QCA

QCA Namespace Reference

Classes

class  AbstractLogDevice
 
class  Algorithm
 
class  AuthTag
 
class  Base64
 
class  BasicContext
 
class  BigInteger
 
class  BufferedComputation
 
class  CAContext
 
class  CertBase
 
class  CertCollectionContext
 
class  CertContext
 
class  CertContextProps
 
class  Certificate
 
class  CertificateAuthority
 
class  CertificateChain
 
class  CertificateCollection
 
class  CertificateInfoOrdered
 
class  CertificateInfoPair
 
class  CertificateInfoType
 
class  CertificateOptions
 
class  CertificateRequest
 
class  Cipher
 
class  CipherContext
 
class  CMS
 
class  Console
 
class  ConsolePrompt
 
class  ConsoleReference
 
class  ConstraintType
 
class  CRL
 
class  CRLContext
 
class  CRLContextProps
 
class  CRLEntry
 
class  CSRContext
 
class  DHContext
 
class  DHPrivateKey
 
class  DHPublicKey
 
class  DirWatch
 
class  DLGroup
 
class  DLGroupContext
 
class  DSAContext
 
class  DSAPrivateKey
 
class  DSAPublicKey
 
class  Event
 
class  EventHandler
 
class  FileWatch
 
class  Filter
 
class  Hash
 
class  HashContext
 
class  Hex
 
class  HKDF
 
class  HKDFContext
 
class  InfoContext
 
class  InitializationVector
 
class  Initializer
 
class  KDFContext
 
class  KeyBundle
 
class  KeyDerivationFunction
 
class  KeyGenerator
 
class  KeyLength
 
class  KeyLoader
 
class  KeyStore
 
class  KeyStoreEntry
 
class  KeyStoreEntryContext
 
class  KeyStoreEntryWatcher
 
class  KeyStoreInfo
 
class  KeyStoreListContext
 
class  KeyStoreManager
 
class  Logger
 
class  MACContext
 
class  MemoryRegion
 
class  MessageAuthenticationCode
 
class  MessageContext
 
class  OpenPGP
 
class  PasswordAsker
 
class  PBKDF1
 
class  PBKDF2
 
class  PGPKey
 
class  PGPKeyContext
 
class  PGPKeyContextProps
 
class  PKCS12Context
 
class  PKey
 
class  PKeyBase
 
class  PKeyContext
 
class  PrivateKey
 
class  Provider
 
class  PublicKey
 
class  QPipe
 
class  QPipeDevice
 
class  QPipeEnd
 
class  Random
 
class  RandomContext
 
class  RSAContext
 
class  RSAPrivateKey
 
class  RSAPublicKey
 
class  SASL
 
class  SASLContext
 
class  SecureArray
 
class  SecureLayer
 
class  SecureMessage
 
class  SecureMessageKey
 
class  SecureMessageSignature
 
class  SecureMessageSystem
 
class  SMSContext
 
class  SymmetricKey
 
class  Synchronizer
 
class  SyncThread
 
class  TextFilter
 
class  TLS
 
class  TLSContext
 
class  TLSSession
 
class  TLSSessionContext
 
class  TokenAsker
 

Typedefs

typedef QMultiMap< CertificateInfoType, QStringCertificateInfo
 
typedef QList< ConstraintTypeConstraints
 
typedef QList< Provider * > ProviderList
 
typedef QList< SecureMessageKeySecureMessageKeyList
 
typedef QList< SecureMessageSignatureSecureMessageSignatureList
 

Enumerations

enum  CertificateInfoTypeKnown {
  CommonName, Email, EmailLegacy, Organization,
  OrganizationalUnit, Locality, IncorporationLocality, State,
  IncorporationState, Country, IncorporationCountry, URI,
  DNS, IPAddress, XMPP
}
 
enum  CertificateRequestFormat { PKCS10, SPKAC }
 
enum  ConstraintTypeKnown {
  DigitalSignature, NonRepudiation, KeyEncipherment, DataEncipherment,
  KeyAgreement, KeyCertificateSign, CRLSign, EncipherOnly,
  DecipherOnly, ServerAuth, ClientAuth, CodeSigning,
  EmailProtection, IPSecEndSystem, IPSecTunnel, IPSecUser,
  TimeStamping, OCSPSigning
}
 
enum  ConvertResult { ConvertGood, ErrorDecode, ErrorPassphrase, ErrorFile }
 
enum  Direction { Encode, Decode }
 
enum  DLGroupSet {
  DSA_512, DSA_768, DSA_1024, IETF_768,
  IETF_1024, IETF_1536, IETF_2048, IETF_3072,
  IETF_4096, IETF_6144, IETF_8192
}
 
enum  EncryptionAlgorithm { EME_PKCS1v15, EME_PKCS1_OAEP, EME_PKCS1v15_SSL, EME_NO_PADDING }
 
enum  MemoryMode { Practical, Locking, LockingKeepPrivileges }
 
enum  PBEAlgorithm {
  PBEDefault, PBES2_DES_SHA1, PBES2_TripleDES_SHA1, PBES2_AES128_SHA1,
  PBES2_AES192_SHA1, PBES2_AES256_SHA1
}
 
enum  SecurityLevel {
  SL_None, SL_Integrity, SL_Export, SL_Baseline,
  SL_High, SL_Highest
}
 
enum  SignatureAlgorithm {
  SignatureUnknown, EMSA1_SHA1, EMSA3_SHA1, EMSA3_MD5,
  EMSA3_MD2, EMSA3_RIPEMD160, EMSA3_Raw, EMSA3_SHA224,
  EMSA3_SHA256, EMSA3_SHA384, EMSA3_SHA512
}
 
enum  SignatureFormat { DefaultFormat, IEEE_1363, DERSequence }
 
enum  UsageMode {
  UsageAny = 0x00, UsageTLSServer = 0x01, UsageTLSClient = 0x02, UsageCodeSigning = 0x04,
  UsageEmailProtection = 0x08, UsageTimeStamping = 0x10, UsageCRLSigning = 0x20
}
 
enum  ValidateFlags { ValidateAll = 0x00, ValidateRevoked = 0x01, ValidateExpired = 0x02, ValidatePolicy = 0x04 }
 
enum  Validity {
  ValidityGood, ErrorRejected, ErrorUntrusted, ErrorSignatureFailed,
  ErrorInvalidCA, ErrorInvalidPurpose, ErrorSelfSigned, ErrorRevoked,
  ErrorPathLengthExceeded, ErrorExpired, ErrorExpiredCA, ErrorValidityUnknown = 64
}
 

Functions

QCA_EXPORT void appendPluginDiagnosticText (const QString &text)
 
QCA_EXPORT QString appName ()
 
QCA_EXPORT QString arrayToBase64 (const QByteArray &array)
 
QCA_EXPORT QString arrayToHex (const QByteArray &array)
 
QCA_EXPORT QByteArray base64ToArray (const QString &base64String)
 
QCA_EXPORT void clearPluginDiagnosticText ()
 
QCA_EXPORT QStringList defaultFeatures ()
 
QCA_EXPORT ProviderdefaultProvider ()
 
QCA_EXPORT void deinit ()
 
QCA_EXPORT QByteArray emsa3Encode (const QString &hashName, const QByteArray &digest, int size=-1)
 
QCA_EXPORT ProviderfindProvider (const QString &name)
 
QCA_EXPORT QVariant getProperty (const QString &name)
 
QCA_EXPORT QVariantMap getProviderConfig (const QString &name)
 
QCA_EXPORT QString globalRandomProvider ()
 
QCA_EXPORT bool haveSecureMemory ()
 
QCA_EXPORT bool haveSecureRandom ()
 
QCA_EXPORT bool haveSystemStore ()
 
QCA_EXPORT QByteArray hexToArray (const QString &hexString)
 
QCA_EXPORT void init ()
 
QCA_EXPORT void init (MemoryMode m, int prealloc)
 
QCA_EXPORT bool insertProvider (Provider *p, int priority=0)
 
QCA_EXPORT bool isSupported (const char *features, const QString &provider=QString())
 
QCA_EXPORT bool isSupported (const QStringList &features, const QString &provider=QString())
 
QCA_EXPORT Loggerlogger ()
 
QCA_EXPORT QStringList makeFriendlyNames (const QList< Certificate > &list)
 
QCA_EXPORT const SecureArray operator+ (const SecureArray &a, const SecureArray &b)
 
QCA_EXPORT CertificateInfoOrdered orderedDNOnly (const CertificateInfoOrdered &in)
 
QCA_EXPORT QString orderedToDNString (const CertificateInfoOrdered &in)
 
QCA_EXPORT QString pluginDiagnosticText ()
 
QCA_EXPORT QStringList pluginPaths ()
 
QCA_EXPORT int providerPriority (const QString &name)
 
QCA_EXPORT ProviderList providers ()
 
QCA_EXPORT void saveProviderConfig (const QString &name)
 
QCA_EXPORT void scanForPlugins ()
 
QCA_EXPORT void setAppName (const QString &name)
 
QCA_EXPORT void setGlobalRandomProvider (const QString &provider)
 
QCA_EXPORT void setProperty (const QString &name, const QVariant &value)
 
QCA_EXPORT void setProviderConfig (const QString &name, const QVariantMap &config)
 
QCA_EXPORT void setProviderPriority (const QString &name, int priority)
 
QCA_EXPORT QStringList supportedFeatures ()
 
QCA_EXPORT CertificateCollection systemStore ()
 
QCA_EXPORT void unloadAllPlugins ()
 
QCA_EXPORT bool unloadProvider (const QString &name)
 

Detailed Description

QCA - the Qt Cryptographic Architecture.

Typedef Documentation

Certificate properties type.

With this container, the information is not necessarily stored in the same sequence as the certificate format itself. Use this container if the order the information is/was stored does not matter for you (this is the case with most applications).

Additionally, the EmailLegacy type should not be used with this container. Use Email instead.

Definition at line 527 of file qca_cert.h.

Certificate constraints type

Definition at line 582 of file qca_cert.h.

Convenience representation for the plugin providers.

You can get a list of providers using the providers() function

See also
ProviderListIterator
providers()

Definition at line 100 of file qca_core.h.

A list of message keys.

Definition at line 175 of file qca_securemessage.h.

A list of signatures.

Definition at line 263 of file qca_securemessage.h.

Enumeration Type Documentation

Known types of information stored in certificates.

This enumerator offers a convenient way to work with common types.

Enumerator
CommonName 

The common name (eg person), id = "2.5.4.3".

Email 

Email address, id = "GeneralName.rfc822Name".

EmailLegacy 

PKCS#9 Email field, id = "1.2.840.113549.1.9.1".

Organization 

An organisation (eg company), id = "2.5.4.10".

OrganizationalUnit 

An part of an organisation (eg a division or branch), id = "2.5.4.11".

Locality 

The locality (eg city, a shire, or part of a state), id = "2.5.4.7".

IncorporationLocality 

The locality of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.1".

State 

The state within the country, id = "2.5.4.8".

IncorporationState 

The state of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.2".

Country 

The country, id = "2.5.4.6".

IncorporationCountry 

The country of incorporation (EV certificates), id = "1.3.6.1.4.1.311.60.2.1.3".

URI 

Uniform Resource Identifier, id = "GeneralName.uniformResourceIdentifier".

DNS 

DNS name, id = "GeneralName.dNSName".

IPAddress 

IP address, id = "GeneralName.iPAddress".

XMPP 

XMPP address (see http://www.ietf.org/rfc/rfc3920.txt), id = "1.3.6.1.5.5.7.8.5".

Definition at line 65 of file qca_cert.h.

Certificate Request Format.

Enumerator
PKCS10 

standard PKCS#10 format

SPKAC 

Signed Public Key and Challenge (Netscape) format.

Definition at line 54 of file qca_cert.h.

Known types of certificate constraints.

This enumerator offers a convenient way to work with common types.

Enumerator
DigitalSignature 

Certificate can be used to create digital signatures, id = "KeyUsage.digitalSignature"

NonRepudiation 

Certificate can be used for non-repudiation, id = "KeyUsage.nonRepudiation"

KeyEncipherment 

Certificate can be used for encrypting / decrypting keys, id = "KeyUsage.keyEncipherment"

DataEncipherment 

Certificate can be used for encrypting / decrypting data, id = "KeyUsage.dataEncipherment"

KeyAgreement 

Certificate can be used for key agreement, id = "KeyUsage.keyAgreement"

KeyCertificateSign 

Certificate can be used for key certificate signing, id = "KeyUsage.keyCertSign"

CRLSign 

Certificate can be used to sign Certificate Revocation Lists, id = "KeyUsage.crlSign"

EncipherOnly 

Certificate can only be used for encryption, id = "KeyUsage.encipherOnly"

DecipherOnly 

Certificate can only be used for decryption, id = "KeyUsage.decipherOnly"

ServerAuth 

Certificate can be used for server authentication (e.g. web server), id = "1.3.6.1.5.5.7.3.1". This is an extended usage constraint.

ClientAuth 

Certificate can be used for client authentication (e.g. web browser), id = "1.3.6.1.5.5.7.3.2". This is an extended usage constraint.

CodeSigning 

Certificate can be used to sign code, id = "1.3.6.1.5.5.7.3.3". This is an extended usage constraint.

EmailProtection 

Certificate can be used to sign / encrypt email, id = "1.3.6.1.5.5.7.3.4". This is an extended usage constraint.

IPSecEndSystem 

Certificate can be used to authenticate a endpoint in IPSEC, id = "1.3.6.1.5.5.7.3.5". This is an extended usage constraint.

IPSecTunnel 

Certificate can be used to authenticate a tunnel in IPSEC, id = "1.3.6.1.5.5.7.3.6". This is an extended usage constraint.

IPSecUser 

Certificate can be used to authenticate a user in IPSEC, id = "1.3.6.1.5.5.7.3.7". This is an extended usage constraint.

TimeStamping 

Certificate can be used to create a "time stamp" signature, id = "1.3.6.1.5.5.7.3.8". This is an extended usage constraint.

OCSPSigning 

Certificate can be used to sign an Online Certificate Status Protocol (OCSP) assertion, id = "1.3.6.1.5.5.7.3.9". This is an extended usage constraint.

Definition at line 318 of file qca_cert.h.

Return value from a format conversion.

Note that if you are checking for any result other than ConvertGood, then you may be introducing a provider specific dependency.

Enumerator
ConvertGood 

Conversion succeeded, results should be valid.

ErrorDecode 

General failure in the decode stage.

ErrorPassphrase 

Failure because of incorrect passphrase.

ErrorFile 

Failure because of incorrect file.

Definition at line 117 of file qca_publickey.h.

Direction settings for symmetric algorithms.

For some algorithms, it makes sense to have a "direction", such as Cipher algorithms which can be used to encrypt or decrypt.

Enumerator
Encode 

Operate in the "forward" direction; for example, encrypting.

Decode 

Operate in the "reverse" direction; for example, decrypting.

Definition at line 140 of file qca_core.h.

Well known discrete logarithm group sets.

These sets are derived from three main sources: Java Cryptographic Extensions, RFC2412 and RFC3526.

Enumerator
DSA_512 

512 bit group, for compatibility with JCE

DSA_768 

768 bit group, for compatibility with JCE

DSA_1024 

1024 bit group, for compatibility with JCE

IETF_768 

Group 1 from RFC 2412, Section E.1.

IETF_1024 

Group 2 from RFC 2412, Section E.2.

IETF_1536 

1536-bit MODP Group ("group 5") from RFC3526 Section 2.

IETF_2048 

2048-bit MODP Group ("group 14") from RFC3526 Section 3.

IETF_3072 

3072-bit MODP Group ("group 15") from RFC3526 Section 4.

IETF_4096 

4096-bit MODP Group ("group 16") from RFC3526 Section 5.

IETF_6144 

6144-bit MODP Group ("group 17") from RFC3526 Section 6.

IETF_8192 

8192-bit MODP Group ("group 18") from RFC3526 Section 7.

Definition at line 133 of file qca_publickey.h.

Encryption algorithms.

Enumerator
EME_PKCS1v15 

Block type 2 (PKCS#1, Version 1.5)

EME_PKCS1_OAEP 

Optimal asymmetric encryption padding (PKCS#1, Version 2.0)

EME_PKCS1v15_SSL 

PKCS#1, Version 1.5 with an SSL-specific modification.

EME_NO_PADDING 

Raw RSA encryption.

Definition at line 54 of file qca_publickey.h.

Mode settings for memory allocation.

QCA can use secure memory, however most operating systems restrict the amount of memory that can be pinned by user applications, to prevent a denial-of-service attack.

QCA supports two approaches to getting memory - the mlock method, which generally requires root (administrator) level privileges, and the mmap method which is not as secure, but which should be able to be used by any process.

See also
Initializer
Enumerator
Practical 

mlock and drop root if available, else mmap

Locking 

mlock and drop root

LockingKeepPrivileges 

mlock, retaining root privileges

Definition at line 127 of file qca_core.h.

Password-based encryption.

Enumerator
PBEDefault 

Use modern default (same as PBES2_TripleDES_SHA1)

PBES2_DES_SHA1 

PKCS#5 v2.0 DES/CBC,SHA1.

PBES2_TripleDES_SHA1 

PKCS#5 v2.0 TripleDES/CBC,SHA1.

PBES2_AES128_SHA1 

PKCS#5 v2.0 AES-128/CBC,SHA1.

PBES2_AES192_SHA1 

PKCS#5 v2.0 AES-192/CBC,SHA1.

PBES2_AES256_SHA1 

PKCS#5 v2.0 AES-256/CBC,SHA1.

Definition at line 101 of file qca_publickey.h.

Specify the lower-bound for acceptable TLS/SASL security layers.

For TLS, the interpretation of these levels is:

  • Any cipher suite that provides non-authenticated communications (usually anonymous Diffie-Hellman) is SL_Integrity.
  • Any cipher suite that is limited to 40 bits (export-version crippled forms of RC2, RC4 or DES) is SL_Export. Standard DES (56 bits) and some forms of RC4 (64 bits) are also SL_Export.
  • Any normal cipher (AES, Camellia, RC4 or similar) with 128 bits, or Elliptic Curve Ciphers with 283 bits, is SL_Baseline
  • AES or Camellia at least 192 bits, triple-DES and similar ciphers are SL_High. ECC with 409 or more bits is also SL_High.
  • Highest does not have an equivalent strength. It indicates that the provider should use the strongest ciphers available (but not less than SL_High).
Enumerator
SL_None 

indicates that no security is ok

SL_Integrity 

must at least get integrity protection

SL_Export 

must be export level bits or more

SL_Baseline 

must be 128 bit or more

SL_High 

must be more than 128 bit

SL_Highest 

SL_High or max possible, whichever is greater.

Definition at line 59 of file qca_securelayer.h.

Signature algorithm variants.

Note that most signature algorithms follow a process of first hashing the plaintext data to be signed, creating a payload format that wraps the hash value (among other things), and then signing the payload with the private key. So, for example, an EMSA3(SHA1) signature outputted by QCA cannot be verified by merely performing RSA and SHA1 operations (e.g. "openssl rsautl -verify" and comparing with sha1sum), because that would not take the EMSA3 payload format into consideration.

Enumerator
SignatureUnknown 

Unknown signing algorithm.

EMSA1_SHA1 

SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186)

EMSA3_SHA1 

SHA1, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_MD5 

MD5, with EMSA3 (ie PKCS#1 Version 1.5) encoding (this is the usual RSA algorithm)

EMSA3_MD2 

MD2, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_RIPEMD160 

RIPEMD160, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_Raw 

EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism)

EMSA3_SHA224 

SHA224, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_SHA256 

SHA256, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_SHA384 

SHA384, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

EMSA3_SHA512 

SHA512, with EMSA3 (ie PKCS#1 Version 1.5) encoding.

Definition at line 73 of file qca_publickey.h.

Signature formats (DSA only)

Enumerator
DefaultFormat 

For DSA, this is the same as IEEE_1363.

IEEE_1363 

40-byte format from IEEE 1363 (Botan/.NET)

DERSequence 

Signature wrapped in DER formatting (OpenSSL/Java)

Definition at line 91 of file qca_publickey.h.

Specify the intended usage of a certificate.

Enumerator
UsageAny 

Any application, or unspecified.

UsageTLSServer 

server side of a TLS or SSL connection

UsageTLSClient 

client side of a TLS or SSL connection

UsageCodeSigning 

code signing certificate

UsageEmailProtection 

email (S/MIME) certificate

UsageTimeStamping 

time stamping certificate

UsageCRLSigning 

certificate revocation list signing certificate

Definition at line 475 of file qca_cert.h.

The conditions to validate for a certificate.

Definition at line 508 of file qca_cert.h.

The validity (or otherwise) of a certificate.

Enumerator
ValidityGood 

The certificate is valid.

ErrorRejected 

The root CA rejected the certificate purpose.

ErrorUntrusted 

The certificate is not trusted.

ErrorSignatureFailed 

The signature does not match.

ErrorInvalidCA 

The Certificate Authority is invalid.

ErrorInvalidPurpose 

The purpose does not match the intended usage.

ErrorSelfSigned 

The certificate is self-signed, and is not found in the list of trusted certificates.

ErrorRevoked 

The certificate has been revoked.

ErrorPathLengthExceeded 

The path length from the root CA to this certificate is too long.

ErrorExpired 

The certificate has expired, or is not yet valid (e.g. current time is earlier than notBefore time)

ErrorExpiredCA 

The Certificate Authority has expired.

ErrorValidityUnknown 

Validity is unknown.

Definition at line 489 of file qca_cert.h.

Function Documentation

QCA_EXPORT void QCA::appendPluginDiagnosticText ( const QString text)

Add plugin diagnostic text.

This function should only be called by providers.

Parameters
textthe diagnostic message to append
QCA_EXPORT QString QCA::appName ( )

Get the application name that will be used by SASL server mode.

The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. The default application name is 'qca'

QCA_EXPORT QString QCA::arrayToBase64 ( const QByteArray array)

Convert a byte array to printable base64 representation.

This is a convenience function to convert an arbitrary QByteArray to a printable representation.

Parameters
arraythe array to be converted
Returns
a printable representation
QCA_EXPORT QString QCA::arrayToHex ( const QByteArray array)

Convert a byte array to printable hexadecimal representation.

This is a convenience function to convert an arbitrary QByteArray to a printable representation.

test.fill('a');
// 0x61 is 'a' in ASCII
if (QString("61616161616161616161") == QCA::arrayToHex(test) )
{
printf ("arrayToHex passed\n");
}
Parameters
arraythe array to be converted
Returns
a printable representation
Examples:
aes-cmac.cpp, ciphertest.cpp, hashtest.cpp, mactest.cpp, and rsatest.cpp.
QCA_EXPORT QByteArray QCA::base64ToArray ( const QString base64String)

Convert a QString containing a base64 representation of a byte array into a QByteArray.

This is a convenience function to convert a printable representation into a QByteArray - effectively the inverse of QCA::arrayToBase64.

Parameters
base64Stringthe string containing a printable representation to be converted
Returns
the equivalent QByteArray
QCA_EXPORT void QCA::clearPluginDiagnosticText ( )

Clear plugin diagnostic text.

QCA_EXPORT QStringList QCA::defaultFeatures ( )

Generate a list of the built in features.

This differs from supportedFeatures() in that it does not include features provided by plugins.

Returns
a list containing the names of the features

The following code writes a list of features to standard out

capabilities = QCA::defaultFeatures();
std::cout << "Default:" << capabilities.join(",") << std::endl;
See also
isSupported
supportedFeatures()
Examples:
providertest.cpp.
QCA_EXPORT Provider* QCA::defaultProvider ( )

Return the default provider.

QCA_EXPORT void QCA::deinit ( )

Clean up routine.

This routine cleans up QCA, including memory allocations This call is not normally required, because it is cleaner to use an Initializer

QCA_EXPORT QByteArray QCA::emsa3Encode ( const QString hashName,
const QByteArray digest,
int  size = -1 
)

Encode a hash result in EMSA3 (PKCS#1) format.

This is a convenience function for providers that only have access to raw RSA signing (mainly smartcard providers). This is a built-in function of QCA and does not utilize a provider. SHA1, MD5, MD2, and RIPEMD160 are supported.

Parameters
hashNamethe hash type used to create the digest
digestthe digest to encode in EMSA3 format
sizethe desired size of the encoding output (-1 for automatic size)
QCA_EXPORT Provider* QCA::findProvider ( const QString name)

Return the named provider, or 0 if not found.

Parameters
namethe name of the provider to search for.
QCA_EXPORT QVariant QCA::getProperty ( const QString name)

Retrieve a global property.

Parameters
namethe name of the property to look up
See also
setProperty
QCA_EXPORT QVariantMap QCA::getProviderConfig ( const QString name)

Retrieve provider configuration.

Parameters
namethe name of the provider to retrieve the configuration of
QCA_EXPORT QString QCA::globalRandomProvider ( )

Return the name of the global random number provider.

QCA_EXPORT bool QCA::haveSecureMemory ( )

Test if secure storage memory is available.

Returns
true if secure storage memory is available
QCA_EXPORT bool QCA::haveSecureRandom ( )

Test if secure random is available.

Secure random is considered available if the global random provider is not the default provider.

Returns
true if secure random is available
QCA_EXPORT bool QCA::haveSystemStore ( )

Test if QCA can access the root CA certificates.

If root certificates are available, this function returns true, otherwise it returns false.

See also
systemStore
Examples:
certtest.cpp, and ssltest.cpp.
QCA_EXPORT QByteArray QCA::hexToArray ( const QString hexString)

Convert a QString containing a hexadecimal representation of a byte array into a QByteArray.

This is a convenience function to convert a printable representation into a QByteArray - effectively the inverse of QCA::arrayToHex.

test.fill('b'); // 0x62 in hexadecimal
test[7] = 0x00; // can handle strings with nulls
if (QCA::hexToArray(QString("62626262626262006262") ) == test )
{
printf ("hexToArray passed\n");
}
Parameters
hexStringthe string containing a printable representation to be converted
Returns
the equivalent QByteArray
Examples:
aes-cmac.cpp.
QCA_EXPORT void QCA::init ( MemoryMode  m,
int  prealloc 
)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

Parameters
mthe MemoryMode to use
preallocthe amount of memory in kilobytes to allocate for secure storage
QCA_EXPORT bool QCA::insertProvider ( Provider p,
int  priority = 0 
)

Add a provider to the current list of providers.

This function allows you to add a provider to the current plugin providers at a specified priority. If a provider with the name already exists, this call fails.

QCA takes ownership of the provider.

Parameters
pa pointer to a Provider object, which must be set up.
prioritythe priority level to set the provider to
Returns
true if the provider is added, and false if the provider is not added (failure)
See also
unloadProvider for unloading specified providers
setProviderPriority for a description of the provider priority system
Examples:
aes-cmac.cpp.
QCA_EXPORT bool QCA::isSupported ( const char *  features,
const QString provider = QString() 
)

Test if a capability (algorithm) is available.

Since capabilities are made available at runtime, you should always check before using a capability the first time, as shown below.

if(!QCA::isSupported("sha1"))
printf("SHA1 not supported!\n");
else
{
QString result = QCA::SHA1::hashToString(myString);
printf("sha1(\"%s\") = [%s]\n", myString.data(), qPrintable(result));
}
Parameters
featuresthe name of the capability to test for
providerif specified, only check for the capability in that specific provider. If not provided, or provided as an empty string, then check for capabilities in all available providers
Returns
true if the capability is available, otherwise false

Note that you can test for a combination of capabilities, using a comma delimited list:

QCA::isSupported("sha1,md5"):

which will return true if all of the capabilities listed are present.

Examples:
aes-cmac.cpp, certtest.cpp, ciphertest.cpp, hashtest.cpp, mactest.cpp, md5crypt.cpp, publickeyexample.cpp, rsatest.cpp, saslclient.cpp, saslserver.cpp, sslservtest.cpp, and ssltest.cpp.
QCA_EXPORT bool QCA::isSupported ( const QStringList features,
const QString provider = QString() 
)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

Parameters
featuresa list of features to test for
providerif specified, only check for the capability in that specific provider. If not provided, or provided as an empty string, then check for capabilities in all available providers
QCA_EXPORT Logger* QCA::logger ( )

Return a reference to the QCA Logger, which is used for diagnostics and error recording.

The system Logger is automatically created for you on start.

QCA_EXPORT QStringList QCA::makeFriendlyNames ( const QList< Certificate > &  list)

Create a list of unique friendly names among a list of certificates.

Parameters
listthe list of certificates for which a friendly name is required.
QCA_EXPORT const SecureArray QCA::operator+ ( const SecureArray a,
const SecureArray b 
)

Returns an array that is the result of concatenating a and b.

Parameters
athe string to put at the start of the result
bthe string to put at the end of the result
QCA_EXPORT CertificateInfoOrdered QCA::orderedDNOnly ( const CertificateInfoOrdered in)

Return a new CertificateInfoOrdered that only contains the Distinguished Name (DN) types found in the input object.

Parameters
inthe certificate info to extract from
QCA_EXPORT QString QCA::orderedToDNString ( const CertificateInfoOrdered in)

Convert to RFC 1779 string format.

Parameters
inthe certificate info to convert
QCA_EXPORT QString QCA::pluginDiagnosticText ( )

Retrieve plugin diagnostic text.

QCA_EXPORT QStringList QCA::pluginPaths ( )

Retrieve plugin paths.

It consists of:

  1. QCA_PLUGIN_PATH environment if set.
  2. QCoreApplication::libraryPaths() .
  3. Directory where plugins were installed.

QCA_PLUGIN_PATH is paths list like PATH or QT_PLUGIN_PATH. It uses system path separator. ";" on Windows and ":" on Unix.

This function was introduced in QCA 2.1.

QCA_EXPORT int QCA::providerPriority ( const QString name)

Return the priority of a specified provider.

The name of the provider (eg "qca-ossl") is used to look up the current priority associated with that provider. If the provider is not found (or something else went wrong), -1 is returned.

Parameters
namethe name of the provider
Returns
the current priority level
See also
setProviderPriority for a description of the provider priority system
QCA_EXPORT ProviderList QCA::providers ( )

Return a list of the current providers.

The current plugin providers are provided as a list, which you can iterate over using ProviderListIterator.

See also
ProviderList
ProviderListIterator
Examples:
providertest.cpp.
QCA_EXPORT void QCA::saveProviderConfig ( const QString name)

Save provider configuration to persistent storage.

Parameters
namethe name of the provider to have its configuration saved
QCA_EXPORT void QCA::scanForPlugins ( )

Scan for new plugins.

Examples:
providertest.cpp.
QCA_EXPORT void QCA::setAppName ( const QString name)

Set the application name that will be used by SASL server mode.

The application name is used by SASL in server mode, as some systems might have different security policies depending on the app. This should be set before using SASL objects, and it cannot be changed later.

Parameters
namethe name string to use for SASL server mode
Examples:
saslserver.cpp.
QCA_EXPORT void QCA::setGlobalRandomProvider ( const QString provider)

Change the global random number provider.

The Random capabilities of QCA are provided as part of the built in capabilities, however the generator can be changed if required.

Parameters
providerthe name of the provider to use as the global random provider.
QCA_EXPORT void QCA::setProperty ( const QString name,
const QVariant value 
)

Set a global property.

Parameters
namethe name of the property
valuethe value to set the property to
See also
getProperty
QCA_EXPORT void QCA::setProviderConfig ( const QString name,
const QVariantMap &  config 
)

Set provider configuration.

Allowed value types: QString, int, bool

Parameters
namethe name of the provider to set the configuration to
configthe configuration
QCA_EXPORT void QCA::setProviderPriority ( const QString name,
int  priority 
)

Change the priority of a specified provider.

QCA supports a number of providers, and if a number of providers support the same algorithm, it needs to choose between them. You can do this at object instantiation time (by specifying the name of the provider that should be used). Alternatively, you can provide a relative priority level at an application level, using this call.

Priority is used at object instantiation time. The provider is selected according to the following logic:

  • if a particular provider is nominated, and that provider supports the required algorithm, then the nominated provider is used
  • if no provider is nominated, or it doesn't support the required algorithm, then the provider with the lowest priority number will be used, if that provider supports the algorithm.
  • if the provider with the lowest priority number doesn't support the required algorithm, the provider with the next lowest priority number will be tried, and so on through to the provider with the largest priority number
  • if none of the plugin providers support the required algorithm, then the default (built-in) provider will be tried.
Parameters
namethe name of the provider
prioritythe new priority of the provider. As a special case, if you pass in -1, then this provider gets the same priority as the the last provider that was added or had its priority set using this call.
See also
providerPriority
QCA_EXPORT QStringList QCA::supportedFeatures ( )

Generate a list of all the supported features in plugins, and in built in capabilities.

Returns
a list containing the names of the features

The following code writes a list of features to standard out

QStringList capabilities;
capabilities = QCA::supportedFeatures();
std::cout << "Supported:" << capabilities.join(",") << std::endl;
See also
isSupported(const char *features)
isSupported(const QStringList &features)
defaultFeatures()
QCA_EXPORT CertificateCollection QCA::systemStore ( )

Get system-wide root Certificate Authority (CA) certificates.

Many operating systems (or distributions, on Linux-type systems) come with some trusted certificates. Typically, these include the root certificates for major Certificate Authorities (for example, Verisign, Comodo) and some additional certificates that are used for system updates. They are provided in different ways for different systems.

This function provides an common way to access the system certificates. There are other ways to access certificates - see the various I/O methods (such as fromDER() and fromPEM()) in the Certificate and CertificateCollection classes.

Note
Availability of the system certificates depends on how QCA was built. You can test whether the system certificates are available using the haveSystemStore() function.
Examples:
certtest.cpp, ssltest.cpp, and tlssocket.cpp.
QCA_EXPORT void QCA::unloadAllPlugins ( )

Unload the current plugins.

QCA_EXPORT bool QCA::unloadProvider ( const QString name)

Unload specified provider.

The specified provider is removed from the list of providers and deleted. If no provider with the name is found, this call fails.

Parameters
namethe name of the provider
Returns
true if the provider is unloaded, and false if the provider cannot be found
See also
insertProvider for adding providers
This file is part of the KDE documentation.
Documentation copyright © 1996-2020 The KDE developers.
Generated on Sun Jul 5 2020 23:03:53 by doxygen 1.8.11 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.