RIM Crypto API: Adding New Certificates to the API

Certificates provide a means of transmitting public keys in a package that can be signed for authenticity by a Certificate Authority (CA) and subsequently verified by a third party. They ensure that, on the authority of the CA, the public key belongs to the entity claiming ownership.

Adding Certificates

The process of adding certificates to the Crypto API is more involved that simply providing support for another encoding format. There are several steps that must be taken:

The Certificate class provides the base interface for all certificates and the ability to retrieve the public key, verify the certificate, and check for validity, among other features. To implement a specific certificate, simply implement the interface and provide all the code necessary to process and format it. An example of a certificate is the X509Certificate.

Since certificates contain public keys, there must be PublicKeyEncoders and PublicKeyDecoders associated with the certificate that provide the encoding in the expected format. An example of such encoders for the X.509 certificate would be the X509_EC_PublicKeyEncoder and X509_EC_PublicKeyDecoder classes. Note that these encoders follow the naming scheme described in Adding Encoding Schemes to the API, with the algorithm name preceding the rest of the class name with an underscore. Any given key type that can be used in the certificate must have an associated encoder and decoder for that given encoding algorithm.

Finally, signature encoding and decoding classes must be provided for verification of the certificate's signature. Once again, an example is the X.509 implementation of the X509_SignatureEncoder and X509_SignatureDecoder classes.