QCA Namespace Reference

QCA - the Qt Cryptographic Architecture. More...


Classes

class  AbstractLogDevice
 An abstract log device. More...
class  Algorithm
 General superclass for an algorithm. More...
class  Base64
 Base64 encoding / decoding More...
class  BasicContext
 Base class to use for primitive provider contexts. More...
class  BigInteger
 Arbitrary precision integer. More...
class  BufferedComputation
 General superclass for buffered computation algorithms. More...
class  CAContext
 X.509 certificate authority provider. More...
class  CertBase
 X.509 certificate and certificate request provider base. More...
class  CertCollectionContext
 X.509 certificate collection provider. More...
class  CertContext
 X.509 certificate provider. More...
class  CertContextProps
 X.509 certificate or certificate request properties. More...
class  Certificate
 Public Key (X.509) certificate. More...
class  CertificateAuthority
 A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs). More...
class  CertificateChain
 A chain of related Certificates. More...
class  CertificateCollection
 Bundle of Certificates and CRLs. More...
class  CertificateInfoOrdered
 Ordered certificate properties type. More...
class  CertificateInfoPair
 One entry in a certificate information list. More...
class  CertificateInfoType
 Certificate information type. More...
class  CertificateOptions
 Certificate options More...
class  CertificateRequest
 Certificate Request More...
class  Cipher
 General class for cipher (encryption / decryption) algorithms. More...
class  CipherContext
 Cipher provider. More...
class  CMS
 Cryptographic Message Syntax messaging system. More...
class  Console
 QCA Console system More...
class  ConsolePrompt
 Console prompt handler. More...
class  ConsoleReference
 Manager for a Console. More...
class  ConstraintType
 Certificate constraint. More...
class  CRL
 Certificate Revocation List More...
class  CRLContext
 X.509 certificate revocation list provider. More...
class  CRLContextProps
 X.509 certificate revocation list properties. More...
class  CRLEntry
 Part of a CRL representing a single certificate. More...
class  CSRContext
 X.509 certificate request provider. More...
class  DHContext
 Diffie-Hellman provider. More...
class  DHPrivateKey
 Diffie-Hellman Private Key. More...
class  DHPublicKey
 Diffie-Hellman Public Key. More...
class  DirWatch
 Support class to monitor a directory for activity. More...
class  DLGroup
 A discrete logarithm group. More...
class  DLGroupContext
 Discrete logarithm provider. More...
class  DSAContext
 DSA provider. More...
class  DSAPrivateKey
 Digital Signature Algorithm Private Key. More...
class  DSAPublicKey
 Digital Signature Algorithm Public Key. More...
class  Event
 An asynchronous event. More...
class  EventHandler
 Interface class for password / passphrase / PIN and token handlers. More...
class  FileWatch
 Support class to monitor a file for activity. More...
class  Filter
 General superclass for filtering transformation algorithms. More...
class  Hash
 General class for hashing algorithms. More...
class  HashContext
 Hash provider. More...
class  Hex
 Hexadecimal encoding / decoding. More...
class  InfoContext
 Extended provider information. More...
class  InitializationVector
 Container for initialisation vectors and nonces. More...
class  Initializer
 Convenience method for initialising and cleaning up QCA. More...
class  KDFContext
 Key derivation function provider. More...
class  KeyBundle
 Certificate chain and private key pair. More...
class  KeyDerivationFunction
 General superclass for key derivation algorithms. More...
class  KeyGenerator
 Class for generating asymmetric key pairs. More...
class  KeyLength
 Simple container for acceptable key lengths. More...
class  KeyLoader
 Asynchronous private key loader. More...
class  KeyStore
 General purpose key storage object. More...
class  KeyStoreEntry
 Single entry in a KeyStore. More...
class  KeyStoreEntryContext
 KeyStoreEntry provider. More...
class  KeyStoreEntryWatcher
 Class to monitor the availability of a KeyStoreEntry. More...
class  KeyStoreInfo
 Key store information, outside of a KeyStore object. More...
class  KeyStoreListContext
 KeyStore provider. More...
class  KeyStoreManager
 Access keystores, and monitor keystores for changes. More...
class  Logger
 A simple logging system. More...
class  MACContext
 Message authentication code provider. More...
class  MemoryRegion
 Array of bytes that may be optionally secured. More...
class  MessageAuthenticationCode
 General class for message authentication code (MAC) algorithms. More...
class  MessageContext
 SecureMessage provider. More...
class  OpenPGP
 Pretty Good Privacy messaging system. More...
class  PasswordAsker
 User password / passphrase / PIN handler. More...
class  PBKDF1
 Password based key derivation function version 1. More...
class  PBKDF2
 Password based key derivation function version 2. More...
class  PGPKey
 Pretty Good Privacy key. More...
class  PGPKeyContext
 OpenPGP key provider. More...
class  PGPKeyContextProps
 OpenPGP key properties. More...
class  PKCS12Context
 PKCS#12 provider. More...
class  PKey
 General superclass for public (PublicKey) and private (PrivateKey) keys used with asymmetric encryption techniques. More...
class  PKeyBase
 Public key implementation provider base. More...
class  PKeyContext
 Public key container provider. More...
class  PrivateKey
 Generic private key. More...
class  Provider
 Algorithm provider. More...
class  PublicKey
 Generic public key. More...
class  QPipe
 A FIFO buffer (named pipe) abstraction. More...
class  QPipeDevice
 Unbuffered direct pipe. More...
class  QPipeEnd
 A buffered higher-level pipe end. More...
class  Random
 Source of random numbers. More...
class  RandomContext
 Random provider. More...
class  RSAContext
 RSA provider. More...
class  RSAPrivateKey
 RSA Private Key. More...
class  RSAPublicKey
 RSA Public Key. More...
class  SASL
 Simple Authentication and Security Layer protocol implementation. More...
class  SASLContext
 SASL provider. More...
class  SecureArray
 Secure array of bytes. More...
class  SecureLayer
 Abstract interface to a security layer. More...
class  SecureMessage
 Class representing a secure message. More...
class  SecureMessageKey
 Key for SecureMessage system. More...
class  SecureMessageSignature
 SecureMessage signature. More...
class  SecureMessageSystem
 Abstract superclass for secure messaging systems. More...
class  SMSContext
 SecureMessageSystem provider. More...
class  SymmetricKey
 Container for keys for symmetric encryption algorithms. More...
class  Synchronizer
 Enable synchronization between two threads. More...
class  SyncThread
 Convenience class to run a thread and interact with it synchronously. More...
class  TextFilter
 Superclass for text based filtering algorithms. More...
class  TLS
 Transport Layer Security / Secure Socket Layer. More...
class  TLSContext
 TLS provider. More...
class  TLSSession
 Session token, used for TLS resuming. More...
class  TLSSessionContext
 TLS "session" provider. More...
class  TokenAsker
 User token handler. More...

Typedefs

typedef QMultiMap
< CertificateInfoType, QString
CertificateInfo
typedef QList< ConstraintTypeConstraints
typedef QList< Provider * > ProviderList
typedef QList< SecureMessageKeySecureMessageKeyList
typedef QList
< SecureMessageSignature
SecureMessageSignatureList

Enumerations

enum  CertificateInfoTypeKnown {
  CommonName, Email, EmailLegacy, Organization,
  OrganizationalUnit, Locality, IncorporationLocality, State,
  IncorporationState, Country, IncorporationCountry, URI,
  DNS, IPAddress, XMPP
}
enum  CertificateRequestFormat { PKCS10, SPKAC }
enum  ConstraintTypeKnown {
  DigitalSignature, NonRepudiation, KeyEncipherment, DataEncipherment,
  KeyAgreement, KeyCertificateSign, CRLSign, EncipherOnly,
  DecipherOnly, ServerAuth, ClientAuth, CodeSigning,
  EmailProtection, IPSecEndSystem, IPSecTunnel, IPSecUser,
  TimeStamping, OCSPSigning
}
enum  ConvertResult { ConvertGood, ErrorDecode, ErrorPassphrase, ErrorFile }
enum  Direction { Encode, Decode }
enum  DLGroupSet {
  DSA_512, DSA_768, DSA_1024, IETF_768,
  IETF_1024, IETF_1536, IETF_2048, IETF_3072,
  IETF_4096, IETF_6144, IETF_8192
}
enum  EncryptionAlgorithm { EME_PKCS1v15, EME_PKCS1_OAEP }
enum  MemoryMode { Practical, Locking, LockingKeepPrivileges }
enum  PBEAlgorithm {
  PBEDefault, PBES2_DES_SHA1, PBES2_TripleDES_SHA1, PBES2_AES128_SHA1,
  PBES2_AES192_SHA1, PBES2_AES256_SHA1
}
enum  SecurityLevel {
  SL_None, SL_Integrity, SL_Export, SL_Baseline,
  SL_High, SL_Highest
}
enum  SignatureAlgorithm {
  SignatureUnknown, EMSA1_SHA1, EMSA3_SHA1, EMSA3_MD5,
  EMSA3_MD2, EMSA3_RIPEMD160, EMSA3_Raw
}
enum  SignatureFormat { DefaultFormat, IEEE_1363, DERSequence }
enum  UsageMode {
  UsageAny = 0x00, UsageTLSServer = 0x01, UsageTLSClient = 0x02, UsageCodeSigning = 0x04,
  UsageEmailProtection = 0x08, UsageTimeStamping = 0x10, UsageCRLSigning = 0x20
}
enum  ValidateFlags { ValidateAll = 0x00, ValidateRevoked = 0x01, ValidateExpired = 0x02, ValidatePolicy = 0x04 }
enum  Validity {
  ValidityGood, ErrorRejected, ErrorUntrusted, ErrorSignatureFailed,
  ErrorInvalidCA, ErrorInvalidPurpose, ErrorSelfSigned, ErrorRevoked,
  ErrorPathLengthExceeded, ErrorExpired, ErrorExpiredCA, ErrorValidityUnknown = 64
}

Functions

QCA_EXPORT void appendPluginDiagnosticText (const QString &text)
QCA_EXPORT QString appName ()
QCA_EXPORT QString arrayToHex (const QByteArray &array)
QCA_EXPORT void clearPluginDiagnosticText ()
QCA_EXPORT QStringList defaultFeatures ()
QCA_EXPORT ProviderdefaultProvider ()
QCA_EXPORT void deinit ()
QCA_EXPORT QByteArray emsa3Encode (const QString &hashName, const QByteArray &digest, int size=-1)
QCA_EXPORT ProviderfindProvider (const QString &name)
QCA_EXPORT QVariant getProperty (const QString &name)
QCA_EXPORT QVariantMap getProviderConfig (const QString &name)
QCA_EXPORT QString globalRandomProvider ()
QCA_EXPORT bool haveSecureMemory ()
QCA_EXPORT bool haveSecureRandom ()
QCA_EXPORT bool haveSystemStore ()
QCA_EXPORT QByteArray hexToArray (const QString &hexString)
QCA_EXPORT void init (MemoryMode m, int prealloc)
QCA_EXPORT void init ()
QCA_EXPORT bool insertProvider (Provider *p, int priority=0)
QCA_EXPORT bool isSupported (const QStringList &features, const QString &provider=QString())
QCA_EXPORT bool isSupported (const char *features, const QString &provider=QString())
QCA_EXPORT Loggerlogger ()
QCA_EXPORT QStringList makeFriendlyNames (const QList< Certificate > &list)
QCA_EXPORT const SecureArray operator+ (const SecureArray &a, const SecureArray &b)
QCA_EXPORT CertificateInfoOrdered orderedDNOnly (const CertificateInfoOrdered &in)
QCA_EXPORT QString orderedToDNString (const CertificateInfoOrdered &in)
QCA_EXPORT QString pluginDiagnosticText ()
QCA_EXPORT int providerPriority (const QString &name)
QCA_EXPORT ProviderList providers ()
QCA_EXPORT void saveProviderConfig (const QString &name)
QCA_EXPORT void scanForPlugins ()
QCA_EXPORT void setAppName (const QString &name)
QCA_EXPORT void setGlobalRandomProvider (const QString &provider)
QCA_EXPORT void setProperty (const QString &name, const QVariant &value)
QCA_EXPORT void setProviderConfig (const QString &name, const QVariantMap &config)
QCA_EXPORT void setProviderPriority (const QString &name, int priority)
QCA_EXPORT QStringList supportedFeatures ()
QCA_EXPORT CertificateCollection systemStore ()
QCA_EXPORT void unloadAllPlugins ()


Detailed Description

QCA - the Qt Cryptographic Architecture.

Typedef Documentation

Certificate properties type.

With this container, the information is not necessarily stored in the same sequence as the certificate format itself. Use this container if the order the information is/was stored does not matter for you (this is the case with most applications).

Additionally, the EmailLegacy type should not be used with this container. Use Email instead.

Certificate constraints type

Convenience representation for the plugin providers.

You can get a list of providers using the providers() function

See also:
ProviderListIterator

providers()

A list of message keys.

A list of signatures.


Enumeration Type Documentation

Certificate Request Format.

Enumerator:
PKCS10  standard PKCS#10 format
SPKAC  Signed Public Key and Challenge (Netscape) format.

Known types of information stored in certificates.

This enumerator offers a convenient way to work with common types.

Enumerator:
CommonName  The common name (eg person), id = "2.5.4.3".
Email  Email address, id = "GeneralName.rfc822Name".
EmailLegacy  PKCS#9 Email field, id = "1.2.840.113549.1.9.1".
Organization  An organisation (eg company), id = "2.5.4.10".
OrganizationalUnit  An part of an organisation (eg a division or branch), id = "2.5.4.11".
Locality  The locality (eg city, a shire, or part of a state), id = "2.5.4.7".
IncorporationLocality  The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1".
State  The state within the country, id = "2.5.4.8".
IncorporationState  The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".
Country  The country, id = "2.5.4.6".
IncorporationCountry  The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".
URI  Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".
DNS  DNS name, id = "GeneralName.dNSName".
IPAddress  IP address, id = "GeneralName.iPAddress".
XMPP  XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5".

Known types of certificate constraints.

This enumerator offers a convenient way to work with common types.

Enumerator:
DigitalSignature  Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"
NonRepudiation  Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"
KeyEncipherment  Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"
DataEncipherment  Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"
KeyAgreement  Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"
KeyCertificateSign  Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"
CRLSign  Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign"
EncipherOnly  Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"
DecipherOnly  Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"
ServerAuth  Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1". This is an extended usage constraint.
ClientAuth  Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2". This is an extended usage constraint.
CodeSigning  Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage constraint.
EmailProtection  Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an extended usage constraint.
IPSecEndSystem  Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is an extended usage constraint.
IPSecTunnel  Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an extended usage constraint.
IPSecUser  Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an extended usage constraint.
TimeStamping  Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an extended usage constraint.
OCSPSigning  Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion, id = "1.3.6.1.5.5.7.3.9". This is an extended usage constraint.

Specify the intended usage of a certificate.

Enumerator:
UsageAny  Any application, or unspecified.
UsageTLSServer  server side of a TLS or SSL connection
UsageTLSClient  client side of a TLS or SSL connection
UsageCodeSigning  code signing certificate
UsageEmailProtection  email (S/MIME) certificate
UsageTimeStamping  time stamping certificate
UsageCRLSigning  certificate revocation list signing certificate

The validity (or otherwise) of a certificate.

Enumerator:
ValidityGood  The certificate is valid.
ErrorRejected  The root CA rejected the certificate purpose.
ErrorUntrusted  The certificate is not trusted.
ErrorSignatureFailed  The signature does not match.
ErrorInvalidCA  The Certificate Authority is invalid.
ErrorInvalidPurpose  The purpose does not match the intended usage.
ErrorSelfSigned  The certificate is self-signed, and is not found in the list of trusted certificates.
ErrorRevoked  The certificate has been revoked.
ErrorPathLengthExceeded  The path length from the root CA to this certificate is too long.
ErrorExpired  The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore time).
ErrorExpiredCA  The Certificate Authority has expired.
ErrorValidityUnknown  Validity is unknown.

The conditions to validate for a certificate.

Mode settings for memory allocation.

QCA can use secure memory, however most operating systems restrict the amount of memory that can be pinned by user applications, to prevent a denial-of-service attack.

QCA supports two approaches to getting memory - the mlock method, which generally requires root (administrator) level privileges, and the mmap method which is not as secure, but which should be able to be used by any process.

See also:
Initializer
Enumerator:
Practical  mlock and drop root if available, else mmap
Locking  mlock and drop root
LockingKeepPrivileges  mlock, retaining root privileges

Direction settings for symmetric algorithms.

For some algorithms, it makes sense to have a "direction", such as Cipher algorithms which can be used to encrypt or decrypt.

Enumerator:
Encode  Operate in the "forward" direction; for example, encrypting.
Decode  Operate in the "reverse" direction; for example, decrypting.

Encryption algorithms.

Enumerator:
EME_PKCS1v15  Block type 2 (PKCS#1, Version 1.5).
EME_PKCS1_OAEP  Optimal asymmetric encryption padding (PKCS#1, Version 2.0).

Signature algorithm variants.

Enumerator:
SignatureUnknown  Unknown signing algorithm.
EMSA1_SHA1  SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186).
EMSA3_SHA1  SHA1, with EMSA3 (ie PKCS#1 Version 1.5) encoding.
EMSA3_MD5  MD5, with EMSA3 (ie PKCS#1 Version 1.5) encoding (this is the usual RSA algorithm).
EMSA3_MD2  MD2, with EMSA3 (ie PKCS#1 Version 1.5) encoding.
EMSA3_RIPEMD160  RIPEMD160, with EMSA3 (ie PKCS#1 Version 1.5) encoding.
EMSA3_Raw  EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism).

Signature formats (DSA only).

Enumerator:
DefaultFormat  For DSA, this is the same as IEEE_1363.
IEEE_1363  40-byte format from IEEE 1363 (Botan/.NET)
DERSequence  Signature wrapped in DER formatting (OpenSSL/Java).

Password-based encryption.

Enumerator:
PBEDefault  Use modern default (same as PBES2_TripleDES_SHA1).
PBES2_DES_SHA1  PKCS#5 v2.0 DES/CBC,SHA1.
PBES2_TripleDES_SHA1  PKCS#5 v2.0 TripleDES/CBC,SHA1.
PBES2_AES128_SHA1  PKCS#5 v2.0 AES-128/CBC,SHA1.
PBES2_AES192_SHA1  PKCS#5 v2.0 AES-192/CBC,SHA1.
PBES2_AES256_SHA1  PKCS#5 v2.0 AES-256/CBC,SHA1.

Return value from a format conversion.

Note that if you are checking for any result other than ConvertGood, then you may be introducing a provider specific dependency.

Enumerator:
ConvertGood  Conversion succeeded, results should be valid.
ErrorDecode  General failure in the decode stage.
ErrorPassphrase  Failure because of incorrect passphrase.
ErrorFile  Failure because of incorrect file.

Well known discrete logarithm group sets.

These sets are derived from three main sources: Java Cryptographic Extensions, RFC2412 and RFC3526.

Enumerator:
DSA_512  512 bit group, for compatibility with JCE
DSA_768  768 bit group, for compatibility with JCE
DSA_1024  1024 bit group, for compatibility with JCE
IETF_768  Group 1 from RFC 2412, Section E.1.
IETF_1024  Group 2 from RFC 2412, Section E.2.
IETF_1536  1536-bit MODP Group ("group 5") from RFC3526 Section 2.
IETF_2048  2048-bit MODP Group ("group 14") from RFC3526 Section 3.
IETF_3072  3072-bit MODP Group ("group 15") from RFC3526 Section 4.
IETF_4096  4096-bit MODP Group ("group 16") from RFC3526 Section 5.
IETF_6144  6144-bit MODP Group ("group 17") from RFC3526 Section 6.
IETF_8192  8192-bit MODP Group ("group 18") from RFC3526 Section 7.

Specify the lower-bound for acceptable TLS/SASL security layers.

For TLS, the interpretation of these levels is:

  • Any cipher suite that provides non-authenticated communications (usually anonymous Diffie-Hellman) is SL_Integrity.
  • Any cipher suite that is limited to 40 bits (export-version crippled forms of RC2, RC4 or DES) is SL_Export. Standard DES (56 bits) and some forms of RC4 (64 bits) are also SL_Export.
  • Any normal cipher (AES, Camellia, RC4 or similar) with 128 bits, or Elliptic Curve Ciphers with 283 bits, is SL_Baseline
  • AES or Camellia at least 192 bits, triple-DES and similar ciphers are SL_High. ECC with 409 or more bits is also SL_High.
  • Highest does not have an equivalent strength. It indicates that the provider should use the strongest ciphers available (but not less than SL_High).
Enumerator:
SL_None  indicates that no security is ok
SL_Integrity  must at least get integrity protection
SL_Export  must be export level bits or more
SL_Baseline  must be 128 bit or more
SL_High  must be more than 128 bit
SL_Highest  SL_High or max possible, whichever is greater.


Function Documentation

QCA_EXPORT QString QCA::orderedToDNString ( const CertificateInfoOrdered &  in  ) 

Convert to RFC 1779 string format.

Parameters:
in the certificate info to convert

Referenced by QCA::CertificateInfoOrdered::toString().

QCA_EXPORT CertificateInfoOrdered QCA::orderedDNOnly ( const CertificateInfoOrdered &  in  ) 

Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the input object.

Parameters:
in the certificate info to extract from

Referenced by QCA::CertificateInfoOrdered::dnOnly().

QCA_EXPORT QStringList QCA::makeFriendlyNames ( const QList< Certificate > &  list  ) 

Create a list of unique friendly names among a list of certificates.

Parameters:
list the list of certificates for which a friendly name is required.

QCA_EXPORT void QCA::init (  ) 

Initialise QCA.

This call is not normally required, because it is cleaner to use an Initializer.

QCA_EXPORT void QCA::init ( MemoryMode  m,
int  prealloc 
)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

Parameters:
m the MemoryMode to use
prealloc the amount of memory in kilobytes to allocate for secure storage
Examples:
aes-cmac.cpp, base64test.cpp, certtest.cpp, ciphertest.cpp, eventhandlerdemo.cpp, hashtest.cpp, hextest.cpp, keyloader.cpp, mactest.cpp, md5crypt.cpp, providertest.cpp, publickeyexample.cpp, randomtest.cpp, rsatest.cpp, saslclient.cpp, saslserver.cpp, sslservtest.cpp, and ssltest.cpp.

QCA_EXPORT void QCA::deinit (  ) 

Clean up routine.

This routine cleans up QCA, including memory allocations This call is not normally required, because it is cleaner to use an Initializer

QCA_EXPORT bool QCA::haveSecureMemory (  ) 

Test if secure storage memory is available.

Returns:
true if secure storage memory is available

QCA_EXPORT bool QCA::haveSecureRandom (  ) 

Test if secure random is available.

Secure random is considered available if the global random provider is not the default provider.

Returns:
true if secure random is available

QCA_EXPORT bool QCA::isSupported ( const char *  features,
const QString provider = QString() 
)

Test if a capability (algorithm) is available.

Since capabilities are made available at runtime, you should always check before using a capability the first time, as shown below.

QCA::init();
if(!QCA::isSupported("sha1"))
        printf("SHA1 not supported!\n");
else
{
        QString result = QCA::SHA1::hashToString(myString);
        printf("sha1(\"%s\") = [%s]\n", myString.data(), qPrintable(result));
}

Parameters:
features the name of the capability to test for
provider if specified, only check for the capability in that specific provider. If not provided, or provided as an empty string, then check for capabilities in all available providers
Returns:
true if the capability is available, otherwise false
Note that you can test for a combination of capabilities, using a comma delimited list:
QCA::isSupported("sha1,md5"):
which will return true if all of the capabilities listed are present.
Examples:
aes-cmac.cpp, certtest.cpp, ciphertest.cpp, hashtest.cpp, mactest.cpp, md5crypt.cpp, publickeyexample.cpp, rsatest.cpp, saslclient.cpp, saslserver.cpp, sslservtest.cpp, and ssltest.cpp.

QCA_EXPORT bool QCA::isSupported ( const QStringList features,
const QString provider = QString() 
)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

Parameters:
features a list of features to test for
provider if specified, only check for the capability in that specific provider. If not provided, or provided as an empty string, then check for capabilities in all available providers

QCA_EXPORT QStringList QCA::supportedFeatures (  ) 

Generate a list of all the supported features in plugins, and in built in capabilities.

Returns:
a list containing the names of the features
The following code writes a list of features to standard out
QStringList capabilities;
capabilities = QCA::supportedFeatures();
std::cout << "Supported:" << capabilities.join(",") << std::endl;
See also:
isSupported(const char *features)

isSupported(const QStringList &features)

defaultFeatures()

QCA_EXPORT QStringList QCA::defaultFeatures (  ) 

Generate a list of the built in features.

This differs from supportedFeatures() in that it does not include features provided by plugins.

Returns:
a list containing the names of the features
The following code writes a list of features to standard out
QStringList capabilities;
capabilities = QCA::defaultFeatures();
std::cout << "Default:" << capabilities.join(",") << std::endl;

See also:
isSupported

supportedFeatures()

Examples:
providertest.cpp.

QCA_EXPORT bool QCA::insertProvider ( Provider *  p,
int  priority = 0 
)

Add a provider to the current list of providers.

This function allows you to add a provider to the current plugin providers at a specified priority. If a provider with the name already exists, this call fails.

Parameters:
p a pointer to a Provider object, which must be set up.
priority the priority level to set the provider to
Returns:
true if the provider is added, and false if the provider is not added (failure)
See also:
setProviderPriority for a description of the provider priority system
Examples:
aes-cmac.cpp.

QCA_EXPORT void QCA::setProviderPriority ( const QString name,
int  priority 
)

Change the priority of a specified provider.

QCA supports a number of providers, and if a number of providers support the same algorithm, it needs to choose between them. You can do this at object instantiation time (by specifying the name of the provider that should be used). Alternatively, you can provide a relative priority level at an application level, using this call.

Priority is used at object instantiation time. The provider is selected according to the following logic:

  • if a particular provider is nominated, and that provider supports the required algorithm, then the nominated provider is used
  • if no provider is nominated, or it doesn't support the required algorithm, then the provider with the lowest priority number will be used, if that provider supports the algorithm.
  • if the provider with the lowest priority number doesn't support the required algorithm, the provider with the next lowest priority number will be tried, and so on through to the provider with the largest priority number
  • if none of the plugin providers support the required algorithm, then the default (built-in) provider will be tried.

Parameters:
name the name of the provider
priority the new priority of the provider. As a special case, if you pass in -1, then this provider gets the same priority as the the last provider that was added or had its priority set using this call.
See also:
providerPriority

QCA_EXPORT int QCA::providerPriority ( const QString name  ) 

Return the priority of a specified provider.

The name of the provider (eg "qca-ossl") is used to look up the current priority associated with that provider. If the provider is not found (or something else went wrong), -1 is returned.

Parameters:
name the name of the provider
Returns:
the current priority level
See also:
setProviderPriority for a description of the provider priority system

QCA_EXPORT ProviderList QCA::providers (  ) 

Return a list of the current providers.

The current plugin providers are provided as a list, which you can iterate over using ProviderListIterator.

See also:
ProviderList

ProviderListIterator

Examples:
providertest.cpp.

QCA_EXPORT Provider* QCA::findProvider ( const QString name  ) 

Return the named provider, or 0 if not found.

Parameters:
name the name of the provider to search for.

QCA_EXPORT Provider* QCA::defaultProvider (  ) 

Return the default provider.

QCA_EXPORT void QCA::scanForPlugins (  ) 

Scan for new plugins.

Examples:
providertest.cpp.

QCA_EXPORT void QCA::unloadAllPlugins (  ) 

Unload the current plugins.

QCA_EXPORT QString QCA::pluginDiagnosticText (  ) 

Retrieve plugin diagnostic text.

QCA_EXPORT void QCA::clearPluginDiagnosticText (  ) 

Clear plugin diagnostic text.

QCA_EXPORT void QCA::appendPluginDiagnosticText ( const QString text  ) 

Add plugin diagnostic text.

This function should only be called by providers.

Parameters:
text the diagnostic message to append

QCA_EXPORT void QCA::setProperty ( const QString name,
const QVariant value 
)

Set a global property.

Parameters:
name the name of the property
value the value to set the property to
See also:
getProperty

QCA_EXPORT QVariant QCA::getProperty ( const QString name  ) 

Retrieve a global property.

Parameters:
name the name of the property to look up
See also:
setProperty

QCA_EXPORT void QCA::setProviderConfig ( const QString name,
const QVariantMap &  config 
)

Set provider configuration.

Allowed value types: QString, int, bool

Parameters:
name the name of the provider to set the configuration to
config the configuration

QCA_EXPORT QVariantMap QCA::getProviderConfig ( const QString name  ) 

Retrieve provider configuration.

Parameters:
name the name of the provider to retrieve the configuration of

QCA_EXPORT void QCA::saveProviderConfig ( const QString name  ) 

Save provider configuration to persistent storage.

Parameters:
name the name of the provider to have its configuration saved

QCA_EXPORT QString QCA::globalRandomProvider (  ) 

Return the name of the global random number provider.

QCA_EXPORT void QCA::setGlobalRandomProvider ( const QString provider  ) 

Change the global random number provider.

The Random capabilities of QCA are provided as part of the built in capabilities, however the generator can be changed if required.

Parameters:
provider the name of the provider to use as the global random provider.

QCA_EXPORT Logger* QCA::logger (  ) 

Return a reference to the QCA Logger, which is used for diagnostics and error recording.

The system Logger is automatically created for you on start.

QCA_EXPORT bool QCA::haveSystemStore (  ) 

Test if QCA can access the root CA certificates.

If root certificates are available, this function returns true, otherwise it returns false.

See also:
systemStore
Examples:
certtest.cpp, and ssltest.cpp.

QCA_EXPORT CertificateCollection QCA::systemStore (  ) 

Get system-wide root Certificate Authority (CA) certificates.

Many operating systems (or distributions, on Linux-type systems) come with some trusted certificates. Typically, these include the root certificates for major Certificate Authorities (for example, Verisign, Comodo) and some additional certificates that are used for system updates. They are provided in different ways for different systems.

This function provides an common way to access the system certificates. There are other ways to access certificates - see the various I/O methods (such as fromDER() and fromPEM()) in the Certificate and CertificateCollection classes.

Note:
Availability of the system certificates depends on how QCA was built. You can test whether the system certificates are available using the haveSystemStore() function.
Examples:
certtest.cpp, and ssltest.cpp.

QCA_EXPORT QString QCA::appName (  ) 

Get the application name that will be used by SASL server mode.

The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. The default application name is 'qca'

QCA_EXPORT void QCA::setAppName ( const QString name  ) 

Set the application name that will be used by SASL server mode.

The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. This should be set before using SASL objects, and it cannot be changed later.

Parameters:
name the name string to use for SASL server mode
Examples:
saslserver.cpp.

QCA_EXPORT QString QCA::arrayToHex ( const QByteArray array  ) 

Convert a byte array to printable hexadecimal representation.

This is a convenience function to convert an arbitrary QByteArray to a printable representation.

QByteArray test(10);
test.fill('a');
// 0x61 is 'a' in ASCII
if (QString("61616161616161616161") == QCA::arrayToHex(test) )
{
        printf ("arrayToHex passed\n");
}

Parameters:
array the array to be converted
Returns:
a printable representation
Examples:
aes-cmac.cpp, ciphertest.cpp, hashtest.cpp, mactest.cpp, and rsatest.cpp.

QCA_EXPORT QByteArray QCA::hexToArray ( const QString hexString  ) 

Convert a QString containing a hexadecimal representation of a byte array into a QByteArray.

This is a convenience function to convert a printable representation into a QByteArray - effectively the inverse of QCA::arrayToHex.

QCA::init();
QByteArray test(10);

test.fill('b'); // 0x62 in hexadecimal
test[7] = 0x00; // can handle strings with nulls

if (QCA::hexToArray(QString("62626262626262006262") ) == test )
{
        printf ("hexToArray passed\n");
}

Parameters:
hexString the string containing a printable representation to be converted
Returns:
the equivalent QByteArray
Examples:
aes-cmac.cpp.

QCA_EXPORT QByteArray QCA::emsa3Encode ( const QString hashName,
const QByteArray digest,
int  size = -1 
)

Encode a hash result in EMSA3 (PKCS#1) format.

This is a convenience function for providers that only have access to raw RSA signing (mainly smartcard providers). This is a built-in function of QCA and does not utilize a provider. SHA1, MD5, MD2, and RIPEMD160 are supported.

Parameters:
hashName the hash type used to create the digest
digest the digest to encode in EMSA3 format
size the desired size of the encoding output (-1 for automatic size)

QCA_EXPORT const SecureArray QCA::operator+ ( const SecureArray &  a,
const SecureArray &  b 
)

Returns an array that is the result of concatenating a and b.

Parameters:
a the string to put at the start of the result
b the string to put at the end of the result


Generated on Wed Apr 29 15:15:54 2009 for Qt Cryptographic Architecture by  doxygen 1.5.5