The Oracle Solaris KMF provides abstract APIs for PKI operations. Applications written to KMF can access multiple keystores such as files (OpenSSL), NSS, and PKCS11 tokens and multiple validation modules such as OCSP and CRL checking. The KMF API can be extended by third parties for proprietary and legacy implementations.
The KMF APIs are provided in the Key Management Framework Library, libkmf(3LIB). These APIs enable your application to create and manage public key objects such as public/private keypairs, certificates, CSRs, certificate validation, CRLs, and OCSP response processing.
Keys, certificate, and CSR operations: create and delete, store and retrieve, search, import and export
Common cryptographic operations: sign and verify, encrypt and decrypt using certificates as keys
Access complex PKI objects: set and get X.509 attributes and extensions, and extract data in human-readable formats
The KMF APIs are defined in the kmfapi.h file, and structures and types are defined in the kmftypes.h file. The kmfapi.h file lists the functions in the following groups:
Setup operations
Key operations
Certificate operations
Cryptographic operations with key or certificate
CRL operations
CSR operations
Get certificate operations
Set certificate operations
PK12 operations
OCSP operations
Policy operations
Error handling
Memory cleanup operations
APIs for PKCS#11 tokens
Attribute management operations