|Skip Navigation Links|
|Exit Print View|
|Developer's Guide to Oracle Solaris Security Oracle Solaris 10 8/11 Information Library|
This section describes the requirements to develop the three types of applications that can plug into the Oracle Solaris cryptographic framework.
Make all calls through the PKCS #11 interfaces only.
Link with libpkcs11.so.
Libraries should not call the C_Finalize() function.
See Chapter 9, Writing User-Level Cryptographic Applications and Providers for more information.
Design the provider to stand alone. Although the provider shared object need not be a full-fledged library to which applications link, all necessary symbols must exist in the provider. Assume that the provider is to be opened by dlopen(3C) in RTLD_GROUP and RTLD_NOW mode.
Create a PKCS #11 Cryptoki implementation in a shared object. This shared object should include necessary symbols rather than depend on consumer applications.
It is highly recommended though not required to provide a _fini() routine for data cleanup. This method is required to avoid collisions between C_Finalize() calls when an application or shared library loads libpkcs11 and other provider libraries concurrently. See Avoiding Data Cleanup Collisions in User-Level Providers.
Apply for a certificate from Oracle Corporation. See To Request a Certificate for Signing a Provider.
Use the certificate with elfsign to sign the binary. See To Sign a Provider.
Package the shared object according to Oracle conventions. See Appendix F, Packaging and Signing Cryptographic Providers.
Include <sys/crypto/common.h> and <sys/crypto/api.h>.
Make all calls through the kernel programming interface.