Skip Navigation Links | |
Exit Print View | |
Developer's Guide to Oracle Solaris Security Oracle Solaris 10 8/11 Information Library |
1. Oracle Solaris Security for Developers (Overview)
2. Developing Privileged Applications
3. Writing PAM Applications and Services
4. Writing Applications That Use GSS-API
7. Writing Applications That Use SASL
8. Introduction to the Oracle Solaris Cryptographic Framework
9. Writing User-Level Cryptographic Applications and Providers
10. Using the Smart Card Framework
A. Sample C-Based GSS-API Programs
D. Source Code for SASL Example
F. Packaging and Signing Cryptographic Providers
Packaging Cryptographic Provider Applications and Modules
Complying with U.S. Government Export Laws
Packaging User-Level Provider Applications
Packaging Kernel-Level Provider Modules
Adding Signatures to Providers
To Request a Certificate for Signing a Provider
To Verify That a Provider Is Signed
Typically, the developer of the provider signs the provider. However, the system administrator might be called on to sign the developer's binary as part of your site security policy.
% elfsign sign -k private-keyfile -c Sun-certificate -e provider-object
File that contains that private key that was used to generate the certificate request that was sent to Sun.
Path to the certificate from Sun that was issued from the certificate request.
Path to the provider, or binary, to be signed for use within the Solaris cryptographic framework.
The following example shows how to sign a provider.
% elfsign sign \ -k /securecrypt/private/MyCompany.private.key \ -c /etc/crypto/certs/MyCompany -e /path/to/provider.object
Note that using elfsign sign changes the object in the location that was specified. If an unsigned version of the object is needed, then the object should be copied to a different location before elfsign sign is applied.