Packaging Kernel-Level Provider Modules
A third-party developer of a kernel-level cryptographic provider module completes the following process:
-
Acquire a certificate from Sun Microsystems, Inc. Then, sign the kernel software module or device driver. See Adding Signatures to Providers.
-
Ship the certificate with the package. The certificate should be placed in the /etc/crypto/certs directory.
-
Add the kcfconf class into the CLASSES string of the pkginfo file. The following line should be added:
CLASS=none kcfconf
-
Create an input file kcf.conf in the etc/crypto directory. This file is used to add software and hardware plug-ins to the kernel configuration file.
-
If the provider is a kernel software module with cryptographic mechanisms, use the following syntax for the entry:
provider-name:supportedlist=mech1,mech2,...
- provider-name
-
Base name for the kernel software module
- mech*
-
Name of the cryptographic mechanism in the list
The following entry is an example of a kernel software module:
des:supportedlist=CKM_DES_CBC,CKM_DES_ECB,CKM_DES_CFB
-
If the provider is a device driver for cryptographic mechanisms, such as an accelerator card, then use the following syntax for the entry:
driver_names=devicedriver1,devicedriver2,...
- devicedriver*
-
Name of a device driver for a cryptographic device.
The following entry is an example of a device driver:
driver_names=dca
-
- © 2010, Oracle Corporation and/or its affiliates