The packet signing interface. More...

#include <key-chain.hpp>

Inheritance diagram for ndn::security::v1::KeyChain:

Collaboration diagram for ndn::security::v1::KeyChain:

Data Structures
class	Error

class	MismatchError
	Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored in PIB. More...

Public Types
typedef function< unique_ptr< SecPublicInfo >const std::string &)>	PibCreateFunc

typedef function< unique_ptr< SecTpm >const std::string &)>	TpmCreateFunc

typedef std::map< std::string, Block >	SignParams

Public Member Functions
	KeyChain ()
	Constructor to create KeyChain with default PIB and TPM. More...

	KeyChain (const std::string &pibLocator, const std::string &tpmLocator, bool allowReset=false)
	KeyChain constructor. More...

virtual	~KeyChain ()

Name	createIdentity (const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
	Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...

Name	generateRsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
	Generate a pair of RSA keys for the specified identity. More...

Name	generateEcKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
	Generate a pair of EC keys for the specified identity. More...

Name	generateRsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
	Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More...

Name	generateEcKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
	Generate a pair of EC keys for the specified identity and set it as default key for the identity. More...

shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
	prepare an unsigned identity certificate More...

shared_ptr< IdentityCertificate >	prepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
	prepare an unsigned identity certificate More...

void	sign (Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
	Sign data according to the supplied signing information. More...

void	sign (Interest &interest, const SigningInfo &params=DEFAULT_SIGNING_INFO)
	Sign interest according to the supplied signing information. More...

Block	sign (const uint8_t *buffer, size_t bufferLength, const SigningInfo &params)
	Sign buffer according to the supplied signing information. More...

template<typename T >
void	sign (T &packet, const Name &certificateName)
	Sign packet with a particular certificate. More...

Signature	sign (const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
	Sign the byte array using a particular certificate. More...

template<typename T >
void	signByIdentity (T &packet, const Name &identityName)
	Sign packet using the default certificate of a particular identity. More...

Signature	signByIdentity (const uint8_t *buffer, size_t bufferLength, const Name &identityName)
	Sign the byte array using the default certificate of a particular identity. More...

void	signWithSha256 (Data &data)
	Set Sha256 weak signature for `data`. More...

void	signWithSha256 (Interest &interest)
	Set Sha256 weak signature for `interest`. More...

shared_ptr< IdentityCertificate >	selfSign (const Name &keyName)
	Generate a self-signed certificate for a public key. More...

void	selfSign (IdentityCertificate &cert)
	Self-sign the supplied identity certificate. More...

void	deleteCertificate (const Name &certificateName)
	delete a certificate. More...

void	deleteKey (const Name &keyName)
	delete a key. More...

void	deleteIdentity (const Name &identity)
	delete an identity. More...

shared_ptr< SecuredBag >	exportIdentity (const Name &identity, const std::string &passwordStr)
	export an identity. More...

void	importIdentity (const SecuredBag &securedBag, const std::string &passwordStr)
	import an identity. More...

SecPublicInfo &	getPib ()

const SecPublicInfo &	getPib () const

SecTpm &	getTpm ()

const SecTpm &	getTpm () const

bool	doesIdentityExist (const Name &identityName) const

void	addIdentity (const Name &identityName)

bool	doesPublicKeyExist (const Name &keyName) const

void	addPublicKey (const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)

void	addKey (const Name &keyName, const PublicKey &publicKeyDer)

shared_ptr< PublicKey >	getPublicKey (const Name &keyName) const

bool	doesCertificateExist (const Name &certificateName) const

void	addCertificate (const IdentityCertificate &certificate)

shared_ptr< IdentityCertificate >	getCertificate (const Name &certificateName) const

Name	getDefaultIdentity () const

Name	getDefaultKeyNameForIdentity (const Name &identityName) const

const KeyParams &	getDefaultKeyParamsForIdentity (const Name &identityName) const
	Get default key parameters for the specified identity. More...

Name	getDefaultCertificateNameForKey (const Name &keyName) const

void	getAllIdentities (std::vector< Name > &nameList, bool isDefault) const

void	getAllKeyNames (std::vector< Name > &nameList, bool isDefault) const

void	getAllKeyNamesOfIdentity (const Name &identity, std::vector< Name > &nameList, bool isDefault) const

void	getAllCertificateNames (std::vector< Name > &nameList, bool isDefault) const

void	getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) const

void	deleteCertificateInfo (const Name &certificateName)

void	deletePublicKeyInfo (const Name &keyName)

void	deleteIdentityInfo (const Name &identity)

void	setDefaultIdentity (const Name &identityName)

void	setDefaultKeyNameForIdentity (const Name &keyName)

void	setDefaultCertificateNameForKey (const Name &certificateName)

Name	getNewKeyName (const Name &identityName, bool useKsk)

Name	getDefaultCertificateNameForIdentity (const Name &identityName) const

Name	getDefaultCertificateName () const

void	addCertificateAsKeyDefault (const IdentityCertificate &certificate)

void	addCertificateAsIdentityDefault (const IdentityCertificate &certificate)

void	addCertificateAsSystemDefault (const IdentityCertificate &certificate)

shared_ptr< IdentityCertificate >	getDefaultCertificate () const

void	refreshDefaultCertificate ()

void	setTpmPassword (const uint8_t *password, size_t passwordLength)

void	resetTpmPassword ()

void	setInTerminal (bool inTerminal)

bool	getInTerminal () const

bool	isLocked () const

bool	unlockTpm (const char *password, size_t passwordLength, bool usePassword)

void	generateKeyPairInTpm (const Name &keyName, const KeyParams &params)

void	deleteKeyPairInTpm (const Name &keyName)

shared_ptr< PublicKey >	getPublicKeyFromTpm (const Name &keyName) const

Block	signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)

ConstBufferPtr	decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)

ConstBufferPtr	encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)

void	generateSymmetricKeyInTpm (const Name &keyName, const KeyParams &params)

bool	doesKeyExistInTpm (const Name &keyName, KeyClass keyClass) const

bool	generateRandomBlock (uint8_t *res, size_t size) const

void	addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)

ConstBufferPtr	exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password)

bool	importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)

Static Public Member Functions
template<class PibType >
static void	registerPib (std::initializer_list< std::string > aliases)
	Register a new PIB. More...

template<class TpmType >
static void	registerTpm (std::initializer_list< std::string > aliases)
	Register a new TPM. More...

static std::string	getDefaultPibLocator ()
	Get default PIB locator. More...

static unique_ptr< SecPublicInfo >	createPib (const std::string &pibLocator)
	Create a PIB according to `pibLocator`. More...

static std::string	getDefaultTpmLocator ()
	Get default TPM locator. More...

static unique_ptr< SecTpm >	createTpm (const std::string &tpmLocator)
	Create a TPM according to `tpmLocator`. More...

static tlv::SignatureTypeValue	getSignatureType (KeyType keyType, DigestAlgorithm digestAlgorithm)

Static Public Attributes
static const Name	DEFAULT_PREFIX

static const SigningInfo	DEFAULT_SIGNING_INFO

static const RsaKeyParams	DEFAULT_KEY_PARAMS

Detailed Description

The packet signing interface.

Deprecated:: Use v2::KeyChain

Definition at line 50 of file v1/key-chain.hpp.

Member Typedef Documentation

typedef function<unique_ptr<SecPublicInfo>const std::string&)> ndn::security::v1::KeyChain::PibCreateFunc

Definition at line 77 of file v1/key-chain.hpp.

typedef std::map<std::string, Block> ndn::security::v1::KeyChain::SignParams

Definition at line 880 of file v1/key-chain.hpp.

typedef function<unique_ptr<SecTpm>const std::string&)> ndn::security::v1::KeyChain::TpmCreateFunc

Definition at line 78 of file v1/key-chain.hpp.

Constructor & Destructor Documentation

ndn::security::v1::KeyChain::KeyChain ( )

Constructor to create KeyChain with default PIB and TPM.

Default PIB and TPM are platform-dependent and can be overriden system-wide or on per-use basis.

Todo:: Add detailed description about config file behavior here

Definition at line 121 of file v1/key-chain.cpp.

ndn::security::v1::KeyChain::KeyChain	(	const std::string &	pibLocator,
		const std::string &	tpmLocator,
		bool	allowReset = `false`
	)

KeyChain constructor.

See also: http://redmine.named-data.net/issues/2260

Parameters

pibLocator	PIB locator
tpmLocator	TPM locator
allowReset	if true, the PIB will be reset when the supplied tpmLocator mismatches the one in PIB

Definition at line 153 of file v1/key-chain.cpp.

ndn::security::v1::KeyChain::~KeyChain ( )

virtual

Definition at line 163 of file v1/key-chain.cpp.

Member Function Documentation

void ndn::security::v1::KeyChain::addAppToAcl	(	const Name &	keyName,
		KeyClass	keyClass,
		const std::string &	appPath,
		AclType	acl
	)

inline

Definition at line 764 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificate ( const IdentityCertificate & certificate )

inline

Definition at line 509 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsIdentityDefault ( const IdentityCertificate & certificate )

inline

Definition at line 641 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsKeyDefault ( const IdentityCertificate & certificate )

inline

Definition at line 635 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsSystemDefault ( const IdentityCertificate & certificate )

inline

Definition at line 647 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addIdentity ( const Name & identityName )

inline

Definition at line 473 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addKey	(	const Name &	keyName,
		const PublicKey &	publicKeyDer
	)

inline

Definition at line 491 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addPublicKey	(	const Name &	keyName,
		KeyType	keyType,
		const PublicKey &	publicKeyDer
	)

inline

Definition at line 485 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::createIdentity	(	const Name &	identityName,
		const KeyParams &	params = `DEFAULT_KEY_PARAMS`
	)

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters

identityName	The name of the identity.
params	The key parameter if a key needs to be generated for the identity.

Returns: The name of the default certificate of the identity.

Definition at line 293 of file v1/key-chain.cpp.

unique_ptr< SecPublicInfo > ndn::security::v1::KeyChain::createPib ( const std::string & pibLocator )

static

Create a PIB according to pibLocator.

Definition at line 207 of file v1/key-chain.cpp.

unique_ptr< SecTpm > ndn::security::v1::KeyChain::createTpm ( const std::string & tpmLocator )

static

Create a TPM according to tpmLocator.

Definition at line 244 of file v1/key-chain.cpp.

ConstBufferPtr ndn::security::v1::KeyChain::decryptInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		bool	isSymmetric
	)

inline

Definition at line 734 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteCertificate ( const Name & certificateName )

delete a certificate.

Parameters

certificateName The certificate to be deleted.

Exceptions

KeyChain::Error if certificate cannot be deleted.

Definition at line 802 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteCertificateInfo ( const Name & certificateName )

inline

Definition at line 581 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteIdentity ( const Name & identity )

delete an identity.

Parameters

identity The identity to be deleted.

Exceptions

KeyChain::Error if identity cannot be deleted.

Definition at line 815 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteIdentityInfo ( const Name & identity )

inline

Definition at line 593 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteKey ( const Name & keyName )

delete a key.

Parameters

keyName The key to be deleted.

Exceptions

KeyChain::Error if key cannot be deleted.

Definition at line 808 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteKeyPairInTpm ( const Name & keyName )

inline

Definition at line 714 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deletePublicKeyInfo ( const Name & keyName )

inline

Definition at line 587 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesCertificateExist ( const Name & certificateName ) const

inline

Definition at line 503 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesIdentityExist ( const Name & identityName ) const

inline

Definition at line 467 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesKeyExistInTpm	(	const Name &	keyName,
		KeyClass	keyClass
	)		const

inline

Definition at line 752 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesPublicKeyExist ( const Name & keyName ) const

inline

Definition at line 479 of file v1/key-chain.hpp.

ConstBufferPtr ndn::security::v1::KeyChain::encryptInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		bool	isSymmetric
	)

inline

Definition at line 740 of file v1/key-chain.hpp.

shared_ptr< SecuredBag > ndn::security::v1::KeyChain::exportIdentity	(	const Name &	identity,
		const std::string &	passwordStr
	)

export an identity.

Parameters

identity	The identity to export.
passwordStr	The password to secure the private key.

Returns: The encoded export data.

Exceptions

SecPublicInfo::Error if anything goes wrong in exporting.

Definition at line 599 of file v1/key-chain.cpp.

ConstBufferPtr ndn::security::v1::KeyChain::exportPrivateKeyPkcs5FromTpm	(	const Name &	keyName,
		const std::string &	password
	)

inline

Definition at line 770 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::generateEcKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `256`
	)

Generate a pair of EC keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair

Definition at line 334 of file v1/key-chain.cpp.

Name ndn::security::v1::KeyChain::generateEcKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `256`
	)

Generate a pair of EC keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair, generateEcKeyPair, generateRsaKeyPairAsDefault

Definition at line 351 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::generateKeyPairInTpm	(	const Name &	keyName,
		const KeyParams &	params
	)

inline

Definition at line 708 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::generateRandomBlock	(	uint8_t *	res,
		size_t	size
	)		const

inline

Definition at line 758 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::generateRsaKeyPair	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateEcKeyPair

Definition at line 327 of file v1/key-chain.cpp.

Name ndn::security::v1::KeyChain::generateRsaKeyPairAsDefault	(	const Name &	identityName,
		bool	isKsk = `false`,
		uint32_t	keySize = `2048`
	)

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters

identityName	The name of the identity.
isKsk	true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySize	The size of the key.

Returns: The generated key name.

See also: generateRsaKeyPair, generateEcKeyPair, generateEcKeyPairAsDefault

Definition at line 341 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::generateSymmetricKeyInTpm	(	const Name &	keyName,
		const KeyParams &	params
	)

inline

Definition at line 746 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllCertificateNames	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 567 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllCertificateNamesOfKey	(	const Name &	keyName,
		std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 573 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllIdentities	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 549 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllKeyNames	(	std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 555 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllKeyNamesOfIdentity	(	const Name &	identity,
		std::vector< Name > &	nameList,
		bool	isDefault
	)		const

inline

Definition at line 561 of file v1/key-chain.hpp.

shared_ptr<IdentityCertificate> ndn::security::v1::KeyChain::getCertificate ( const Name & certificateName ) const

inline

Definition at line 515 of file v1/key-chain.hpp.

shared_ptr<IdentityCertificate> ndn::security::v1::KeyChain::getDefaultCertificate ( ) const

inline

Definition at line 653 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateName ( ) const

inline

Definition at line 629 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateNameForIdentity ( const Name & identityName ) const

inline

Definition at line 623 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateNameForKey ( const Name & keyName ) const

inline

Definition at line 543 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultIdentity ( ) const

inline

Definition at line 521 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultKeyNameForIdentity ( const Name & identityName ) const

inline

Definition at line 527 of file v1/key-chain.hpp.

const KeyParams & ndn::security::v1::KeyChain::getDefaultKeyParamsForIdentity ( const Name & identityName ) const

Get default key parameters for the specified identity.

If identity has a previously generated key, the returned parameters will include the same type of the key. If there are no existing keys, DEFAULT_KEY_PARAMS is used.

Definition at line 653 of file v1/key-chain.cpp.

std::string ndn::security::v1::KeyChain::getDefaultPibLocator ( )

static

Get default PIB locator.

Definition at line 181 of file v1/key-chain.cpp.

std::string ndn::security::v1::KeyChain::getDefaultTpmLocator ( )

static

Get default TPM locator.

Definition at line 219 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::getInTerminal ( ) const

inline

Definition at line 690 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getNewKeyName	(	const Name &	identityName,
		bool	useKsk
	)

inline

Definition at line 617 of file v1/key-chain.hpp.

SecPublicInfo& ndn::security::v1::KeyChain::getPib ( )

inline

Definition at line 440 of file v1/key-chain.hpp.

const SecPublicInfo& ndn::security::v1::KeyChain::getPib ( ) const

inline

Definition at line 446 of file v1/key-chain.hpp.

shared_ptr<PublicKey> ndn::security::v1::KeyChain::getPublicKey ( const Name & keyName ) const

inline

Definition at line 497 of file v1/key-chain.hpp.

shared_ptr<PublicKey> ndn::security::v1::KeyChain::getPublicKeyFromTpm ( const Name & keyName ) const

inline

Definition at line 720 of file v1/key-chain.hpp.

tlv::SignatureTypeValue ndn::security::v1::KeyChain::getSignatureType	(	KeyType	keyType,
		DigestAlgorithm	digestAlgorithm
	)

static

Definition at line 828 of file v1/key-chain.cpp.

SecTpm& ndn::security::v1::KeyChain::getTpm ( )

inline

Definition at line 452 of file v1/key-chain.hpp.

const SecTpm& ndn::security::v1::KeyChain::getTpm ( ) const

inline

Definition at line 458 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::importIdentity	(	const SecuredBag &	securedBag,
		const std::string &	passwordStr
	)

import an identity.

Parameters

securedBag	The encoded import data.
passwordStr	The password to secure the private key.

Definition at line 628 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::importPrivateKeyPkcs5IntoTpm	(	const Name &	keyName,
		const uint8_t *	buf,
		size_t	size,
		const std::string &	password
	)

inline

Definition at line 776 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::isLocked ( ) const

inline

Definition at line 696 of file v1/key-chain.hpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const Name &	signingIdentity,
		const time::system_clock::TimePoint &	notBefore,
		const time::system_clock::TimePoint &	notAfter,
		const std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name &	certPrefix = `DEFAULT_PREFIX`
	)

prepare an unsigned identity certificate

Parameters

keyName	Key name, e.g., `/<identity_name>/ksk-123456`.
signingIdentity	The signing identity.
notBefore	Refer to IdentityCertificate.
notAfter	Refer to IdentityCertificate.
subjectDescription	Refer to IdentityCertificate.
certPrefix	Prefix before `KEY` component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-....`).

Returns: IdentityCertificate.

Definition at line 362 of file v1/key-chain.cpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::prepareUnsignedIdentityCertificate	(	const Name &	keyName,
		const PublicKey &	publicKey,
		const Name &	signingIdentity,
		const time::system_clock::TimePoint &	notBefore,
		const time::system_clock::TimePoint &	notAfter,
		const std::vector< CertificateSubjectDescription > &	subjectDescription,
		const Name &	certPrefix = `DEFAULT_PREFIX`
	)

prepare an unsigned identity certificate

Parameters

keyName	Key name, e.g., `/<identity_name>/ksk-123456`.
publicKey	Public key to sign.
signingIdentity	The signing identity.
notBefore	Refer to IdentityCertificate.
notAfter	Refer to IdentityCertificate.
subjectDescription	Refer to IdentityCertificate.
certPrefix	Prefix before `KEY` component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted after subject identity (i.e., before `ksk-....`).

Returns: IdentityCertificate.

Definition at line 383 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::refreshDefaultCertificate ( )

inline

Definition at line 662 of file v1/key-chain.hpp.

template<class PibType >

void ndn::security::v1::KeyChain::registerPib ( std::initializer_list< std::string > aliases )

inlinestatic

Register a new PIB.

Parameters

aliases List of schemes with which this PIB will be associated. The first alias in the list is considered a canonical name of the PIB instance.

Definition at line 916 of file v1/key-chain.hpp.

template<class TpmType >

void ndn::security::v1::KeyChain::registerTpm ( std::initializer_list< std::string > aliases )

inlinestatic

Register a new TPM.

Parameters

aliases List of schemes with which this TPM will be associated The first alias in the list is considered a canonical name of the TPM instance.

Definition at line 925 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::resetTpmPassword ( )

inline

Definition at line 678 of file v1/key-chain.hpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::selfSign ( const Name & keyName )

Generate a self-signed certificate for a public key.

Parameters

keyName The name of the public key

Returns: The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails

Definition at line 553 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::selfSign ( IdentityCertificate & cert )

Self-sign the supplied identity certificate.

Parameters

cert	The supplied cert.

Exceptions

SecTpm::Error if the private key does not exist.

Definition at line 583 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::setDefaultCertificateNameForKey ( const Name & certificateName )

inline

Definition at line 611 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setDefaultIdentity ( const Name & identityName )

inline

Definition at line 599 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setDefaultKeyNameForIdentity ( const Name & keyName )

inline

Definition at line 605 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setInTerminal ( bool inTerminal )

inline

Definition at line 684 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setTpmPassword	(	const uint8_t *	password,
		size_t	passwordLength
	)

inline

Definition at line 672 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::sign	(	Data &	data,
		const SigningInfo &	params = `DEFAULT_SIGNING_INFO`
	)

Sign data according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

it selects a private key and its certificate to sign the packet
sets the KeyLocator field with the certificate name, and
adds other requested information to the SignatureInfo block).

After that, the method assigns the created SignatureInfo to the data packets, generate a signature and sets as part of the SignatureValue block.

Parameters

data	The data to sign
params	The signing parameters.

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 513 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::sign	(	Interest &	interest,
		const SigningInfo &	params = `DEFAULT_SIGNING_INFO`
	)

Sign interest according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

it selects a private key and its certificate to sign the packet
sets the KeyLocator field with the certificate name, and
adds other requested information to the SignatureInfo block).

After that, the method appends the created SignatureInfo to the interest name, generate a signature and appends it as part of the SignatureValue block to the interest name.

Parameters

interest	The interest to sign
params	The signing parameters.

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 519 of file v1/key-chain.cpp.

Block ndn::security::v1::KeyChain::sign	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const SigningInfo &	params
	)

Sign buffer according to the supplied signing information.

Parameters

buffer	The buffer to sign
bufferLength	The buffer size
params	The signing parameters.

Returns: a SignatureValue TLV block

Exceptions

Error if signing fails.

See also: SigningInfo

Definition at line 525 of file v1/key-chain.cpp.

template<typename T >

void ndn::security::v1::KeyChain::sign	(	T &	packet,
		const Name &	certificateName
	)

Sign packet with a particular certificate.

Deprecated:: use sign sign(T&, const SigningInfo&)

Parameters

packet	The packet to be signed.
certificateName	The certificate name of the key to use for signing.

Exceptions

SecPublicInfo::Error if certificate does not exist.

Definition at line 902 of file v1/key-chain.hpp.

Signature ndn::security::v1::KeyChain::sign	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const Name &	certificateName
	)

Sign the byte array using a particular certificate.

Deprecated:: Use sign(const uint8_t*, size_t, const SigningInfo&) instead

Parameters

buffer	The byte array to be signed.
bufferLength	the length of buffer.
certificateName	The certificate name of the signing key.

Returns: The Signature.

Exceptions

SecPublicInfo::Error if certificate does not exist.

Definition at line 534 of file v1/key-chain.cpp.

template<typename T >

void ndn::security::v1::KeyChain::signByIdentity	(	T &	packet,
		const Name &	identityName
	)

Sign packet using the default certificate of a particular identity.

Deprecated:: use sign sign(T&, const SigningInfo&)

If there is no default certificate of that identity, this method will create a self-signed certificate.

Parameters

packet	The packet to be signed.
identityName	The signing identity name.

Definition at line 909 of file v1/key-chain.hpp.

Signature ndn::security::v1::KeyChain::signByIdentity	(	const uint8_t *	buffer,
		size_t	bufferLength,
		const Name &	identityName
	)

Sign the byte array using the default certificate of a particular identity.

Deprecated:: use sign(const uint8_t*, size_t, const SigningInfo&) instead

Parameters

buffer	The byte array to be signed.
bufferLength	the length of buffer.
identityName	The identity name.

Returns: The Signature.

Definition at line 764 of file v1/key-chain.cpp.

Block ndn::security::v1::KeyChain::signInTpm	(	const uint8_t *	data,
		size_t	dataLength,
		const Name &	keyName,
		DigestAlgorithm	digestAlgorithm
	)

inline

Definition at line 726 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::signWithSha256 ( Data & data )

Set Sha256 weak signature for data.

Deprecated:: use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 772 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::signWithSha256 ( Interest & interest )

Set Sha256 weak signature for interest.

Deprecated:: use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 778 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::unlockTpm	(	const char *	password,
		size_t	passwordLength,
		bool	usePassword
	)

inline

Definition at line 702 of file v1/key-chain.hpp.

Field Documentation

const RsaKeyParams ndn::security::v1::KeyChain::DEFAULT_KEY_PARAMS

static

Definition at line 878 of file v1/key-chain.hpp.

const Name ndn::security::v1::KeyChain::DEFAULT_PREFIX

static

Definition at line 874 of file v1/key-chain.hpp.

const SigningInfo ndn::security::v1::KeyChain::DEFAULT_SIGNING_INFO

static

Definition at line 875 of file v1/key-chain.hpp.

ndn-cxx: NDN C++ library with eXperimental eXtensions 0.5.1 documentation

Data Structures

Public Types

Public Member Functions

Static Public Member Functions

Static Public Attributes

Detailed Description

Member Typedef Documentation

Constructor & Destructor Documentation

Member Function Documentation

Field Documentation