|RIM Crypto API: Adding New Certificates to the API|
Certificates provide a means of transmitting public keys in a package that can be signed for authenticity by a Certificate Authority (CA) and subsequently verified by a third party. They ensure that, on the authority of the CA, the public key belongs to the entity claiming ownership.
The process of adding certificates to the Crypto API is more involved that simply providing support for another encoding format. There are several steps that must be taken:
Certificateinterface must be implemented.
PublicKeyDecoderclasses must be provided for the public keys that the new certificate format will use.
Certificate class provides the base interface for all certificates and the
ability to retrieve the public key, verify the certificate, and check for validity, among
other features. To implement a specific certificate, simply implement the interface and
provide all the code necessary to process and format it. An example of a certificate is
Since certificates contain public keys, there must be
PublicKeyDecoders associated with the certificate that provide the encoding
in the expected format. An example of such encoders for the X.509 certificate would be the
Note that these encoders follow the naming scheme described in
Adding Encoding Schemes to the API, with the algorithm name preceding the rest of the
class name with an underscore. Any given key type that can be used in the certificate must have
an associated encoder and decoder for that given encoding algorithm.
Finally, signature encoding and decoding classes must be provided for verification of
the certificate's signature. Once again, an example is the X.509 implementation of