test

System Administration Guide: Security Services

ProcedureHow to Add a Software Provider

  1. Assume the Primary Administrator role, or become superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. List the software providers that are available to the system.


    % cryptoadm list
User-level providers:
Provider: /usr/lib/security/$ISA/pkcs11_kernel.so
Provider: /usr/lib/security/$ISA/pkcs11_softtoken.so

Kernel software providers:
	des
	aes
	arcfour
	blowfish
	sha1
	sha2
	md4
	md5
	rsa
	swrand

Kernel hardware providers:
    ncp/0

  3. Add the provider's package by using the pkgadd command.


    # pkgadd -d /path/to/package pkginst

    The package must include software that has been signed by a certificate from Sun. To request a certificate from Sun and to sign a provider, see Appendix F, Packaging and Signing Cryptographic Providers, in Solaris Security for Developers Guide.

    The package should have scripts that notify the cryptographic framework that another provider with a set of mechanisms is available. For information about the packaging requirements, see Appendix F, Packaging and Signing Cryptographic Providers, in Solaris Security for Developers Guide.

  4. Refresh the providers.

    You need to refresh providers if you added a software provider, or if you added hardware and specified policy for the hardware.


    # svcadm refresh svc:/system/cryptosvc

  5. Locate the new provider on the list.

    In this case, a new kernel software provider was installed.


    # cryptoadm list 
…
Kernel software providers:
	des
	aes
	arcfour
	blowfish
	sha1
	sha2
	md4
	md5
	rsa
	swrand
  ecc <-- added provider
Example 14–21 Adding a User-Level Software Provider

In the following example, a signed PKCS #11 library is installed.


# pkgadd -d /cdrom/cdrom0/SolarisNew
Answer the prompts
# svcadm refresh system/cryptosvc
# cryptoadm list
user-level providers:
==========================
    /usr/lib/security/$ISA/pkcs11_kernel.so
    /usr/lib/security/$ISA/pkcs11_softtoken.so
    /opt/SUNWconn/lib/$ISA/libpkcs11.so.1 <-- added provider

Developers who are testing a library with the cryptographic framework can install the library manually.


# cryptoadm install provider=/opt/SUNWconn/lib/\$ISA/libpkcs11.so.1

For information on getting your provider signed, see Binary Signatures for Third-Party Software.