| RIM Crypto API: Adding New Certificates to the API |
Certificates provide a means of transmitting public keys in a package that can be signed for authenticity by a Certificate Authority (CA) and subsequently verified by a third party. They ensure that, on the authority of the CA, the public key belongs to the entity claiming ownership.
Adding Certificates
The process of adding certificates to the Crypto API is more involved that simply providing support for another encoding format. There are several steps that must be taken:
Certificate
interface must be implemented.PublicKeyEncoder and PublicKeyDecoder classes must be provided for
the public keys that the new certificate format will use.SignatureEncoder and SigantureDecoder classes. The Certificate class provides the base interface for all certificates and the
ability to retrieve the public key, verify the certificate, and check for validity, among
other features. To implement a specific certificate, simply implement the interface and
provide all the code necessary to process and format it. An example of a certificate is
the X509Certificate.
Since certificates contain public keys, there must be PublicKeyEncoders and
PublicKeyDecoders associated with the certificate that provide the encoding
in the expected format. An example of such encoders for the X.509 certificate would be the
X509_EC_PublicKeyEncoder and X509_EC_PublicKeyDecoder classes.
Note that these encoders follow the naming scheme described in
Adding Encoding Schemes to the API, with the algorithm name preceding the rest of the
class name with an underscore. Any given key type that can be used in the certificate must have
an associated encoder and decoder for that given encoding algorithm.
Finally, signature encoding and decoding classes must be provided for verification of
the certificate's signature. Once again, an example is the X.509 implementation of
the X509_SignatureEncoder and X509_SignatureDecoder classes.