JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris Security     Oracle Solaris 10 8/11 Information Library
search filter icon
search icon

Document Information


1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

GSSAPI Client Example Overview

GSSAPI Client Example Structure

Running the GSSAPI Client Example

GSSAPI Client Example: main() Function

Opening a Connection With the Server

Establishing a Security Context With the Server

Translating a Service Name into GSS-API Format

Establishing a Security Context for GSS-API

Miscellaneous GSSAPI Context Operations on the Client Side

Wrapping and Sending a Message

Reading and Verifying a Signature Block From a GSS-API Client

Deleting the Security Context

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications and Providers

10.  Using the Smart Card Framework

A.  Sample C-Based GSS-API Programs

B.  GSS-API Reference

C.  Specifying an OID

D.  Source Code for SASL Example

E.  SASL Reference Tables

F.  Packaging and Signing Cryptographic Providers



Reading and Verifying a Signature Block From a GSS-API Client

The gss-client program can now test the validity of the message that was sent. The server returns the MIC for the message that was sent. The message can be retrieved with the recv_token().

The gss_verify_mic() function is then used to verify the message's signature, that is, the MIC. gss_verify_mic() compares the MIC that was received with the original, unwrapped message. The received MIC comes from the server's token, which is stored in out_buf. The MIC from the unwrapped version of the message is held in in_buf. If the two MICs match, the message is verified. The client then releases the buffer for the received token, out_buf.

The process of reading and verifying a signature block is demonstrated in the following source code.

Note - The source code for this example is also available through the download center. See

Example 5-7 gss-client Example – Read and Verify Signature Block

/* Read signature block into out_buf */
     if (recv_token(s, &out_buf) < 0) {
          (void) close(s);
          (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
          return -1;

/* Verify signature block */
     maj_stat = gss_(&min_stat, context, &in_buf,
                               &out_buf, &qop_state);
     if (maj_stat != GSS_S_COMPLETE) {
          display_status("verifying signature", maj_stat, min_stat);
          (void) close(s);
          (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
          return -1;
     (void) gss_release_buffer(&min_stat, &out_buf);

     if (use_file)

     printf("Signature verified.\n");