Developer's Guide to Oracle Solaris Security

ProcedureTo Sign a Provider

Typically, the developer of the provider signs the provider. However, the system administrator might be called on to sign the developer's binary as part of your site security policy.

  1. Sign the provider. Use the elfsign sign command, the certificate from Oracle, and the private key for requesting certificates from Oracle.

    % elfsign sign -k private-keyfile -c Oracle-certificate -e provider-object

    File that contains that private key that was used to generate the certificate request that was sent to Oracle.


    Path to the certificate from Oracle that was issued from the certificate request.


    Path to the provider, or binary, to be signed for use within the cryptographic framework.

    The following example shows how to sign a provider.

    % elfsign sign \
    -k /securecrypt/private/MyCompany.private.key \
    -c /etc/crypto/certs/MyCompany
    -e /path/to/provider.object

    Note that using elfsign sign changes the object in the location that was specified. If an unsigned version of the object is needed, then the object should be copied to a different location before elfsign sign is applied.