Skip Navigation Links | |
Exit Print View | |
Developer's Guide to Oracle Solaris Security Oracle Solaris 11 Express 11/10 |
1. Oracle Solaris Security for Developers (Overview)
2. Developing Privileged Applications
3. Writing PAM Applications and Services
4. Writing Applications That Use GSS-API
7. Writing Applications That Use SASL
8. Introduction to the Oracle Solaris Cryptographic Framework
9. Writing User-Level Cryptographic Applications and Providers
10. Introduction to the Oracle Solaris Key Management Framework
A. Sample C-Based GSS-API Programs
D. Source Code for SASL Example
F. Packaging and Signing Cryptographic Providers
Packaging Cryptographic Provider Applications and Modules
Complying with U.S. Government Export Laws
Packaging User-Level Provider Applications
Packaging Kernel-Level Provider Modules
Adding Signatures to Providers
To Request a Certificate for Signing a Provider
This procedure is useful for when the same provider is to be shipped for both domestic use and restricted international use. You sign the provider with a key for a usage-restricted certificate for all customers. For those customers who use providers without caller-based restrictions, you generate and include a special activation file that permits use with IPsec. The activation file should reside in the same directory as the provider. The convention for naming the activation file is to combine the name of the driver with the extension .esa, for example, /kernel/drv/vca.esa.
% elfsign sign -a -k private-keyfile -c Oracle-certificate -e provider-object
Generate a signed ELF Sign Activation (.esa) file. This option is used when a cryptographic provider needs both non-retail export approval and retail approval. The retail approval is accomplished by restricting export-sensitive callers such as IPsec. This option assumes that the provider binary has previously been signed with a restricted certificate.
File that contains that private key that was used to generate the certificate request that was sent to Oracle Corporation.
Path to the certificate from Oracle that was issued from the certificate request.
Path to the provider, or binary, to be signed for use within the cryptographic framework.
The following example shows how to sign a provider.
% elfsign sign \ -a \ -k /securecrypt/private/MyCompany.private.key \ -c /etc/crypto/certs/MyCompany -e /path/to/provider.object