Managing Encryption and Certificates in Oracle® Solaris 11.2

Exit Print View

Updated: September 2014

Plugins to the Cryptographic Framework

    Third parties can plug their providers into the Cryptographic Framework. A third-party provider can be one of the following objects:

  • PKCS #11 shared library

  • Loadable kernel software module, such as an encryption algorithm, MAC function, or digest function

  • Kernel device driver for a hardware accelerator

The objects from a provider must be signed with a certificate from Oracle. The certificate request is based on a private key that the third party selects, and a certificate that Oracle provides. The certificate request is sent to Oracle, which registers the third party and then issues the certificate. The third party then signs its provider object with the certificate from Oracle.

The loadable kernel software modules and the kernel device drivers for hardware accelerators must also register with the kernel. Registration is through the Cryptographic Framework SPI (service provider interface).