Classes | |
class | Random |
Source of random numbers. More... | |
class | Hash |
General class for hashing algorithms. More... | |
class | Cipher |
General class for cipher (encryption / decryption) algorithms. More... | |
class | MessageAuthenticationCode |
General class for message authentication code (MAC) algorithms. More... | |
class | KeyDerivationFunction |
General superclass for key derivation algorithms. More... | |
class | PBKDF1 |
Password based key derivation function version 1. More... | |
class | PBKDF2 |
Password based key derivation function version 2. More... | |
class | CertificateInfoType |
Certificate information type. More... | |
class | CertificateInfoPair |
One entry in a certificate information list. More... | |
class | ConstraintType |
Certificate constraint. More... | |
class | CertificateInfoOrdered |
Ordered certificate properties type. More... | |
class | CertificateOptions |
Certificate options More... | |
class | Certificate |
Public Key (X.509) certificate. More... | |
class | CertificateChain |
A chain of related Certificates. More... | |
class | CertificateRequest |
Certificate Request More... | |
class | CRLEntry |
Part of a CRL representing a single certificate. More... | |
class | CRL |
Certificate Revocation List More... | |
class | CertificateCollection |
Bundle of Certificates and CRLs. More... | |
class | CertificateAuthority |
A Certificate Authority is used to generate Certificates and Certificate Revocation Lists (CRLs). More... | |
class | KeyBundle |
Certificate chain and private key pair. More... | |
class | PGPKey |
Pretty Good Privacy key. More... | |
class | KeyLoader |
Asynchronous private key loader. More... | |
class | Initializer |
Convenience method for initialising and cleaning up QCA. More... | |
class | KeyLength |
Simple container for acceptable key lengths. More... | |
class | Provider |
class | BasicContext |
Base class to use for primitive provider contexts. More... | |
class | BufferedComputation |
General superclass for buffered computation algorithms. More... | |
class | Filter |
General superclass for filtering transformation algorithms. More... | |
class | Algorithm |
General superclass for an algorithm. More... | |
class | SymmetricKey |
Container for keys for symmetric encryption algorithms. More... | |
class | InitializationVector |
Container for initialisation vectors and nonces. More... | |
class | Event |
An asynchronous event. More... | |
class | EventHandler |
Interface class for password / passphrase / PIN and token handlers. More... | |
class | PasswordAsker |
User password / passphrase / PIN handler. More... | |
class | TokenAsker |
User token handler. More... | |
class | KeyStoreEntry |
Single entry in a KeyStore. More... | |
class | KeyStoreEntryWatcher |
Class to monitor the availability of a KeyStoreEntry. More... | |
class | KeyStore |
General purpose key storage object. More... | |
class | KeyStoreInfo |
Key store information, outside of a KeyStore object. More... | |
class | KeyStoreManager |
Access keystores, and monitor keystores for changes. More... | |
class | DLGroup |
A discrete logarithm group. More... | |
class | PKey |
General superclass for public (PublicKey) and private (PrivateKey) keys used with asymmetric encryption techniques. More... | |
class | PublicKey |
Generic public key. More... | |
class | PrivateKey |
Generic private key. More... | |
class | KeyGenerator |
Class for generating asymmetric key pairs. More... | |
class | RSAPublicKey |
RSA Public Key. More... | |
class | RSAPrivateKey |
RSA Private Key. More... | |
class | DSAPublicKey |
Digital Signature Algorithm Public Key. More... | |
class | DSAPrivateKey |
Digital Signature Algorithm Private Key. More... | |
class | DHPublicKey |
Diffie-Hellman Public Key. More... | |
class | DHPrivateKey |
Diffie-Hellman Private Key. More... | |
class | SecureLayer |
Abstract interface to a security layer. More... | |
class | TLSSession |
Session token, used for TLS resuming. More... | |
class | TLS |
Transport Layer Security / Secure Socket Layer. More... | |
class | SASL |
Simple Authentication and Security Layer protocol implementation. More... | |
class | SecureMessageKey |
Key for SecureMessage system. More... | |
class | SecureMessageSignature |
SecureMessage signature. More... | |
class | SecureMessage |
Class representing a secure message. More... | |
class | SecureMessageSystem |
Abstract superclass for secure messaging systems. More... | |
class | OpenPGP |
Pretty Good Privacy messaging system. More... | |
class | CMS |
Cryptographic Message Syntax messaging system. More... | |
class | SyncThread |
class | Synchronizer |
class | DirWatch |
class | FileWatch |
Support class to monitor a file for activity. More... | |
class | Console |
class | ConsoleReference |
class | ConsolePrompt |
class | Logger |
A simple logging system. More... | |
class | AbstractLogDevice |
An abstract log device. More... | |
class | TextFilter |
Superclass for text based filtering algorithms. More... | |
class | Hex |
Hexadecimal encoding / decoding. More... | |
class | Base64 |
Base64 encoding / decoding More... | |
class | MemoryRegion |
Array of bytes that may be optionally secured. More... | |
class | SecureArray |
Secure array of bytes. More... | |
class | BigInteger |
Arbitrary precision integer. More... | |
class | QPipeDevice |
class | QPipeEnd |
class | QPipe |
A FIFO buffer (named pipe) abstraction. More... | |
Typedefs | |
typedef QMultiMap< CertificateInfoType, QString > | CertificateInfo |
typedef QList< ConstraintType > | Constraints |
typedef QList< Provider * > | ProviderList |
typedef QList< SecureMessageKey > | SecureMessageKeyList |
typedef QList< SecureMessageSignature > | SecureMessageSignatureList |
Enumerations | |
enum | CertificateRequestFormat { PKCS10, SPKAC } |
enum | CertificateInfoTypeKnown { CommonName, Email, EmailLegacy, Organization, OrganizationalUnit, Locality, IncorporationLocality, State, IncorporationState, Country, IncorporationCountry, URI, DNS, IPAddress, XMPP } |
enum | ConstraintTypeKnown { DigitalSignature, NonRepudiation, KeyEncipherment, DataEncipherment, KeyAgreement, KeyCertificateSign, CRLSign, EncipherOnly, DecipherOnly, ServerAuth, ClientAuth, CodeSigning, EmailProtection, IPSecEndSystem, IPSecTunnel, IPSecUser, TimeStamping, OCSPSigning } |
enum | UsageMode { UsageAny = 0x00, UsageTLSServer = 0x01, UsageTLSClient = 0x02, UsageCodeSigning = 0x04, UsageEmailProtection = 0x08, UsageTimeStamping = 0x10, UsageCRLSigning = 0x20 } |
enum | Validity { ValidityGood, ErrorRejected, ErrorUntrusted, ErrorSignatureFailed, ErrorInvalidCA, ErrorInvalidPurpose, ErrorSelfSigned, ErrorRevoked, ErrorPathLengthExceeded, ErrorExpired, ErrorExpiredCA, ErrorValidityUnknown = 64 } |
enum | ValidateFlags { ValidateAll = 0x00, ValidateRevoked = 0x01, ValidateExpired = 0x02, ValidatePolicy = 0x04 } |
enum | MemoryMode { Practical, Locking, LockingKeepPrivileges } |
enum | Direction { Encode, Decode } |
enum | EncryptionAlgorithm { EME_PKCS1v15, EME_PKCS1_OAEP } |
enum | SignatureAlgorithm { SignatureUnknown, EMSA1_SHA1, EMSA3_SHA1, EMSA3_MD5, EMSA3_MD2, EMSA3_RIPEMD160, EMSA3_Raw } |
enum | SignatureFormat { DefaultFormat, IEEE_1363, DERSequence } |
enum | PBEAlgorithm { PBEDefault, PBES2_DES_SHA1, PBES2_TripleDES_SHA1, PBES2_AES128_SHA1, PBES2_AES192_SHA1, PBES2_AES256_SHA1 } |
enum | ConvertResult { ConvertGood, ErrorDecode, ErrorPassphrase, ErrorFile } |
enum | DLGroupSet { DSA_512, DSA_768, DSA_1024, IETF_768, IETF_1024, IETF_1536, IETF_2048, IETF_3072, IETF_4096, IETF_6144, IETF_8192 } |
enum | SecurityLevel { SL_None, SL_Integrity, SL_Export, SL_Baseline, SL_High, SL_Highest } |
Functions | |
QCA_EXPORT QString | orderedToDNString (const CertificateInfoOrdered &in) |
QCA_EXPORT CertificateInfoOrdered | orderedDNOnly (const CertificateInfoOrdered &in) |
QCA_EXPORT QStringList | makeFriendlyNames (const QList< Certificate > &list) |
QCA_EXPORT void | init () |
QCA_EXPORT void | init (MemoryMode m, int prealloc) |
QCA_EXPORT void | deinit () |
QCA_EXPORT bool | haveSecureMemory () |
QCA_EXPORT bool | haveSecureRandom () |
QCA_EXPORT bool | isSupported (const char *features, const QString &provider=QString()) |
QCA_EXPORT bool | isSupported (const QStringList &features, const QString &provider=QString()) |
QCA_EXPORT QStringList | supportedFeatures () |
QCA_EXPORT QStringList | defaultFeatures () |
QCA_EXPORT bool | insertProvider (Provider *p, int priority=0) |
QCA_EXPORT void | setProviderPriority (const QString &name, int priority) |
QCA_EXPORT int | providerPriority (const QString &name) |
QCA_EXPORT ProviderList | providers () |
QCA_EXPORT Provider * | findProvider (const QString &name) |
QCA_EXPORT Provider * | defaultProvider () |
QCA_EXPORT void | scanForPlugins () |
QCA_EXPORT void | unloadAllPlugins () |
QCA_EXPORT QString | pluginDiagnosticText () |
QCA_EXPORT void | clearPluginDiagnosticText () |
QCA_EXPORT void | appendPluginDiagnosticText (const QString &text) |
QCA_EXPORT void | setProperty (const QString &name, const QVariant &value) |
QCA_EXPORT QVariant | getProperty (const QString &name) |
QCA_EXPORT void | setProviderConfig (const QString &name, const QVariantMap &config) |
QCA_EXPORT QVariantMap | getProviderConfig (const QString &name) |
QCA_EXPORT void | saveProviderConfig (const QString &name) |
QCA_EXPORT QString | globalRandomProvider () |
QCA_EXPORT void | setGlobalRandomProvider (const QString &provider) |
QCA_EXPORT Logger * | logger () |
QCA_EXPORT bool | haveSystemStore () |
QCA_EXPORT CertificateCollection | systemStore () |
QCA_EXPORT QString | appName () |
QCA_EXPORT void | setAppName (const QString &name) |
QCA_EXPORT QString | arrayToHex (const QByteArray &array) |
QCA_EXPORT QByteArray | hexToArray (const QString &hexString) |
QCA_EXPORT QByteArray | emsa3Encode (const QString &hashName, const QByteArray &digest, int size=-1) |
QCA_EXPORT QByteArray | methodReturnType (const QMetaObject *obj, const QByteArray &method, const QList< QByteArray > argTypes) |
QCA_EXPORT bool | invokeMethodWithVariants (QObject *obj, const QByteArray &method, const QVariantList &args, QVariant *ret, Qt::ConnectionType type=Qt::AutoConnection) |
QCA_EXPORT const SecureArray | operator+ (const SecureArray &a, const SecureArray &b) |
|
Certificate properties type. With this container, the information is not necessarily stored in the same sequence as the certificate format itself. Use this container if the order the information is/was stored does not matter for you (this is the case with most applications). Additionally, the EmailLegacy type should not be used with this container. Use Email instead. |
|
Certificate constraints type
|
|
Convenience representation for the plugin providers. You can get a list of providers using the providers() function
|
|
A list of message keys.
|
|
A list of signatures.
|
|
Certificate Request Format.
|
|
Known types of information stored in certificates. This enumerator offers a convenient way to work with common types.
|
|
|
Specify the intended usage of a certificate.
|
|
The validity (or otherwise) of a certificate.
|
|
The conditions to validate for a certificate.
|
|
Mode settings for memory allocation. QCA can use secure memory, however most operating systems restrict the amount of memory that can be pinned by user applications, to prevent a denial-of-service attack. QCA supports two approaches to getting memory - the mlock method, which generally requires root (administrator) level privileges, and the mmap method which is not as secure, but which should be able to be used by any process.
|
|
Direction settings for symmetric algorithms. For some algorithms, it makes sense to have a "direction", such as Cipher algorithms which can be used to encrypt or decrypt. |
|
Encryption algorithms.
|
|
Signature algorithm variants.
|
|
Signature formats (DSA only).
|
|
Password-based encryption.
|
|
Return value from a format conversion. Note that if you are checking for any result other than ConvertGood, then you may be introducing a provider specific dependency. |
|
Well known discrete logarithm group sets. These sets are derived from three main sources: Java Cryptographic Extensions, RFC2412 and RFC3526.
|
|
Specify the lower-bound for acceptable TLS/SASL security layers. For TLS, the intepretation of these levels is:
|
|
Convert to RFC 1779 string format.
|
|
Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the input object.
|
|
Create a list of unique friendly names among a list of certificates.
|
|
Initialise QCA. This call is not normally required, because it is cleaner to use an Initializer.
|
|
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
|
|
Clean up routine. This routine cleans up QCA, including memory allocations This call is not normally required, because it is cleaner to use an Initializer |
|
Test if secure storage memory is available.
|
|
Test if secure random is available. Secure random is considered available if the global random provider is not the default provider.
|
|
Test if a capability (algorithm) is available. Since capabilities are made available at runtime, you should always check before using a capability the first time, as shown below. QCA::init(); if(!QCA::isSupported("sha1")) printf("SHA1 not supported!\n"); else { QString result = QCA::SHA1::hashToString(myString); printf("sha1(\"%s\") = [%s]\n", myString.data(), qPrintable(result)); }
QCA::isSupported("sha1,md5"): |
|
This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
|
|
Generate a list of all the supported features in plugins, and in built in capabilities.
QStringList capabilities; capabilities = QCA::supportedFeatures(); std::cout << "Supported:" << capabilities.join(",") << std::endl;
|
|
Generate a list of the built in features. This differs from supportedFeatures() in that it does not include features provided by plugins.
QStringList capabilities; capabilities = QCA::defaultFeatures(); std::cout << "Default:" << capabilities.join(",") << std::endl;
|
|
Add a provider to the current list of providers. This function allows you to add a provider to the current plugin providers at a specified priority. If a provider with the name already exists, this call fails.
|
|
Change the priority of a specified provider. QCA supports a number of providers, and if a number of providers support the same algorithm, it needs to choose between them. You can do this at object instantiation time (by specifying the name of the provider that should be used). Alternatively, you can provide a relative priority level at an application level, using this call. Priority is used at object instantiation time. The provider is selected according to the following logic:
|
|
Return the priority of a specified provider. The name of the provider (eg "qca-openssl") is used to look up the current priority associated with that provider. If the provider is not found (or something else went wrong), -1 is returned.
|
|
Return a list of the current providers. The current plugin providers are provided as a list, which you can iterate over using ProviderListIterator.
|
|
Return the named provider, or 0 if not found.
|
|
Return the default provider.
|
|
Scan for new plugins.
|
|
Unload the current plugins.
|
|
Retrieve plugin diagnostic text.
|
|
Clear plugin diagnostic text.
|
|
Add plugin diagnostic text. This function should only be called by providers. |
|
Set a global property.
|
|
Retrieve a global property.
|
|
Set provider configuration. Allowed value types: QString, int, bool |
|
Retrieve provider configuration.
|
|
Save provider configuration to persistent storage.
|
|
Return the name of the global random number provider.
|
|
Change the global random number provider. The Random capabilities of QCA are provided as part of the built in capabilities, however the generator can be changed if required. |
|
Return a reference to the QCA Logger, which is used for diagnostics and error recording. The system Logger is automatically created for you on start. |
|
Test if QCA can access the root CA certificates. If root certificates are available, this function returns true, otherwise it returns false.
|
|
Get system-wide root Certificate Authority (CA) certificates. Many operating systems (or distributions, on Linux-type systems) come with some trusted certificates. Typically, these include the root certificates for major Certificate Authorities (for example, Verisign, Comodo) and some additional certificates that are used for system updates. They are provided in different ways for different systems. This function provides an common way to access the system certificates. There are other ways to access certificates - see the various I/O methods (such as fromDER() and fromPEM()) in the Certificate and CertificateCollection classes.
|
|
Get the application name that will be used by SASL server mode. The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. The default application name is 'qca' |
|
Set the application name that will be used by SASL server mode. The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. This should be set before using SASL objects, and it cannot be changed later.
|
|
Convert a byte array to printable hexadecimal representation. This is a convenience function to convert an arbitrary QByteArray to a printable representation.
QByteArray test(10); test.fill('a'); // 0x61 is 'a' in ASCII if (QString("61616161616161616161") == QCA::arrayToHex(test) ) { printf ("arrayToHex passed\n"); }
|
|
Convert a QString containing a hexadecimal representation of a byte array into a QByteArray. This is a convenience function to convert a printable representation into a QByteArray - effectively the inverse of QCA::arrayToHex.
QCA::init(); QByteArray test(10); test.fill('b'); // 0x62 in hexadecimal test[7] = 0x00; // can handle strings with nulls if (QCA::hexToArray(QString("62626262626262006262") ) == test ) { printf ("hexToArray passed\n"); }
|
|
Encode a hash result in EMSA3 (PKCS#1) format. This is a convenience function for providers that only have access to raw RSA signing (mainly smartcard providers). This is a built-in function of QCA and does not utilize a provider. SHA1, MD5, MD2, and RIPEMD160 are supported. |
|
Convenience method to determine the return type of a method. This function identifies the return type of a specified method. This function can be used as shown: class TestClass : public QObject { Q_OBJECT // ... public slots: QString qstringMethod() { return QString(); }; bool boolMethod( const QString & ) { return true; }; }; QByteArray myTypeName; TestClass testClass; QList<QByteArray> argsList; // empty list, since no args myTypeName = QCA::methodReturnType( testClass.metaObject(), QByteArray( "qstringMethod" ), argsList ); // myTypeName is "QString" myTypeName = QCA::methodReturnType( testClass.metaObject(), QByteArray( "boolMethod" ), argsList ); // myTypeName is "", because there is no method called "boolMethod" that has no arguments argsList << "QString"; // now we have one argument myTypeName = QCA::methodReturnType( testClass.metaObject(), QByteArray( "boolMethod" ), argsList ); // myTypeName is "bool" The return type name of a method returning void is an empty string, not "void"
|
|
Convenience method to invoke a method by name, using a variant list of arguments. This function can be used as shown: class TestClass : public QObject { Q_OBJECT // ... public slots: QString qstringMethod() { return QString( "the result" ); }; bool boolMethod( const QString & ) { return true; }; }; TestClass *testClass = new TestClass; QVariantList args; QVariant stringRes; // calls testClass->qstringMethod() with no arguments ( since args is an empty list) bool ret = QCA::invokeMethodWithVariants( testClass, QByteArray( "qstringMethod" ), args, &stringRes ); // ret is true (since call succeeded), stringRes.toString() is a string - "the result" QVariant boolResult; QString someString( "not important" ); args << someString; // calls testClass->boolMethod( someString ), returning result in boolResult ret = QCA::invokeMethodWithVariants( testClass1, QByteArray( "boolMethod" ), args, &boolResult ); // ret is true (since call succeeded), boolResult.toBool() is true.
|
|
Returns an array that is the result of concatenating a and b.
|