Security Enhancements

The following security features and enhancements have been added to the Solaris 10 7/07 HW release.

Solaris Key Management Framework

The pktool command enables the administrator to manage PKI objects in all three keystores from a single utility.

The API layer enables the developer to specify the type of keystore to be used. KMF also provides plug-in modules for these PKI technologies. These plug-in modules enable developers to write new applications to use any of the supported keystores.

KMF has a unique feature that provides a system-wide policy database that KMF applications can use regardless of the type of keystore. By using the kmfcfg command, the administrator can create policy definitions in a global database. KMF applications can then choose a policy to enforce, so that all subsequent KMF operations are constrained by the policy being enforced. Policy definitions include rules for the following:

• Strategy for performing validations

• Key usage and extended key usage requirements

• Trust anchor definitions

• OCSP parameters

• CRL DB parameters (for example, location)

For more information, see the following:

• pktool(1) man page

• kmfcfg(1) man page

• Chapter 15, Solaris Key Management Framework, in System Administration Guide: Security Services

libmd - Message Digest library

Security Enhancements

Starting with this release, the libmd library provides implementations of cryptographic hash algorithms MD4, MD5, SHA1 and SHA2 which comprises SHA256, SHA384, SHA512, by using lightweight APIs. For descriptions of APIs for the functions offered by libmd, see the following man pages:

• md4(3EXT)

• md5(3EXT)

• sha1(3EXT)

• sha2(3EXT)