Skip Navigation Links | |
Exit Print View | |
Developer's Guide to Oracle Solaris 10 Security Oracle Solaris 10 1/13 Information Library |
1. Oracle Solaris Security for Developers (Overview)
2. Developing Privileged Applications
3. Writing PAM Applications and Services
4. Writing Applications That Use GSS-API
7. Writing Applications That Use SASL
8. Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
Components of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Avoiding Data Cleanup Collisions in User-Level Providers
9. Writing User-Level Cryptographic Applications and Providers
10. Using the Smart Card Framework
A. Sample C-Based GSS-API Programs
D. Source Code for SASL Example
This section describes the requirements to develop the three types of applications that can plug into the Oracle Solaris cryptographic framework.
To develop a user-level consumer, a developer needs to keep the following items in mind:
Include <security/cryptoki.h>.
Make all calls through the PKCS #11 interfaces only.
Link with libpkcs11.so.
Libraries should not call the C_Finalize() function.
See Chapter 9, Writing User-Level Cryptographic Applications and Providers for more information.
To develop a user-level provider, a developer needs to keep the following items in mind:
Design the provider to stand alone. Although the provider shared object need not be a full-fledged library to which applications link, all necessary symbols must exist in the provider. Assume that the provider is to be opened by dlopen(3C) in RTLD_GROUP and RTLD_NOW mode.
Create a PKCS #11 Cryptoki implementation in a shared object. This shared object should include necessary symbols rather than depend on consumer applications.
It is highly recommended though not required to provide a _fini() routine for data cleanup. This method is required to avoid collisions between C_Finalize() calls when an application or shared library loads libpkcs11 and other provider libraries concurrently. See Avoiding Data Cleanup Collisions in User-Level Providers.
Apply for a certificate from Oracle Corporation. See To Request a Certificate for Signing a Provider.
Use the certificate with elfsign to sign the binary. See To Sign a Provider.
Package the shared object according to Oracle conventions. See Appendix F, Packaging and Signing Cryptographic Providers.
To develop a kernel-level consumer, a developer needs to keep the following items in mind:
Include <sys/crypto/common.h> and <sys/crypto/api.h>.
Make all calls through the kernel programming interface.