeFilter filter;
filter.iOwner = KApplicationUID; // The UID of the key owner application
filter.iUsage = EPKCS15UsageSign;    
filter.iKeyAlgorithm = CCTKeyInfo::EDSA;


//List keys based on specified filter criteria
iKeyStore->List(iKeys, filter, iStatus);


//Clean up
CleanupStack::PopAndDestroy(); // iFs

Related concepts