/*____________________________________________________________________________ Copyright (C) 2002 PGP Corporation All rights reserved. $Id: pgpKeys.h,v 1.76 2004/05/19 00:09:07 ajivsov Exp $ ____________________________________________________________________________*/ #ifndef Included_pgpKeys_h /* [ */ #define Included_pgpKeys_h #include "pgpPubTypes.h" #include "pgpHash.h" #include "pgpOptionList.h" /* Key ordering */ enum PGPKeyOrdering_ { kPGPKeyOrdering_Invalid = 0, kPGPKeyOrdering_Any = 1, kPGPKeyOrdering_UserID = 2, kPGPKeyOrdering_KeyID = 3, kPGPKeyOrdering_Validity = 4, kPGPKeyOrdering_Trust = 5, kPGPKeyOrdering_EncryptionKeySize = 6, kPGPKeyOrdering_SigningKeySize = 7, kPGPKeyOrdering_CreationDate = 8, kPGPKeyOrdering_ExpirationDate = 9, PGP_ENUM_FORCE( PGPKeyOrdering_ ) } ; PGPENUM_TYPEDEF( PGPKeyOrdering_, PGPKeyOrdering ); /* Key properties */ enum PGPKeyDBObjProperty_ { kPGPKeyDBObjProperty_Invalid = 0, /* Generic numeric properties */ kPGPKeyDBObjProperty_ObjectType = 20, /* Key boolean properties */ kPGPKeyProperty_IsSecret = 100, kPGPKeyProperty_IsAxiomatic = 101, kPGPKeyProperty_IsRevoked = 102, kPGPKeyProperty_IsDisabled = 103, kPGPKeyProperty_IsNotCorrupt = 104, kPGPKeyProperty_IsExpired = 105, kPGPKeyProperty_NeedsPassphrase = 106, kPGPKeyProperty_HasUnverifiedRevocation = 107, kPGPKeyProperty_CanEncrypt = 108, kPGPKeyProperty_CanDecrypt = 109, kPGPKeyProperty_CanSign = 110, kPGPKeyProperty_CanVerify = 111, kPGPKeyProperty_IsEncryptionKey = 112, kPGPKeyProperty_IsSigningKey = 113, kPGPKeyProperty_IsSecretShared = 114, kPGPKeyProperty_IsRevocable = 115, kPGPKeyProperty_HasThirdPartyRevocation = 116, kPGPKeyProperty_HasCRL = 117, kPGPKeyProperty_IsOnToken = 118, kPGPKeyProperty_IsStubKey = 119, /* used to filter dummy keys from inclusive key set */ /* Key numeric properties */ kPGPKeyProperty_AlgorithmID = 200, kPGPKeyProperty_Bits = 201, kPGPKeyProperty_Trust = 202, kPGPKeyProperty_Validity = 203, kPGPKeyProperty_LockingAlgorithmID = 204, kPGPKeyProperty_LockingBits = 205, kPGPKeyProperty_Flags = 206, kPGPKeyProperty_HashAlgorithmID = 207, kPGPKeyProperty_Version = 208, kPGPKeyProperty_KeyServerPreferences = 209, kPGPKeyProperty_TokenNum = 210, kPGPKeyProperty_Features = 211, /* Key time properties */ kPGPKeyProperty_Creation = 300, kPGPKeyProperty_Expiration = 301, kPGPKeyProperty_CRLThisUpdate = 302, kPGPKeyProperty_CRLNextUpdate = 303, /* Key data (variable sized) properties */ kPGPKeyProperty_Fingerprint = 401, kPGPKeyProperty_KeyID = 402, kPGPKeyProperty_PreferredAlgorithms = 403, kPGPKeyProperty_ThirdPartyRevocationKeyID = 404, kPGPKeyProperty_KeyData = 405, kPGPKeyProperty_X509MD5Hash = 406, kPGPKeyProperty_PreferredKeyServer = 407, kPGPKeyProperty_PreferredCompressionAlgorithms = 408, /* SubKey boolean properties */ kPGPSubKeyProperty_IsRevoked = 501, kPGPSubKeyProperty_IsNotCorrupt = 502, kPGPSubKeyProperty_IsExpired = 503, kPGPSubKeyProperty_NeedsPassphrase = 504, kPGPSubKeyProperty_HasUnverifiedRevocation = 505, kPGPSubKeyProperty_IsRevocable = 506, kPGPSubKeyProperty_HasThirdPartyRevocation = 507, kPGPSubKeyProperty_IsOnToken = 508, /* SubKey numeric properties */ kPGPSubKeyProperty_AlgorithmID = 600, kPGPSubKeyProperty_Bits = 601, kPGPSubKeyProperty_LockingAlgorithmID = 602, kPGPSubKeyProperty_LockingBits = 603, kPGPSubKeyProperty_Version = 604, kPGPSubKeyProperty_Flags = 605, /* SubKey time properties */ kPGPSubKeyProperty_Creation = 700, kPGPSubKeyProperty_Expiration = 701, /* SubKey data (variable sized) properties */ kPGPSubKeyProperty_KeyData = 800, kPGPSubKeyProperty_KeyID = 801, /* User ID boolean properties */ kPGPUserIDProperty_IsAttribute = 900, kPGPUserIDProperty_IsRevoked = 901, /* User ID numeric properties */ kPGPUserIDProperty_Validity = 1000, kPGPUserIDProperty_Confidence = 1001, kPGPUserIDProperty_AttributeType = 1002, /* No User ID time properties */ /* User ID data (variable sized) properties */ kPGPUserIDProperty_Name = 1200, kPGPUserIDProperty_AttributeData = 1201, kPGPUserIDProperty_CommonName = 1202, kPGPUserIDProperty_EmailAddress = 1203, kPGPUserIDProperty_SMIMEPreferredAlgorithms = 1204, /* Signature boolean properties */ kPGPSigProperty_IsRevoked = 1300, kPGPSigProperty_IsNotCorrupt = 1301, kPGPSigProperty_IsTried = 1302, kPGPSigProperty_IsVerified = 1303, kPGPSigProperty_IsMySig = 1304, kPGPSigProperty_IsExportable = 1305, kPGPSigProperty_HasUnverifiedRevocation = 1306, kPGPSigProperty_IsExpired = 1307, kPGPSigProperty_IsX509 = 1308, /* Signature numeric properties */ kPGPSigProperty_AlgorithmID = 1400, kPGPSigProperty_TrustLevel = 1401, kPGPSigProperty_TrustValue = 1402, /* Signature time properties */ kPGPSigProperty_Creation = 1500, kPGPSigProperty_Expiration = 1501, /* Signature data (variable sized) properties */ kPGPSigProperty_KeyID = 1600, kPGPSigProperty_X509Certificate = 1601, kPGPSigProperty_X509IASN = 1602, kPGPSigProperty_X509LongName = 1603, kPGPSigProperty_X509IssuerLongName = 1604, kPGPSigProperty_X509DNSName = 1605, kPGPSigProperty_X509IPAddress = 1606, kPGPSigProperty_X509DERDName = 1607, kPGPSigProperty_RegularExpression = 1608, PGP_ENUM_FORCE( PGPKeyDBObjProperty_ ) } ; PGPENUM_TYPEDEF( PGPKeyDBObjProperty_, PGPKeyDBObjProperty ); /* For kPGPKeyProperty_Version */ enum PGPKeyVersion_ { kPGPKeyVersion_V3 = 3, kPGPKeyVersion_V4 = 4, PGP_ENUM_FORCE( PGPKeyVersion_ ) } ; PGPENUM_TYPEDEF( PGPKeyVersion_, PGPKeyVersion ); /* kPGPKeyPropFlags bits */ enum /* PGPKeyPropertyFlags */ { kPGPKeyPropertyFlags_UsageSignUserIDs = (1UL << 0 ), kPGPKeyPropertyFlags_UsageSignMessages = (1UL << 1 ), kPGPKeyPropertyFlags_UsageEncryptCommunications = (1UL << 2 ), kPGPKeyPropertyFlags_UsageEncryptStorage = (1UL << 3 ), kPGPKeyPropertyFlags_PrivateSplit = (1UL << 4 ), kPGPKeyPropertyFlags_PrivateShared = (1UL << 7 ) } ; typedef PGPFlags PGPKeyPropertyFlags; #define kPGPKeyPropertyFlags_UsageSign \ (kPGPKeyPropertyFlags_UsageSignUserIDs | \ kPGPKeyPropertyFlags_UsageSignMessages) #define kPGPKeyPropertyFlags_UsageEncrypt \ (kPGPKeyPropertyFlags_UsageEncryptCommunications | \ kPGPKeyPropertyFlags_UsageEncryptStorage) #define kPGPKeyPropertyFlags_UsageSignEncrypt \ (kPGPKeyPropertyFlags_UsageSign | \ kPGPKeyPropertyFlags_UsageEncrypt) /* Attribute types, for use with kPGPUserIDPropAttributeType */ enum PGPAttributeType_ { kPGPAttribute_Image = 1, kPGPAttribute_IPAddress = 10, kPGPAttribute_DNSName = 11, kPGPAttribute_Notation = 20, PGP_ENUM_FORCE( PGPAttributeType_ ) } ; PGPENUM_TYPEDEF( PGPAttributeType_, PGPAttributeType ); /* kPGPKeyPropFlags bits */ enum /* PGPKeyServerPreferencesFlags */ { kPGPKeyServerPreferences_NoModify = (1UL << 7 ) } ; typedef PGPFlags PGPKeyServerPreferencesFlags; /* Implementation features like Modification Detection support */ enum { kPGPKeyFeatures_ModificationDetection = 1 } ; typedef PGPFlags PGPKeyFeaturesFlags; /* Key DB object types for the property kPGPKeyDBObjProperty_ObjectType */ enum PGPKeyDBObjType_ { kPGPKeyDBObjType_Invalid = 0, kPGPKeyDBObjType_Key = (1UL << 0), kPGPKeyDBObjType_SubKey = (1UL << 1), kPGPKeyDBObjType_UserID = (1UL << 2), kPGPKeyDBObjType_Signature = (1UL << 3), #ifdef __MVS__ kPGPKeyDBObjType_Any = -1, #else kPGPKeyDBObjType_Any = 0xFFFFFFFF, #endif PGP_ENUM_FORCE( PGPKeyDBObjType_ ) } ; PGPENUM_TYPEDEF( PGPKeyDBObjType_, PGPKeyDBObjType ); /* * Used by filtering functions to specify type of match. */ enum PGPMatchCriterion_ { kPGPMatchCriterion_Equal = 1, /* searched == val */ kPGPMatchCriterion_GreaterOrEqual = 2, /* searched >= val */ kPGPMatchCriterion_LessOrEqual = 3, /* searched <= val */ kPGPMatchCriterion_SubString = 4, /* searched is contained in supplied */ PGP_ENUM_FORCE( PGPMatchCriterion_ ) } ; PGPENUM_TYPEDEF( PGPMatchCriterion_, PGPMatchCriterion ); /* This is the value of the expiration time which means "never expires" */ #define kPGPExpirationTime_Never ( (PGPTime)0 ) enum PGPOpenKeyDBFileOptions_ { kPGPOpenKeyDBFileOptions_None = 0, kPGPOpenKeyDBFileOptions_Mutable = (1UL << 0 ), kPGPOpenKeyDBFileOptions_Create = (1UL << 1 ), PGP_ENUM_FORCE( PGPOpenKeyDBFileOptions_ ) } ; PGPENUM_TYPEDEF( PGPOpenKeyDBFileOptions_, PGPOpenKeyDBFileOptions ); /* Public entry points */ PGP_BEGIN_C_DECLARATIONS /*____________________________________________________________________________ Key DB functions ____________________________________________________________________________*/ /* Creat a new, in-memory temporary key DB */ PGPError PGPNewKeyDB( PGPContextRef context, PGPKeyDBRef *keyDBRef ); /* Open a (possibly) existing key ring pair on disk */ PGPError PGPOpenKeyDBFile( PGPContextRef context, PGPOpenKeyDBFileOptions options, PGPFileSpecRef pubKeysFileSpec, PGPFileSpecRef privKeysFileSpec, PGPKeyDBRef *keyDBRef ); PGPError PGPFreeKeyDB( PGPKeyDBRef keyDBRef ); PGPError PGPFlushKeyDB( PGPKeyDBRef keyDBRef ); PGPError PGPIncKeyDBRefCount( PGPKeyDBRef keyDBRef ); PGPBoolean PGPKeyDBIsMutable( PGPKeyDBRef keyDBRef ); PGPError PGPFindKeyByKeyID( PGPKeyDBRef keyDBRef, const PGPKeyID * keyID, PGPKeyDBObjRef *keyRef); PGPError PGPCountKeysInKeyDB( PGPKeyDBRef keyDBRef, PGPUInt32 *numKeys ); PGPError PGPKeyDBIsUpdated( PGPKeyDBRef keyDBRef, PGPBoolean *isUpdated ); /* Cache a keydb in memory for specified number of seconds */ PGPError PGPCacheKeyDB( PGPKeyDBRef keyDBRef, PGPUInt32 timeoutSeconds ); /* Remove all cached keydbs from memory */ PGPError PGPPurgeKeyDBCache( PGPContextRef context ); /*____________________________________________________________________________ Key set functions ____________________________________________________________________________*/ /* Create a new key set containing all of the keys in the key DB */ PGPError PGPNewKeySet( PGPKeyDBRef keyDB, PGPKeySetRef *keySet ); /* Create a new, empty key set */ PGPError PGPNewEmptyKeySet( PGPKeyDBRef keyDB, PGPKeySetRef *keySet ); /* Create a new key set containing a single key */ PGPError PGPNewOneKeySet( PGPKeyDBObjRef key, PGPKeySetRef *keySet ); /* Like PGPNewKeySet but allows certain stub key objects */ PGPError PGPNewEmptyInclusiveKeySet( PGPKeyDBRef keyDB, PGPKeySetRef *pset ); /* Like PGPNewOneKeySet but allows certain stub key objects */ PGPError PGPNewOneInclusiveKeySet( PGPKeyDBObjRef key, PGPKeySetRef *keySet ); PGPError PGPFreeKeySet( PGPKeySetRef keys); PGPError PGPIncKeySetRefCount( PGPKeySetRef keys); PGPBoolean PGPKeySetIsMember( PGPKeyDBObjRef key, PGPKeySetRef set ); PGPError PGPCountKeys( PGPKeySetRef keys, PGPUInt32 *numKeys ); PGPError PGPAddKey( PGPKeyDBObjRef keyToAdd, PGPKeySetRef set ); PGPError PGPAddKeys( PGPKeySetRef keysToAdd, PGPKeySetRef set ); PGPKeyDBRef PGPPeekKeySetKeyDB( PGPKeySetRef keySet ); PGPKeySetRef PGPPeekKeyDBRootKeySet( PGPKeyDBRef keyDB ); /*____________________________________________________________________________ Key DB object properties ____________________________________________________________________________*/ PGPError PGPGetKeyDBObjBooleanProperty( PGPKeyDBObjRef key, PGPKeyDBObjProperty whichProperty, PGPBoolean *prop ); PGPError PGPGetKeyDBObjNumericProperty( PGPKeyDBObjRef key, PGPKeyDBObjProperty whichProperty, PGPInt32 *prop ); PGPError PGPGetKeyDBObjTimeProperty( PGPKeyDBObjRef key, PGPKeyDBObjProperty whichProperty, PGPTime *prop); /* ** Get the data for a binary property. Returns kPGPError_BufferTooSmall if ** the buffer is too small. Both buffer and dataSize can be NULL. */ #undef PGPGetKeyDBObjDataProperty PGPError PGPGetKeyDBObjDataProperty( PGPKeyDBObjRef key, PGPKeyDBObjProperty whichProperty, void *buffer, PGPSize bufferSize, PGPSize *dataSize); /* ** Get the data for a binary property using an allocated output buffer. The ** allocated buffer must be freed with PGPFreeData(). For convenience, the ** allocated buffer is null-terminated. The terminating null byte is NOT included ** is the output dataSize parameter. */ PGPError PGPGetKeyDBObjAllocatedDataProperty( PGPKeyDBObjRef key, PGPKeyDBObjProperty whichProperty, void **buffer, PGPSize *dataSize); PGPError PGPSetKeyEnabled( PGPKeyDBObjRef key, PGPBoolean enable ); PGPError PGPSetKeyAxiomatic( PGPKeyDBObjRef key, PGPBoolean setAxiomatic, PGPOptionListRef firstOption, ...); /*____________________________________________________________________________ Key DB object property convenience functions ____________________________________________________________________________*/ /* Get the key ID of a key or subkey key DB object */ PGPError PGPGetKeyID( PGPKeyDBObjRef key, PGPKeyID *keyID ); PGPError PGPGetPrimaryUserID( PGPKeyDBObjRef key, PGPKeyDBObjRef *outRef ); PGPError PGPGetPrimaryAttributeUserID (PGPKeyDBObjRef key, PGPAttributeType attributeType, PGPKeyDBObjRef *outRef); PGPError PGPGetPrimaryUserIDValidity(PGPKeyDBObjRef key, PGPValidity *validity); PGPError PGPGetPrimaryUserIDName(PGPKeyDBObjRef key, void *buffer, PGPSize bufferSize, PGPSize *dataSize); PGPError PGPGetKeyForUsage( PGPKeyDBObjRef key, PGPUInt32 usageFlags, PGPKeyDBObjRef *outRef ); /*____________________________________________________________________________ Key filters ____________________________________________________________________________*/ PGPError PGPNewKeyDBObjBooleanFilter( PGPContextRef context, PGPKeyDBObjProperty whichProperty, PGPBoolean match, PGPFilterRef *outFilter ); PGPError PGPNewKeyDBObjNumericFilter( PGPContextRef context, PGPKeyDBObjProperty whichProperty, PGPUInt32 matchValue, PGPMatchCriterion matchCriteria, PGPFilterRef *outFilter ); PGPError PGPNewKeyDBObjTimeFilter( PGPContextRef context, PGPKeyDBObjProperty whichProperty, PGPTime matchValue, PGPMatchCriterion matchCriteria, PGPFilterRef *outFilter ); PGPError PGPNewKeyDBObjDataFilter( PGPContextRef context, PGPKeyDBObjProperty whichProperty, const void *matchData, PGPSize matchDataSize, PGPMatchCriterion matchCriteria, PGPFilterRef *outFilter ); PGPError PGPFreeFilter( PGPFilterRef filter ); PGPError PGPIncFilterRefCount( PGPFilterRef filter ); PGPError PGPFilterChildObjects( PGPFilterRef filter, PGPBoolean filterChildren ); /* freeing outfilter will call PGPFreeFilter on filter */ PGPError PGPNegateFilter( PGPFilterRef filter, PGPFilterRef *outFilter); /* freeing outfilter will call PGPFreeFilter on filter1, filter2 */ PGPError PGPIntersectFilters( PGPFilterRef filter1, PGPFilterRef filter2, PGPFilterRef *outFilter); /* freeing outfilter will call PGPFreeFilter on filter1, filter2 */ PGPError PGPUnionFilters( PGPFilterRef filter1, PGPFilterRef filter2, PGPFilterRef *outFilter); PGPError PGPFilterKeySet( PGPKeySetRef origSet, PGPFilterRef filter, PGPKeySetRef *resultSet ); PGPError PGPFilterKeyDB( PGPKeyDBRef keyDB, PGPFilterRef filter, PGPKeySetRef *resultSet ); /* Keyserver filter functions */ #undef PGPLDAPQueryFromFilter PGPError PGPLDAPQueryFromFilter( PGPFilterRef filter, PGPChar8 **queryOut ); #undef PGPLDAPX509QueryFromFilter PGPError PGPLDAPX509QueryFromFilter( PGPFilterRef filter, PGPChar8 **queryOut ); #undef PGPHKSQueryFromFilter PGPError PGPHKSQueryFromFilter( PGPFilterRef filter, PGPChar8 **queryOut ); #undef PGPNetToolsCAHTTPQueryFromFilter PGPError PGPNetToolsCAHTTPQueryFromFilter( PGPFilterRef filter, PGPChar8 **queryOut ); /*____________________________________________________________________________ Key/signature validation ____________________________________________________________________________*/ PGPError PGPCalculateTrust( PGPKeySetRef keySet, PGPKeyDBRef optionalKeyDB); PGPError PGPCheckKeyRingSigs( PGPKeySetRef keysToCheck, PGPKeyDBRef optionalSigningKeyDB, PGPBoolean checkAll, PGPEventHandlerProcPtr eventHandler, PGPUserValue eventHandlerData ); /*____________________________________________________________________________ Key DB object creation/deletion ____________________________________________________________________________*/ PGPError PGPGenerateKey( PGPContextRef context, PGPKeyDBObjRef *key, PGPOptionListRef firstOption, ...); PGPError PGPGenerateSubKey( PGPContextRef context, PGPKeyDBObjRef *subkey, PGPOptionListRef firstOption, ...); PGPUInt32 PGPGetKeyEntropyNeeded( PGPContextRef context, PGPOptionListRef firstOption, ...); #undef PGPAddUserID PGPError PGPAddUserID( PGPKeyDBObjRef key, PGPChar8 const *userID, PGPOptionListRef firstOption, ...); PGPError PGPAddAttributeUserID( PGPKeyDBObjRef key, PGPAttributeType attributeType, PGPByte *attributeData, PGPSize attributeLength, PGPOptionListRef firstOption, ...); PGPError PGPCertifyUserID( PGPKeyDBObjRef userID, PGPKeyDBObjRef certifyingKey, PGPOptionListRef firstOption, ...); PGPError PGPCopyKeyDBObj( PGPKeyDBObjRef keyDBObj, PGPKeyDBRef destKeyDB, PGPKeyDBObjRef *destKeyDBObj ); PGPError PGPCopyKeys( PGPKeySetRef keySet, PGPKeyDBRef destKeyDB, PGPKeySetRef *destKeySet ); PGPError PGPDeleteKeyDBObj( PGPKeyDBObjRef keyDBObj ); PGPError PGPDeleteKeys( PGPKeySetRef keySet ); /*____________________________________________________________________________ Key manipulation ____________________________________________________________________________*/ PGPError PGPSetPrimaryUserID( PGPKeyDBObjRef userID, PGPOptionListRef firstOption, ...); PGPError PGPGetSigCertifierKey( PGPKeyDBObjRef cert, PGPKeyDBRef searchKeyDB, PGPKeyDBObjRef *certkey); PGPError PGPGetSigX509CertifierSig( PGPKeyDBObjRef cert, PGPKeyDBRef searchKeyDB, PGPKeyDBObjRef *certsig); PGPError PGPGetSigX509TopSig( PGPKeyDBObjRef sig, PGPKeyDBRef otherdb, PGPKeyDBRef cadb, PGPBoolean *knownCA, PGPKeyDBObjRef *certsig ); PGPError PGPGetKnownX509CAs( PGPContextRef context, PGPKeyDBRef *keydbout ); PGPError PGPX509MatchNetworkName( PGPKeyDBObjRef sig, const PGPByte *networkName, PGPBoolean *matched ); PGPError PGPCountAdditionalRecipientRequests( PGPKeyDBObjRef basekey, PGPUInt32 * numARKeys); PGPError PGPGetIndexedAdditionalRecipientRequestKey( PGPKeyDBObjRef basekey, PGPUInt32 nth, PGPKeyDBObjRef *arkey, PGPKeyID *arkeyid, PGPByte *arclass ); PGPError PGPGetAdditionalRecipientRequests( PGPKeyDBObjRef basekey, PGPKeySetRef keySet ); PGPError PGPCountRevocationKeys( PGPKeyDBObjRef basekey, PGPUInt32 * numRevKeys); PGPError PGPGetIndexedRevocationKey( PGPKeyDBObjRef basekey, PGPUInt32 nth, PGPKeyDBObjRef *revkey, PGPKeyID *revkeyid ); PGPError PGPGetRevocationKeys( PGPKeyDBObjRef basekey, PGPKeySetRef keySet ); PGPError PGPGetCRLDistributionPoints( PGPKeyDBObjRef cakey, PGPUInt32 *pnDistPoints, PGPByte **pDpoints, PGPSize **pdpointLengths ); PGPError PGPGetCRLDistributionPointsPrintable( PGPKeyDBObjRef cakey, PGPUInt32 *pnDistPoints, PGPByte **pDpoints ); PGPError PGPExport( PGPContextRef context, PGPOptionListRef firstOption, ... ); PGPError PGPImport( PGPContextRef context, PGPKeyDBRef *importedKeysDB, PGPOptionListRef firstOption, ...); PGPError PGPRevokeSig( PGPKeyDBObjRef cert, PGPOptionListRef firstOption, ...); PGPError PGPRevoke( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); PGPError PGPChangePassphrase( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); PGPBoolean PGPPassphraseIsValid( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); PGPError PGPPurgePassphraseCache( PGPContextRef context ); PGPError PGPCountCachedPassphrases( PGPContextRef context, PGPUInt32 *pnLocal, PGPUInt32 *pnGlobal, PGPUInt32 *pnOtherLocal ); PGPBoolean PGPTokenAuthIsValid( PGPContextRef context, PGPOptionListRef firstOption, ... ); /* * Trust values for PGPSetKeyTrust and kPGPKeyPropTrust property: * * kPGPKeyTrust_Undefined (do not pass to PGPSetKeyTrust) * kPGPKeyTrust_Unknown (unknown) * kPGPKeyTrust_Never (never) * kPGPKeyTrust_Marginal (sometimes) * kPGPKeyTrust_Complete (always) * kPGPKeyTrust_Ultimate (do not pass to PGPSetKeyTrust) */ PGPError PGPSetKeyTrust( PGPKeyDBObjRef key, PGPUInt32 trust); PGPInt32 PGPCompareKeys( PGPKeyDBObjRef a, PGPKeyDBObjRef b, PGPKeyOrdering order ); #undef PGPCompareUserIDStrings PGPInt32 PGPCompareUserIDStrings(PGPChar8 const *a, PGPChar8 const *b); /*____________________________________________________________________________ Key lists ____________________________________________________________________________*/ PGPError PGPOrderKeySet( PGPKeySetRef src, PGPKeyOrdering order, PGPBoolean reverseOrder, PGPKeyListRef *outRef ); PGPError PGPIncKeyListRefCount( PGPKeyListRef keys); PGPError PGPFreeKeyList( PGPKeyListRef keys ); /*____________________________________________________________________________ Key list iteration ____________________________________________________________________________*/ PGPError PGPNewKeyIter( PGPKeyListRef keys, PGPKeyIterRef *outRef); PGPError PGPNewKeyIterFromKeySet( PGPKeySetRef keys, PGPKeyIterRef *outRef); PGPError PGPNewKeyIterFromKeyDB( PGPKeyDBRef keyDB, PGPKeyIterRef *outRef); PGPError PGPCopyKeyIter( PGPKeyIterRef orig, PGPKeyIterRef *outRef); PGPError PGPFreeKeyIter( PGPKeyIterRef iter); PGPInt32 PGPKeyIterIndex( PGPKeyIterRef iter); PGPError PGPKeyIterRewind( PGPKeyIterRef iter, PGPKeyDBObjType objectType); PGPInt32 PGPKeyIterSeek( PGPKeyIterRef iter, PGPKeyDBObjRef key); PGPError PGPKeyIterMove( PGPKeyIterRef iter, PGPInt32 relOffset, PGPKeyDBObjRef *outRef); PGPError PGPKeyIterNextKeyDBObj( PGPKeyIterRef iter, PGPKeyDBObjType objectType, PGPKeyDBObjRef *outRef); PGPError PGPKeyIterPrevKeyDBObj( PGPKeyIterRef iter, PGPKeyDBObjType objectType, PGPKeyDBObjRef *outRef); PGPError PGPKeyIterGetKeyDBObj( PGPKeyIterRef iter, PGPKeyDBObjType objectType, PGPKeyDBObjRef *outRef); /*____________________________________________________________________________ Get/set user value ____________________________________________________________________________*/ PGPError PGPSetKeyDBObjUserValue( PGPKeyDBObjRef key, PGPUserValue userValue); PGPError PGPGetKeyDBObjUserValue( PGPKeyDBObjRef key, PGPUserValue *userValue); /* Passphrase conversion to passkeybuffer */ /* The size of the output buffer is from the kPGPKeyPropLockingBits property */ PGPError PGPGetPasskeyBuffer ( PGPKeyDBObjRef key, void *passkeyBuffer, PGPOptionListRef firstOption,...); /* Change key options which are stored in self signatures internally */ PGPError PGPAddKeyOptions( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); PGPError PGPRemoveKeyOptions( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); PGPError PGPUpdateKeyOptions( PGPKeyDBObjRef key, PGPOptionListRef firstOption, ...); /*____________________________________________________________________________ Key IDs ____________________________________________________________________________*/ PGPError PGPNewKeyID( const PGPByte *keyIDBytes, PGPSize numKeyIDBytes, PGPPublicKeyAlgorithm pkalg, PGPKeyID *id ); #undef PGPNewKeyIDFromString PGPError PGPNewKeyIDFromString( const PGPChar8 *string, PGPPublicKeyAlgorithm pkalg, PGPKeyID *id ); PGPError PGPGetKeyIDAlgorithm( const PGPKeyID *keyID, PGPPublicKeyAlgorithm *pkalg ); enum PGPKeyIDStringType_ { kPGPKeyIDString_Abbreviated = 1, kPGPKeyIDString_Full = 2, PGP_ENUM_FORCE( PGPKeyIDStringType_ ) }; PGPENUM_TYPEDEF( PGPKeyIDStringType_, PGPKeyIDStringType ); #define kPGPMaxKeyIDStringSize ( 127 + 1 ) #undef PGPGetKeyIDString PGPError PGPGetKeyIDString( PGPKeyID const * ref, PGPKeyIDStringType type, PGPChar8 outString[ kPGPMaxKeyIDStringSize ] ); /* returns 0 if equal, -1 if key1 < key2, 1 if key1 > key2 */ PGPInt32 PGPCompareKeyIDs( PGPKeyID const * key, PGPKeyID const * key2); /*____________________________________________________________________________ Token functions ____________________________________________________________________________*/ PGPError PGPCountTokens( PGPContextRef context, PGPUInt32 *numTokens ); PGPError PGPDeleteKeyOnToken( PGPKeyDBObjRef key, PGPUInt32 tokNumber /*-1 for any token*/, const PGPByte *pin, PGPSize pinLen ); PGPError PGPWipeToken( PGPContextRef context, PGPUInt32 tokNumber, PGPByte const *passphrase, PGPSize passphraseLength ); PGPError PGPFormatToken( PGPContextRef context, PGPUInt32 tokNumber, PGPByte const * adminPin, PGPSize adminPinLen, PGPByte const * newUserPin, PGPSize newUserPinLen ); PGPError PGPTokenPassphraseIsValid( PGPContextRef context, PGPUInt32 tokNumber, PGPByte const *passphrase, PGPSize passphraseLength ); #undef PGPSetPKCS11DrvFile PGPError PGPSetPKCS11DrvFile( PGPChar8 *module ); PGPError PGPSyncTokenKeys( PGPContextRef context, PGPUInt32 tokenNum, PGPKeyDBRef destKeyDB, PGPBoolean *hadChanges ); PGPError PGPGetTokenInfoBooleanProperty( PGPContextRef context, PGPUInt32 tokenNumber, PGPTokenProperty prop, PGPBoolean *value ); PGPError PGPGetTokenInfoNumericProperty( PGPContextRef context, PGPUInt32 tokenNumber, PGPTokenProperty prop, PGPUInt32 *value ); #undef PGPGetTokenInfoDataProperty PGPError PGPGetTokenInfoDataProperty( PGPContextRef context, PGPUInt32 tokenNumber, PGPTokenProperty prop, void *value, PGPSize size, PGPSize *sizeout ); /* Deprecated, use PGPGetTokenInfo*() */ PGPError PGPGetTokenInfo( PGPContextRef context, PGPUInt32 tokNumber, PGPTokenInfo *tokenInfo); /*____________________________________________________________________________ Getting contexts back from key related items. ____________________________________________________________________________*/ PGPContextRef PGPPeekKeyDBContext( PGPKeyDBRef ref ); PGPContextRef PGPPeekKeyDBObjContext( PGPKeyDBObjRef ref ); PGPContextRef PGPPeekKeyListContext( PGPKeyListRef ref ); PGPContextRef PGPPeekKeySetContext( PGPKeySetRef ref ); PGPContextRef PGPPeekKeyIterContext( PGPKeyIterRef ref ); /*____________________________________________________________________________ Getting parent objects from key related items. If the input is invalid, you get kInvalidPGPKeyDBObjRef back. ____________________________________________________________________________*/ PGPKeyDBRef PGPPeekKeyDBObjKeyDB( PGPKeyDBObjRef ref ); PGPKeyDBObjRef PGPPeekKeyDBObjKey( PGPKeyDBObjRef ref ); PGPKeyDBObjRef PGPPeekKeyDBObjUserID( PGPKeyDBObjRef ref ); /*____________________________________________________________________________ Secret sharing functionality ____________________________________________________________________________*/ PGPError PGPSecretShareData(PGPContextRef context, void const * input, PGPSize inputBytes, PGPUInt32 threshold, PGPUInt32 nShares, void * output); PGPError PGPSecretReconstructData(PGPContextRef context, void * input, PGPSize outputBytes, PGPUInt32 nShares, void * output); /*____________________________________________________________________________ X509 certificate specific ____________________________________________________________________________*/ PGPError PGPVerifyX509CertificateChain (PGPContextRef context, PGPByte *certchain, PGPByte *rootcerts); #undef PGPCreateDistinguishedName PGPError PGPCreateDistinguishedName( PGPContextRef context, PGPChar8 const *str, PGPByte **pdname, PGPSize *pdnamelen ); PGPError PGPCreateX509Certificate(PGPKeyDBObjRef signingSig, PGPKeyDBObjRef signedKey, PGPKeyDBObjRef *newSig, PGPOptionListRef firstOption, ...); /* Pass PKCS-10 format request in PGPOInput.... */ PGPError PGPCreateX509CertificateFromRequest(PGPKeyDBObjRef signingSig, PGPKeyDBObjRef *newSig, PGPOptionListRef firstOption, ...); PGPError PGPCreateSelfSignedX509Certificate(PGPKeyDBObjRef signingKey, PGPKeyDBObjRef *newSig, PGPOptionListRef firstOption, ...); PGPError PGPCreateX509CRL(PGPKeyDBObjRef signingKey, PGPKeySetRef revokedSigs, PGPOptionListRef firstOption, ...); PGP_END_C_DECLARATIONS #endif /* ] Included_pgpKeys_h */ /*__Editor_settings____ Local Variables: tab-width: 4 End: vi: ts=4 sw=4 vim: si _____________________*/