Project: /_project.yaml Book: /_book.yaml

fuchsia.kms

PROTOCOLS

KeyManager {:#KeyManager}

Defined in fuchsia.kms/key_manager.fidl

SealData {:#SealData}

Seal data to an encrypted form.

Seal data to an encrypted form. The sealed data can only be unsealed by the same KMS instance by using UnsealData. plain_text needs to be less than MAX_DATA_SIZE bytes.

Request

Response

UnsealData {:#UnsealData}

Unseal sealed data.

Unseal data previously sealed by this KMS instance.

Request

Response

GenerateAsymmetricKey {:#GenerateAsymmetricKey}

Generate an asymmetric key.

Generate an asymmetric key using key_name as the unique name. key is the generated asymmetric key interface request. If the key_name is not unique, you would get KEY_ALREADY_EXISTS. The generated key can be used to sign data. The algorithm used for generating asymmetric key is ECDSA_SHA512_P521.

Request

Response

GenerateAsymmetricKeyWithAlgorithm {:#GenerateAsymmetricKeyWithAlgorithm}

Generate an asymmetric key with a specific algorithm.

Generate an asymmetric key using key_name as the unique name and key_algorithm as algorithm. key is the generated asymmetric key interface request. If the key_name is not unique, you would get KEY_ALREADY_EXISTS.

Request

Response

ImportAsymmetricPrivateKey {:#ImportAsymmetricPrivateKey}

Import an asymmetric private key with a specific algorithm.

Import an asymmetric private key using key_name as the unique name, key_algorithm as algorithm and data as key data. key is imported asymmetric key interface request. Key data should be in asn.1 encoded DER format. If the key_name is not unique, you would get KEY_ALREADY_EXISTS.

Request

Response

GetAsymmetricPrivateKey {:#GetAsymmetricPrivateKey}

Get an asymmetric private key handle.

Get an asymmetric private key handle using the key_name. If such key is not found, would return KEY_NOT_FOUND.

Request

Response

DeleteKey {:#DeleteKey}

Delete a key.

Delete a key for key_name. For all the current handle to the deleted key, they would become invalid and all following requests on those handles would return KEY_NOT_FOUND, user should close the invalid handles once get KEY_NOT_FOUND Status.

Request

Response

Key {:#Key}

Defined in fuchsia.kms/key_manager.fidl

GetKeyOrigin {:#GetKeyOrigin}

Get the key origin (generated/imported).

Request

Response

AsymmetricPrivateKey {:#AsymmetricPrivateKey}

Defined in fuchsia.kms/key_manager.fidl

GetKeyOrigin {:#GetKeyOrigin}

Get the key origin (generated/imported).

Request

Response

Sign {:#Sign}

Sign data using the current key. data needs to be less than MAX_DATA_SIZE bytes.

Request

Response

GetPublicKey {:#GetPublicKey}

Get the DER format public key for the current private key.

Request

Response

GetKeyAlgorithm {:#GetKeyAlgorithm}

Get the key algorithm.

Request

Response

StatelessKeyManager {:#StatelessKeyManager}

Defined in fuchsia.kms/key_manager_stateless.fidl

GetHardwareDerivedKey {:#GetHardwareDerivedKey}

Get a hardware key derived key.

Get a key derived from hardware root key using | key_info | as info and the trusted app ID as salt. This call is deterministic and always returns the same result if given the same | key_info | on the same device and would be different across different devices if they have different hardware keys.

Request

Response

STRUCTS

Signature {:#Signature}

Defined in fuchsia.kms/key_manager.fidl

PublicKey {:#PublicKey}

Defined in fuchsia.kms/key_manager.fidl

ENUMS

Status {:#Status}

Type: uint32

Defined in fuchsia.kms/key_manager.fidl

AsymmetricKeyAlgorithm {:#AsymmetricKeyAlgorithm}

Type: uint32

Defined in fuchsia.kms/key_manager.fidl

KeyOrigin {:#KeyOrigin}

Type: uint32

Defined in fuchsia.kms/key_manager.fidl

CONSTANTS