The Cryptographic Framework feature of Oracle Solaris and the Key Management Framework (KMF) feature of Oracle Solaris provide central repositories for cryptographic services and key management. Hardware, software, and end users have seamless access to optimized algorithms. KMF provides a unified interface for otherwise different storage mechanisms, administrative utilities, and programming interfaces for various public key infrastructures (PKIs).
The Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements. The PKCS #11 libraries are implemented according to the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) standard. Cryptographic services, such as encryption and decryption for files, are available to regular users.
KMF provides tools and programming interfaces for centrally managing public key objects, such as X.509 certificates and public/private key pairs. The formats for storing these objects can vary. KMF also provides a tool for managing policies that define the use of X.509 certificates by applications. KMF supports third-party plugins.
For more information, see the following:
Selected man pages include cryptoadm (1M) , encrypt (1) , mac (1) , pktool (1) , and kmfcfg (1) .
For an overview of cryptographic services, see Chapter 1, Cryptographic Framework, in Managing Encryption and Certificates in Oracle Solaris 11.2 and Chapter 4, Key Management Framework, in Managing Encryption and Certificates in Oracle Solaris 11.2 .
For examples of using the Cryptographic Framework, see Chapter 3, Cryptographic Framework, in Managing Encryption and Certificates in Oracle Solaris 11.2 and the man pages.
To enable the Cryptographic Framework FIPS 140 provider, see How to Create a Boot Environment with FIPS 140 Enabled in Managing Encryption and Certificates in Oracle Solaris 11.2 .