Typically, the developer of the provider signs the provider. However, the system administrator might be called on to sign the developer's binary as part of your site security policy.
Sign the provider. Use the elfsign sign command, the certificate from Sun, and the private key for requesting certificates from Sun.
% elfsign sign -k private-keyfile -c Sun-certificate -e provider-object |
File that contains that private key that was used to generate the certificate request that was sent to Sun.
Path to the certificate from Sun that was issued from the certificate request.
Path to the provider, or binary, to be signed for use within the Solaris cryptographic framework.
The following example shows how to sign a provider.
% elfsign sign \ -k /securecrypt/private/MyCompany.private.key \ -c /etc/crypto/certs/MyCompany -e /path/to/provider.object |
Note that using elfsign sign changes the object in the location that was specified. If an unsigned version of the object is needed, then the object should be copied to a different location before elfsign sign is applied.