Solaris Key Management Framework

The pktool command enables the administrator to manage PKI objects in all three keystores from a single utility.

The API layer enables the developer to specify the type of keystore to be used. KMF also provides plug-in modules for these PKI technologies. These plug-in modules enable developers to write new applications to use any of the supported keystores.

KMF has a unique feature that provides a system-wide policy database that KMF applications can use regardless of the type of keystore. By using the kmfcfg command, the administrator can create policy definitions in a global database. KMF applications can then choose a policy to enforce, so that all subsequent KMF operations are constrained by the policy being enforced. Policy definitions include rules for the following:

• Strategy for performing validations

• Key usage and extended key usage requirements

• Trust anchor definitions

• OCSP parameters

• CRL DB parameters (for example, location)

For more information, see the following:

• pktool(1) man page

• kmfcfg(1) man page

• Chapter 15, Solaris Key Management Framework, in System Administration Guide: Security Services