Setting Use Policies

A use policy denotes the security check required to use the key. The use policy associated with the key is of type TSecurityPolicy. The policy can be set to check capabilities or the Secure ID associated with the calling process. The calling process should have a WriteUserData capability.

The following steps explain the process of setting a use policy for a key:

  1. Create a file system session using an RFs object.

  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC().

  3. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize().

  4. List all keys in the keystore using the CUnifiedKeyStore::List() function. Retrieve the handle of the key for which the use policy needs to be set.

  5. Set the use policy for the key using the CUnifiedKeyStore::SetUsePolicy() function.

Use policy is set for the selected key.

Example

The following code snippet shows how to set use policy for a key.

// Create a file system session object
RFs iFs;
CleanupClosePushL(&iFs);


...


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


...



// Retrieve the handle of the key for which use policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set use policy operation
keyStore->List(iKeys, filter, iStatus);


...



// Retrieve the key handle of the appropriate key
_LIT(KLabel,”keylabel”);

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
    {
    if (iKeys[j]->Label() == KLabel) 
        {
        keyIndex = j;
        break;
        }
    }


...



// Set the use policy

TSecurityPolicy usePolicy;
TUint secureId = 0x101FFFFF;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

usePolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetUsePolicy(*iKeys, usePolicy, iStatus);


// Clean up
CleanupStack::PopAndDestroy(); // iFs