Developer's Guide to Oracle Solaris Security

Packaging User-Level Provider Applications

    A third-party developer of a user-level cryptographic provider application completes the following process:

  1. Acquire a certificate from Oracle Corporation. Then, sign the library. See Adding Signatures to Providers.

  2. Ship the certificate with the package. The certificate must be placed in the /etc/crypto/certs directory.

  3. Add the pkcs11conf class into the CLASSES string of the pkginfo file. The following line should be added:

    CLASS=none pkcs11conf
  4. Create an input file pkcs11.conf in the etc/crypto directory.

    The input file for user-level providers is named pkcs11.conf. This file specifies the path to the provider. The pkcs11.conf uses the following syntax for the entry:

    filename
    

    The entry is an absolute path to a file such as /opt/lib/$ISA/myProviderApp.so. This file is added to the configuration file when pkgadd is run. Note the $ISA expression in the path name. $ISA points to either a 32–bit version or a 64–bit version of the application, as needed.

  5. Add the following line to the package's prototype file:

    e pkcs11conf etc/crypto/pkcs11conf 0644 root sys