Google Git
Sign in
chromium / chromium / src.git / refs/tags/118.0.5983.1 / . / chromeos / components / kcer
tree: c9727891538f49c6acaf8e42036fdb8496883ad4 [path history] [tgz]
  1. kcer_nss/
  2. BUILD.gn
  3. COMMON_METADATA
  4. DEPS
  5. DIR_METADATA
  6. kcer.cc
  7. kcer.h
  8. kcer_impl.cc
  9. kcer_impl.h
  10. kcer_notifier_net.cc
  11. kcer_notifier_net.h
  12. kcer_token.h
  13. OWNERS
  14. README.md
  15. token_key_finder.cc
  16. token_key_finder.h
  17. token_key_finder_unittest.cc
  18. token_results_merger.h
  19. token_results_merger_unittest.cc
chromeos/components/kcer/README.md

Kcer is a library to work with keys and client certificates on ChromeOS.

It can be accessed through the kcer::Kcer interface. Each Profile owns an instance of the interface and can use it to access keys and client certificates that are intended for the Profile. There's also a device-wide instance of the interface that only has access to device-wide objects.

Kcer can work with user and device tokens (which are provided by Chaps). User token contains keys and certificates that belong to the current user. Device token contains objects that belong to the whole device. A particular instance of Kcer interface might not have access to one or both of them depending on its Profile.

kcer::PublicKey objects contain a public key from a key pair that is available to Kcer. It can also be used to address its private key.

kcer::Cert contains a client certificate for a key pair. As a memory optimization kcer::Cert-s are refcounted (and immutable). kcer::Cert-s can also be used to address their private key.

Private keys themselves are not exposed through Kcer and all related operations are performed by dedicated system daemons (mainly Chaps). kcer::PrivateKeyHandle is a convenience class to address a private key that corresponds to a public key / public key SPKI (as a blob of bytes) / certificate and request an operation with it.

See kcer.h for more details about the interface.