Developer's Guide to Oracle® Solaris 11 Security

Exit Print View

Updated: July 2014

KMF Application Programming Interfaces

The Oracle Solaris KMF provides abstract APIs for PKI operations. Applications written to KMF can access multiple keystores such as files (OpenSSL), NSS, and PKCS11 tokens and multiple validation modules such as OCSP and CRL checking. The KMF API can be extended by third parties for proprietary and legacy implementations.

    The KMF APIs are provided in the Key Management Framework Library, libkmf(3LIB). These APIs enable your application to create and manage public key objects such as public/private keypairs, certificates, CSRs, certificate validation, CRLs, and OCSP response processing.

  • Keys, certificate, and CSR operations: create and delete, store and retrieve, search, import and export

  • Common cryptographic operations: sign and verify, encrypt and decrypt using certificates as keys

  • Access complex PKI objects: set and get X.509 attributes and extensions, and extract data in human-readable formats

    The KMF APIs are defined in the kmfapi.h file, and structures and types are defined in the kmftypes.h file. The kmfapi.h file lists the functions in the following groups:

  • Setup operations

  • Key operations

  • Certificate operations

  • Cryptographic operations with key or certificate

  • CRL operations

  • CSR operations

  • Get certificate operations

  • Set certificate operations

  • PK12 operations

  • OCSP operations

  • Policy operations

  • Error handling

  • Memory cleanup operations

  • APIs for PKCS#11 tokens

  • Attribute management operations