Classes | Public Types | Public Member Functions | Static Public Member Functions | Static Public Attributes | List of all members
ndn::security::v1::KeyChain Class Reference

The packet signing interface. More...

#include <key-chain.hpp>

+ Inheritance diagram for ndn::security::v1::KeyChain:
+ Collaboration diagram for ndn::security::v1::KeyChain:

Classes

class  Error
 
class  MismatchError
 Error thrown when the supplied TPM locator to KeyChain constructor does not match the locator stored in PIB. More...
 

Public Types

typedef function< unique_ptr< SecPublicInfo >const std::string &)> PibCreateFunc
 
typedef std::map< std::string, BlockSignParams
 
typedef function< unique_ptr< SecTpm >const std::string &)> TpmCreateFunc
 

Public Member Functions

 KeyChain ()
 Constructor to create KeyChain with default PIB and TPM. More...
 
 KeyChain (const std::string &pibLocator, const std::string &tpmLocator, bool allowReset=false)
 KeyChain constructor. More...
 
virtual ~KeyChain ()
 
void addAppToAcl (const Name &keyName, KeyClass keyClass, const std::string &appPath, AclType acl)
 
void addCertificate (const IdentityCertificate &certificate)
 
void addCertificateAsIdentityDefault (const IdentityCertificate &certificate)
 
void addCertificateAsKeyDefault (const IdentityCertificate &certificate)
 
void addCertificateAsSystemDefault (const IdentityCertificate &certificate)
 
void addIdentity (const Name &identityName)
 
void addKey (const Name &keyName, const PublicKey &publicKeyDer)
 
void addPublicKey (const Name &keyName, KeyType keyType, const PublicKey &publicKeyDer)
 
Name createIdentity (const Name &identityName, const KeyParams &params=DEFAULT_KEY_PARAMS)
 Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. More...
 
ConstBufferPtr decryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
 
void deleteCertificate (const Name &certificateName)
 delete a certificate. More...
 
void deleteCertificateInfo (const Name &certificateName)
 
void deleteIdentity (const Name &identity)
 delete an identity. More...
 
void deleteIdentityInfo (const Name &identity)
 
void deleteKey (const Name &keyName)
 delete a key. More...
 
void deleteKeyPairInTpm (const Name &keyName)
 
void deletePublicKeyInfo (const Name &keyName)
 
bool doesCertificateExist (const Name &certificateName) const
 
bool doesIdentityExist (const Name &identityName) const
 
bool doesKeyExistInTpm (const Name &keyName, KeyClass keyClass) const
 
bool doesPublicKeyExist (const Name &keyName) const
 
ConstBufferPtr encryptInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
 
shared_ptr< SecuredBagexportIdentity (const Name &identity, const std::string &passwordStr)
 export an identity. More...
 
ConstBufferPtr exportPrivateKeyPkcs5FromTpm (const Name &keyName, const std::string &password)
 
Name generateEcKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
 Generate a pair of EC keys for the specified identity. More...
 
Name generateEcKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=256)
 Generate a pair of EC keys for the specified identity and set it as default key for the identity. More...
 
void generateKeyPairInTpm (const Name &keyName, const KeyParams &params)
 
bool generateRandomBlock (uint8_t *res, size_t size) const
 
Name generateRsaKeyPair (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
 Generate a pair of RSA keys for the specified identity. More...
 
Name generateRsaKeyPairAsDefault (const Name &identityName, bool isKsk=false, uint32_t keySize=2048)
 Generate a pair of RSA keys for the specified identity and set it as default key for the identity. More...
 
void generateSymmetricKeyInTpm (const Name &keyName, const KeyParams &params)
 
void getAllCertificateNames (std::vector< Name > &nameList, bool isDefault) const
 
void getAllCertificateNamesOfKey (const Name &keyName, std::vector< Name > &nameList, bool isDefault) const
 
void getAllIdentities (std::vector< Name > &nameList, bool isDefault) const
 
void getAllKeyNames (std::vector< Name > &nameList, bool isDefault) const
 
void getAllKeyNamesOfIdentity (const Name &identity, std::vector< Name > &nameList, bool isDefault) const
 
shared_ptr< IdentityCertificategetCertificate (const Name &certificateName) const
 
shared_ptr< IdentityCertificategetDefaultCertificate () const
 
Name getDefaultCertificateName () const
 
Name getDefaultCertificateNameForIdentity (const Name &identityName) const
 
Name getDefaultCertificateNameForKey (const Name &keyName) const
 
Name getDefaultIdentity () const
 
Name getDefaultKeyNameForIdentity (const Name &identityName) const
 
const KeyParamsgetDefaultKeyParamsForIdentity (const Name &identityName) const
 Get default key parameters for the specified identity. More...
 
bool getInTerminal () const
 
Name getNewKeyName (const Name &identityName, bool useKsk)
 
SecPublicInfogetPib ()
 
const SecPublicInfogetPib () const
 
shared_ptr< PublicKeygetPublicKey (const Name &keyName) const
 
shared_ptr< PublicKeygetPublicKeyFromTpm (const Name &keyName) const
 
SecTpmgetTpm ()
 
const SecTpmgetTpm () const
 
void importIdentity (const SecuredBag &securedBag, const std::string &passwordStr)
 import an identity. More...
 
bool importPrivateKeyPkcs5IntoTpm (const Name &keyName, const uint8_t *buf, size_t size, const std::string &password)
 
bool isLocked () const
 
shared_ptr< IdentityCertificateprepareUnsignedIdentityCertificate (const Name &keyName, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
 prepare an unsigned identity certificate More...
 
shared_ptr< IdentityCertificateprepareUnsignedIdentityCertificate (const Name &keyName, const PublicKey &publicKey, const Name &signingIdentity, const time::system_clock::TimePoint &notBefore, const time::system_clock::TimePoint &notAfter, const std::vector< CertificateSubjectDescription > &subjectDescription, const Name &certPrefix=DEFAULT_PREFIX)
 prepare an unsigned identity certificate More...
 
void refreshDefaultCertificate ()
 
void resetTpmPassword ()
 
shared_ptr< IdentityCertificateselfSign (const Name &keyName)
 Generate a self-signed certificate for a public key. More...
 
void selfSign (IdentityCertificate &cert)
 Self-sign the supplied identity certificate. More...
 
void setDefaultCertificateNameForKey (const Name &certificateName)
 
void setDefaultIdentity (const Name &identityName)
 
void setDefaultKeyNameForIdentity (const Name &keyName)
 
void setInTerminal (bool inTerminal)
 
void setTpmPassword (const uint8_t *password, size_t passwordLength)
 
void sign (Data &data, const SigningInfo &params=DEFAULT_SIGNING_INFO)
 Sign data according to the supplied signing information. More...
 
void sign (Interest &interest, const SigningInfo &params=DEFAULT_SIGNING_INFO)
 Sign interest according to the supplied signing information. More...
 
Block sign (const uint8_t *buffer, size_t bufferLength, const SigningInfo &params)
 Sign buffer according to the supplied signing information. More...
 
template<typename T >
void sign (T &packet, const Name &certificateName)
 Sign packet with a particular certificate. More...
 
Signature sign (const uint8_t *buffer, size_t bufferLength, const Name &certificateName)
 Sign the byte array using a particular certificate. More...
 
template<typename T >
void signByIdentity (T &packet, const Name &identityName)
 Sign packet using the default certificate of a particular identity. More...
 
Signature signByIdentity (const uint8_t *buffer, size_t bufferLength, const Name &identityName)
 Sign the byte array using the default certificate of a particular identity. More...
 
Block signInTpm (const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
 
void signWithSha256 (Data &data)
 Set Sha256 weak signature for data. More...
 
void signWithSha256 (Interest &interest)
 Set Sha256 weak signature for interest. More...
 
bool unlockTpm (const char *password, size_t passwordLength, bool usePassword)
 

Static Public Member Functions

static unique_ptr< SecPublicInfocreatePib (const std::string &pibLocator)
 Create a PIB according to pibLocator. More...
 
static unique_ptr< SecTpmcreateTpm (const std::string &tpmLocator)
 Create a TPM according to tpmLocator. More...
 
static std::string getDefaultPibLocator ()
 Get default PIB locator. More...
 
static std::string getDefaultTpmLocator ()
 Get default TPM locator. More...
 
static tlv::SignatureTypeValue getSignatureType (KeyType keyType, DigestAlgorithm digestAlgorithm)
 
template<class PibType >
static void registerPib (std::initializer_list< std::string > aliases)
 Register a new PIB. More...
 
template<class TpmType >
static void registerTpm (std::initializer_list< std::string > aliases)
 Register a new TPM. More...
 

Static Public Attributes

static const RsaKeyParams DEFAULT_KEY_PARAMS
 
static const Name DEFAULT_PREFIX
 
static const SigningInfo DEFAULT_SIGNING_INFO
 

Detailed Description

The packet signing interface.

Deprecated:
Use v2::KeyChain

Definition at line 48 of file v1/key-chain.hpp.

Member Typedef Documentation

typedef function<unique_ptr<SecPublicInfo>const std::string&)> ndn::security::v1::KeyChain::PibCreateFunc

Definition at line 75 of file v1/key-chain.hpp.

typedef std::map<std::string, Block> ndn::security::v1::KeyChain::SignParams

Definition at line 878 of file v1/key-chain.hpp.

typedef function<unique_ptr<SecTpm>const std::string&)> ndn::security::v1::KeyChain::TpmCreateFunc

Definition at line 76 of file v1/key-chain.hpp.

Constructor & Destructor Documentation

ndn::security::v1::KeyChain::KeyChain ( )

Constructor to create KeyChain with default PIB and TPM.

Default PIB and TPM are platform-dependent and can be overriden system-wide or on per-use basis.

Todo:
Add detailed description about config file behavior here

Definition at line 121 of file v1/key-chain.cpp.

ndn::security::v1::KeyChain::KeyChain ( const std::string &  pibLocator,
const std::string &  tpmLocator,
bool  allowReset = false 
)

KeyChain constructor.

See also
https://redmine.named-data.net/issues/2260
Parameters
pibLocatorPIB locator
tpmLocatorTPM locator
allowResetif true, the PIB will be reset when the supplied tpmLocator mismatches the one in PIB

Definition at line 153 of file v1/key-chain.cpp.

ndn::security::v1::KeyChain::~KeyChain ( )
virtual

Definition at line 163 of file v1/key-chain.cpp.

Member Function Documentation

void ndn::security::v1::KeyChain::addAppToAcl ( const Name keyName,
KeyClass  keyClass,
const std::string &  appPath,
AclType  acl 
)
inline

Definition at line 762 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificate ( const IdentityCertificate certificate)
inline

Definition at line 507 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsIdentityDefault ( const IdentityCertificate certificate)
inline

Definition at line 639 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsKeyDefault ( const IdentityCertificate certificate)
inline

Definition at line 633 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addCertificateAsSystemDefault ( const IdentityCertificate certificate)
inline

Definition at line 645 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addIdentity ( const Name identityName)
inline

Definition at line 471 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addKey ( const Name keyName,
const PublicKey publicKeyDer 
)
inline

Definition at line 489 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::addPublicKey ( const Name keyName,
KeyType  keyType,
const PublicKey publicKeyDer 
)
inline

Definition at line 483 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::createIdentity ( const Name identityName,
const KeyParams params = DEFAULT_KEY_PARAMS 
)

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.

Parameters
identityNameThe name of the identity.
paramsThe key parameter if a key needs to be generated for the identity.
Returns
The name of the default certificate of the identity.

Definition at line 293 of file v1/key-chain.cpp.

unique_ptr< SecPublicInfo > ndn::security::v1::KeyChain::createPib ( const std::string &  pibLocator)
static

Create a PIB according to pibLocator.

Definition at line 207 of file v1/key-chain.cpp.

unique_ptr< SecTpm > ndn::security::v1::KeyChain::createTpm ( const std::string &  tpmLocator)
static

Create a TPM according to tpmLocator.

Definition at line 244 of file v1/key-chain.cpp.

ConstBufferPtr ndn::security::v1::KeyChain::decryptInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
bool  isSymmetric 
)
inline

Definition at line 732 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteCertificate ( const Name certificateName)

delete a certificate.

Parameters
certificateNameThe certificate to be deleted.
Exceptions
KeyChain::Errorif certificate cannot be deleted.

Definition at line 802 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteCertificateInfo ( const Name certificateName)
inline

Definition at line 579 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteIdentity ( const Name identity)

delete an identity.

Parameters
identityThe identity to be deleted.
Exceptions
KeyChain::Errorif identity cannot be deleted.

Definition at line 815 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteIdentityInfo ( const Name identity)
inline

Definition at line 591 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deleteKey ( const Name keyName)

delete a key.

Parameters
keyNameThe key to be deleted.
Exceptions
KeyChain::Errorif key cannot be deleted.

Definition at line 808 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::deleteKeyPairInTpm ( const Name keyName)
inline

Definition at line 712 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::deletePublicKeyInfo ( const Name keyName)
inline

Definition at line 585 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesCertificateExist ( const Name certificateName) const
inline

Definition at line 501 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesIdentityExist ( const Name identityName) const
inline

Definition at line 465 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesKeyExistInTpm ( const Name keyName,
KeyClass  keyClass 
) const
inline

Definition at line 750 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::doesPublicKeyExist ( const Name keyName) const
inline

Definition at line 477 of file v1/key-chain.hpp.

ConstBufferPtr ndn::security::v1::KeyChain::encryptInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
bool  isSymmetric 
)
inline

Definition at line 738 of file v1/key-chain.hpp.

shared_ptr< SecuredBag > ndn::security::v1::KeyChain::exportIdentity ( const Name identity,
const std::string &  passwordStr 
)

export an identity.

Parameters
identityThe identity to export.
passwordStrThe password to secure the private key.
Returns
The encoded export data.
Exceptions
SecPublicInfo::Errorif anything goes wrong in exporting.

Definition at line 599 of file v1/key-chain.cpp.

ConstBufferPtr ndn::security::v1::KeyChain::exportPrivateKeyPkcs5FromTpm ( const Name keyName,
const std::string &  password 
)
inline

Definition at line 768 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::generateEcKeyPair ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 256 
)

Generate a pair of EC keys for the specified identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair

Definition at line 334 of file v1/key-chain.cpp.

Name ndn::security::v1::KeyChain::generateEcKeyPairAsDefault ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 256 
)

Generate a pair of EC keys for the specified identity and set it as default key for the identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair, generateEcKeyPair, generateRsaKeyPairAsDefault

Definition at line 351 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::generateKeyPairInTpm ( const Name keyName,
const KeyParams params 
)
inline

Definition at line 706 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::generateRandomBlock ( uint8_t *  res,
size_t  size 
) const
inline

Definition at line 756 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::generateRsaKeyPair ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 2048 
)

Generate a pair of RSA keys for the specified identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateEcKeyPair

Definition at line 327 of file v1/key-chain.cpp.

Name ndn::security::v1::KeyChain::generateRsaKeyPairAsDefault ( const Name identityName,
bool  isKsk = false,
uint32_t  keySize = 2048 
)

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters
identityNameThe name of the identity.
isKsktrue for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
keySizeThe size of the key.
Returns
The generated key name.
See also
generateRsaKeyPair, generateEcKeyPair, generateEcKeyPairAsDefault

Definition at line 341 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::generateSymmetricKeyInTpm ( const Name keyName,
const KeyParams params 
)
inline

Definition at line 744 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllCertificateNames ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 565 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllCertificateNamesOfKey ( const Name keyName,
std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 571 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllIdentities ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 547 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllKeyNames ( std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 553 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::getAllKeyNamesOfIdentity ( const Name identity,
std::vector< Name > &  nameList,
bool  isDefault 
) const
inline

Definition at line 559 of file v1/key-chain.hpp.

shared_ptr<IdentityCertificate> ndn::security::v1::KeyChain::getCertificate ( const Name certificateName) const
inline

Definition at line 513 of file v1/key-chain.hpp.

shared_ptr<IdentityCertificate> ndn::security::v1::KeyChain::getDefaultCertificate ( ) const
inline

Definition at line 651 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateName ( ) const
inline

Definition at line 627 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateNameForIdentity ( const Name identityName) const
inline

Definition at line 621 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultCertificateNameForKey ( const Name keyName) const
inline

Definition at line 541 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultIdentity ( ) const
inline

Definition at line 519 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getDefaultKeyNameForIdentity ( const Name identityName) const
inline

Definition at line 525 of file v1/key-chain.hpp.

const KeyParams & ndn::security::v1::KeyChain::getDefaultKeyParamsForIdentity ( const Name identityName) const

Get default key parameters for the specified identity.

If identity has a previously generated key, the returned parameters will include the same type of the key. If there are no existing keys, DEFAULT_KEY_PARAMS is used.

Definition at line 653 of file v1/key-chain.cpp.

std::string ndn::security::v1::KeyChain::getDefaultPibLocator ( )
static

Get default PIB locator.

Definition at line 181 of file v1/key-chain.cpp.

std::string ndn::security::v1::KeyChain::getDefaultTpmLocator ( )
static

Get default TPM locator.

Definition at line 219 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::getInTerminal ( ) const
inline

Definition at line 688 of file v1/key-chain.hpp.

Name ndn::security::v1::KeyChain::getNewKeyName ( const Name identityName,
bool  useKsk 
)
inline

Definition at line 615 of file v1/key-chain.hpp.

SecPublicInfo& ndn::security::v1::KeyChain::getPib ( )
inline

Definition at line 438 of file v1/key-chain.hpp.

const SecPublicInfo& ndn::security::v1::KeyChain::getPib ( ) const
inline

Definition at line 444 of file v1/key-chain.hpp.

shared_ptr<PublicKey> ndn::security::v1::KeyChain::getPublicKey ( const Name keyName) const
inline

Definition at line 495 of file v1/key-chain.hpp.

shared_ptr<PublicKey> ndn::security::v1::KeyChain::getPublicKeyFromTpm ( const Name keyName) const
inline

Definition at line 718 of file v1/key-chain.hpp.

tlv::SignatureTypeValue ndn::security::v1::KeyChain::getSignatureType ( KeyType  keyType,
DigestAlgorithm  digestAlgorithm 
)
static

Definition at line 828 of file v1/key-chain.cpp.

SecTpm& ndn::security::v1::KeyChain::getTpm ( )
inline

Definition at line 450 of file v1/key-chain.hpp.

const SecTpm& ndn::security::v1::KeyChain::getTpm ( ) const
inline

Definition at line 456 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::importIdentity ( const SecuredBag securedBag,
const std::string &  passwordStr 
)

import an identity.

Parameters
securedBagThe encoded import data.
passwordStrThe password to secure the private key.

Definition at line 628 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::importPrivateKeyPkcs5IntoTpm ( const Name keyName,
const uint8_t *  buf,
size_t  size,
const std::string &  password 
)
inline

Definition at line 774 of file v1/key-chain.hpp.

bool ndn::security::v1::KeyChain::isLocked ( ) const
inline

Definition at line 694 of file v1/key-chain.hpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::prepareUnsignedIdentityCertificate ( const Name keyName,
const Name signingIdentity,
const time::system_clock::TimePoint notBefore,
const time::system_clock::TimePoint notAfter,
const std::vector< CertificateSubjectDescription > &  subjectDescription,
const Name certPrefix = DEFAULT_PREFIX 
)

prepare an unsigned identity certificate

Parameters
keyNameKey name, e.g., /<identity_name>/ksk-123456.
signingIdentityThe signing identity.
notBeforeRefer to IdentityCertificate.
notAfterRefer to IdentityCertificate.
subjectDescriptionRefer to IdentityCertificate.
certPrefixPrefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-....).
Returns
IdentityCertificate.

Definition at line 362 of file v1/key-chain.cpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::prepareUnsignedIdentityCertificate ( const Name keyName,
const PublicKey publicKey,
const Name signingIdentity,
const time::system_clock::TimePoint notBefore,
const time::system_clock::TimePoint notAfter,
const std::vector< CertificateSubjectDescription > &  subjectDescription,
const Name certPrefix = DEFAULT_PREFIX 
)

prepare an unsigned identity certificate

Parameters
keyNameKey name, e.g., /<identity_name>/ksk-123456.
publicKeyPublic key to sign.
signingIdentityThe signing identity.
notBeforeRefer to IdentityCertificate.
notAfterRefer to IdentityCertificate.
subjectDescriptionRefer to IdentityCertificate.
certPrefixPrefix before KEY component. By default, KeyChain will infer the certificate name according to the relation between the signingIdentity and the subject identity. If signingIdentity is a prefix of the subject identity, KEY will be inserted after the signingIdentity, otherwise KEY is inserted after subject identity (i.e., before ksk-....).
Returns
IdentityCertificate.

Definition at line 383 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::refreshDefaultCertificate ( )
inline

Definition at line 660 of file v1/key-chain.hpp.

template<class PibType >
void ndn::security::v1::KeyChain::registerPib ( std::initializer_list< std::string >  aliases)
inlinestatic

Register a new PIB.

Parameters
aliasesList of schemes with which this PIB will be associated. The first alias in the list is considered a canonical name of the PIB instance.

Definition at line 914 of file v1/key-chain.hpp.

template<class TpmType >
void ndn::security::v1::KeyChain::registerTpm ( std::initializer_list< std::string >  aliases)
inlinestatic

Register a new TPM.

Parameters
aliasesList of schemes with which this TPM will be associated The first alias in the list is considered a canonical name of the TPM instance.

Definition at line 923 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::resetTpmPassword ( )
inline

Definition at line 676 of file v1/key-chain.hpp.

shared_ptr< IdentityCertificate > ndn::security::v1::KeyChain::selfSign ( const Name keyName)

Generate a self-signed certificate for a public key.

Parameters
keyNameThe name of the public key
Returns
The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails

Definition at line 553 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::selfSign ( IdentityCertificate cert)

Self-sign the supplied identity certificate.

Parameters
certThe supplied cert.
Exceptions
SecTpm::Errorif the private key does not exist.

Definition at line 583 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::setDefaultCertificateNameForKey ( const Name certificateName)
inline

Definition at line 609 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setDefaultIdentity ( const Name identityName)
inline

Definition at line 597 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setDefaultKeyNameForIdentity ( const Name keyName)
inline

Definition at line 603 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setInTerminal ( bool  inTerminal)
inline

Definition at line 682 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::setTpmPassword ( const uint8_t *  password,
size_t  passwordLength 
)
inline

Definition at line 670 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::sign ( Data data,
const SigningInfo params = DEFAULT_SIGNING_INFO 
)

Sign data according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

  • it selects a private key and its certificate to sign the packet
  • sets the KeyLocator field with the certificate name, and
  • adds other requested information to the SignatureInfo block).

After that, the method assigns the created SignatureInfo to the data packets, generate a signature and sets as part of the SignatureValue block.

Parameters
dataThe data to sign
paramsThe signing parameters.
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 513 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::sign ( Interest interest,
const SigningInfo params = DEFAULT_SIGNING_INFO 
)

Sign interest according to the supplied signing information.

This method uses the supplied signing information params to create the SignatureInfo block:

  • it selects a private key and its certificate to sign the packet
  • sets the KeyLocator field with the certificate name, and
  • adds other requested information to the SignatureInfo block).

After that, the method appends the created SignatureInfo to the interest name, generate a signature and appends it as part of the SignatureValue block to the interest name.

Parameters
interestThe interest to sign
paramsThe signing parameters.
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 519 of file v1/key-chain.cpp.

Block ndn::security::v1::KeyChain::sign ( const uint8_t *  buffer,
size_t  bufferLength,
const SigningInfo params 
)

Sign buffer according to the supplied signing information.

Parameters
bufferThe buffer to sign
bufferLengthThe buffer size
paramsThe signing parameters.
Returns
a SignatureValue TLV block
Exceptions
Errorif signing fails.
See also
SigningInfo

Definition at line 525 of file v1/key-chain.cpp.

template<typename T >
void ndn::security::v1::KeyChain::sign ( T &  packet,
const Name certificateName 
)

Sign packet with a particular certificate.

Deprecated:
use sign sign(T&, const SigningInfo&)
Parameters
packetThe packet to be signed.
certificateNameThe certificate name of the key to use for signing.
Exceptions
SecPublicInfo::Errorif certificate does not exist.

Definition at line 900 of file v1/key-chain.hpp.

Signature ndn::security::v1::KeyChain::sign ( const uint8_t *  buffer,
size_t  bufferLength,
const Name certificateName 
)

Sign the byte array using a particular certificate.

Deprecated:
Use sign(const uint8_t*, size_t, const SigningInfo&) instead
Parameters
bufferThe byte array to be signed.
bufferLengththe length of buffer.
certificateNameThe certificate name of the signing key.
Returns
The Signature.
Exceptions
SecPublicInfo::Errorif certificate does not exist.

Definition at line 534 of file v1/key-chain.cpp.

template<typename T >
void ndn::security::v1::KeyChain::signByIdentity ( T &  packet,
const Name identityName 
)

Sign packet using the default certificate of a particular identity.

Deprecated:
use sign sign(T&, const SigningInfo&)

If there is no default certificate of that identity, this method will create a self-signed certificate.

Parameters
packetThe packet to be signed.
identityNameThe signing identity name.

Definition at line 907 of file v1/key-chain.hpp.

Signature ndn::security::v1::KeyChain::signByIdentity ( const uint8_t *  buffer,
size_t  bufferLength,
const Name identityName 
)

Sign the byte array using the default certificate of a particular identity.

Deprecated:
use sign(const uint8_t*, size_t, const SigningInfo&) instead
Parameters
bufferThe byte array to be signed.
bufferLengththe length of buffer.
identityNameThe identity name.
Returns
The Signature.

Definition at line 764 of file v1/key-chain.cpp.

Block ndn::security::v1::KeyChain::signInTpm ( const uint8_t *  data,
size_t  dataLength,
const Name keyName,
DigestAlgorithm  digestAlgorithm 
)
inline

Definition at line 724 of file v1/key-chain.hpp.

void ndn::security::v1::KeyChain::signWithSha256 ( Data data)

Set Sha256 weak signature for data.

Deprecated:
use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 772 of file v1/key-chain.cpp.

void ndn::security::v1::KeyChain::signWithSha256 ( Interest interest)

Set Sha256 weak signature for interest.

Deprecated:
use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))

Definition at line 778 of file v1/key-chain.cpp.

bool ndn::security::v1::KeyChain::unlockTpm ( const char *  password,
size_t  passwordLength,
bool  usePassword 
)
inline

Definition at line 700 of file v1/key-chain.hpp.

Member Data Documentation

const RsaKeyParams ndn::security::v1::KeyChain::DEFAULT_KEY_PARAMS
static

Definition at line 876 of file v1/key-chain.hpp.

const Name ndn::security::v1::KeyChain::DEFAULT_PREFIX
static

Definition at line 872 of file v1/key-chain.hpp.

const SigningInfo ndn::security::v1::KeyChain::DEFAULT_SIGNING_INFO
static

Definition at line 873 of file v1/key-chain.hpp.