The Oracle Solaris KMF provides abstract APIs for PKI operations. Applications written to KMF can access multiple keystores such as files (OpenSSL), NSS, and PKCS11 tokens and multiple validation modules such as OCSP and CRL checking. The KMF API can be extended by third parties for proprietary and legacy implementations.
The KMF APIs are provided in the Key Management Framework Library, libkmf(3LIB). These APIs enable your application to create and manage public key objects such as public/private keypairs, certificates, CSRs, certificate validation, CRLs, and OCSP response processing.
Keys, certificate, and CSR operations: create and delete, store and retrieve, search, import and export
Common cryptographic operations: sign and verify, encrypt and decrypt using certificates as keys
Access complex PKI objects: set and get X.509 attributes and extensions, and extract data in human-readable formats
Cryptographic operations with key or certificate
Get certificate operations
Set certificate operations
Memory cleanup operations
APIs for PKCS#11 tokens
Attribute management operations