Go to main content

man pages section 3: Library Interfaces and Headers

Exit Print View

Updated: Thursday, June 13, 2019
 
 

libkmf(3LIB)

Name

libkmf - Key Management Framework library

Synopsis

cc [ flag... ] file... –
lkmf [ library... ]
#include <kmfapi.h>

Description

These functions comprise the Key Management Framework (KMF) library. They are intended to be used by applications that need to perform operations involving the creation and management of public key objects such as public/private key pairs, certificates, certificate signing requests, certificate validation, certificate revocation lists, and OCSP response processing.

Certificate to name mapping

KMF provides a means to map a certificate to a name according to the configuration from the policy database or through the mapping initialization function. The functions that provide the mapping functionality are kmf_cert_to_name_mapping_initialize(), kmf_cert_to_name_mapping_finalize (), kmf_map_cert_to_name(), kmf_match_cert_to_name (), and kmf_get_mapper_error_str(). KMF provides different types of mapping through shared objects called mappers. Supported mappers are:

cn

The CN mapper maps a certificate to its value from the Common Name attribute. All other certificate attributes are ignored. The mapper should be used in domains where the Common Name values are unique within the particular domain.

The mapper accepts only one option, the “case-sensitive” option which defaults to false. If set, the kmf_match_cert_to_name () function will honor the case sensitivity when comparing the mapped name with the name provided. The option has no effect on the kmf_map_cert_to_name() function.

INTERFACES

The shared object libkmf.so.1 provides the public interfaces defined below. See intro(3) for additional information on shared object interfaces.

kmf_add_cert_eku
kmf_add_csr_eku
kmf_add_policy_to_db
kmf_build_pk12
kmf_cert_to_name_mapping_finalize
kmf_cert_to_name_mapping_initialize
kmf_check_cert_date
kmf_check_crl_date
kmf_compare_rdns
kmf_configure_keystore
kmf_create_cert_file
kmf_create_csr_file
kmf_create_keypair
kmf_create_ocsp_request
kmf_create_sym_key
kmf_decode_csr
kmf_decrypt
kmf_delete_cert_from_keystore
kmf_delete_crl
kmf_delete_key_from_keystore
kmf_delete_policy_from_db
kmf_der_to_pem
kmf_dn_parser
kmf_download_cert
kmf_download_crl
kmf_ekuname_to_oid
kmf_encode_cert_record
kmf_encrypt
kmf_export_pk12
kmf_finalize
kmf_find_attr
kmf_find_cert
kmf_find_cert_in_crl
kmf_find_crl
kmf_find_key
kmf_find_prikey_by_cert
kmf_free_algoid
kmf_free_bigint
kmf_free_cert_chain
kmf_free_crl_dist_pts
kmf_free_data
kmf_free_dn
kmf_free_eku
kmf_free_eku_policy
kmf_free_extn
kmf_free_kmf_cert
kmf_free_kmf_key
kmf_free_policy_record
kmf_free_raw_key
kmf_free_raw_sym_key
kmf_free_signed_cert
kmf_free_signed_csr
kmf_free_spki
kmf_free_str
kmf_free_tbs_cert
kmf_free_tbs_csr
kmf_get_attr
kmf_get_attr_ptr
kmf_get_cert_auth_info_access
kmf_get_cert_basic_constraint
kmf_get_cert_chain
kmf_get_cert_crl_dist_pts
kmf_get_cert_eku
kmf_get_cert_email_str
kmf_get_cert_end_date_str
kmf_get_cert_extn
kmf_get_cert_extn_str
kmf_get_cert_id_data
kmf_get_cert_id_str
kmf_get_cert_issuer_str
kmf_get_cert_ku
kmf_get_cert_policies
kmf_get_cert_pubkey_alg_str
kmf_get_cert_pubkey_str
kmf_get_cert_serial_str
kmf_get_cert_sig_alg_str
kmf_get_cert_start_date_str
kmf_get_cert_subject_str
kmf_get_cert_validity
kmf_get_cert_version_str
kmf_get_cert_pubkey_id_data
kmf_get_cert_pubkey_id_str
kmf_get_data_format
kmf_get_encoded_ocsp_response
kmf_get_file_format
kmf_get_kmf_error_str
kmf_get_mapper_error_str
kmf_get_mapper_lasterror
kmf_get_mapper_options
kmf_get_ocsp_for_cert
kmf_get_ocsp_status_for_cert
kmf_get_pk11_handle
kmf_get_plugin_error_str
kmf_get_policy
kmf_get_string_attr
kmf_get_sym_key_value
kmf_hexstr_to_bytes
kmf_import_crl
kmf_import_cert
kmf_import_objects
kmf_initialize
kmf_is_cert_data
kmf_is_cert_file
kmf_is_crl_file
kmf_ku_to_string
kmf_list_crl
kmf_map_cert_to_name
kmf_match_cert_to_name
kmf_oid_to_ekuname
kmf_oid_to_string
kmf_pem_to_der
kmf_pk11_token_lookup
kmf_read_input_file
kmf_select_token
kmf_set_attr
kmf_set_attr_at_index
kmf_set_cert_basic_constraint
kmf_set_cert_extn
kmf_set_cert_issuer
kmf_set_cert_issuer_altname
kmf_set_cert_ku
kmf_set_cert_pubkey
kmf_set_cert_serial
kmf_set_cert_sig_alg
kmf_set_cert_subject
kmf_set_cert_subject_altname
kmf_set_cert_validity
kmf_set_cert_version
kmf_set_cert_spk_id
kmf_set_csr_extn
kmf_set_csr_ku
kmf_set_csr_pubkey
kmf_set_csr_sig_alg
kmf_set_csr_subject
kmf_set_csr_subject_altname
kmf_set_csr_version
kmf_set_mapper_lasterror
kmf_set_mapper_options
kmf_set_policy
kmf_set_token_pin
kmf_sign_cert
kmf_sign_csr
kmf_sign_data
kmf_store_cert
kmf_store_key
kmf_string_to_ku
kmf_string_to_oid
kmf_validate_cert
kmf_verify_cert
kmf_verify_crl_file
kmf_verify_csr
kmf_verify_data
kmf_verify_policy

Examples

Example 1 Configuring the certificate to name mapping.

The following example configures the default certificate to name mapping to use the CN mapper while ignoring the case sensitivity when matching the certificates.

$ kmfcfg modify policy=default mapper-name=cn \
     mapper-options=casesensitive

Files

/lib/libkmf.so.1

shared object

/lib/64/libkmf.so.1

64-bit shared object

/usr/include/kmfapi.h

KMF function definitions

/usr/include/kmftypes.h

KMF structures and types.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/library
Interface Stability
Committed
MT-Level
Safe

See Also

kmfcfg(1), pktool(1), attributes(7)