The Solaris Key Management Framework (KMF) provides tools and programming interfaces for managing public key (PKI) objects. The pktool command enables the administrator to manage PKI objects in nss, pkcs11, and file-based keystores from a single utility.
The API layer enables the developer to specify the type of keystore to be used. KMF also provides plug-in modules for these PKI technologies. These plug-in modules enable developers to write new applications to use any of the supported keystores.
KMF has a unique feature that provides a system-wide policy database that KMF applications can use regardless of the type of keystore. By using the kmfcfg command, the administrator can create policy definitions in a global database. KMF applications can then choose a policy to enforce, so that all subsequent KMF operations are constrained by the policy being enforced. Policy definitions include rules for the following:
Strategy for performing validations
Key usage and extended key usage requirements
Trust anchor definitions
OCSP parameters
CRL DB parameters (for example, location)
For more information, see the following:
pktool(1) man page
kmfcfg(1) man page
Chapter 15, Solaris Key Management Framework, in System Administration Guide: Security Services