Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group

INDEX

1 [ a b c d e f g h i j k l m n o p q r s t u v w x

1

Footnotes - 1., Footnotes - 1.

[

Protocol for Unloading a Service Module - [??]

a

Authorization Computation (AC) Services, AC Error Values Derived from Common Error Codes, AC Error Values, AC Primary Relation, AC_AuthCompute, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Cryptographic Sessions and Controlled Access to Keys, MDS Installation and Access, Multi-User Access Model, Manifest Attributes for MDS Access Control Privileges, General Access Control over MDS Databases, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Acknowledgements, Common ACL Error Values, X->N ACL (-,-,S,D,X,-), X->S ACL (-,-,S,D,X,-), ACL Contents, ACL Owner, ACL Contents, ACL Owner, DL Error Values Derived from ACL-based Error Codes, Administrator ACLs, Common Error Codes for ACLs, Managing Client Login ACLs, Client Login ACLs, Individual Key ACLs, AC_PassThrough, Authorization Computation Modules (ACs), Security Add-In Modules Layer, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, CDSA Add-In Modules, Add-In Module, Add-In Module, Add-In Module, Add-In Module, Add-In Module Structure and Administration, Add-In Module Structure, Add-In Module Structure, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, Manufacturing Add-In Modules, Manufacturing an Add-In Module, Data Structure for Add-in Modules, Add-In Module Administration, Add-In Module Interface Functions, Additional RC2 Requirements, Additional RC5 Requirements, CSSM_ATTRIBUTE_TYPE Additions, MDS Administration, Administration of Elective Module Managers, Add-In Module Structure and Administration, Module Administration Components, Add-In Module Administration, Administrator ACLs, License Agreement for CDSA Specifications, Basic Algorithm Usage, Algorithm Parameters, Algorithm Parameters, Algorithm Parameters, Algorithm Parameters, Algorithm List, Algorithm Reference, Cryptographic algorithm, Hash algorithm, Key Formats for Public Key-Based Algorithms, CSSM Algorithms, SSL 3.0 Algorithms, Asymmetric algorithms, Symmetric algorithms, Common Error Values for All Module Types, Common Error Codes For All Module Types, Types of Memory Allocation, Allocation of Key Information, Allocation of Single Output Buffers, Allocation of Vector-of-Buffers, State Sharing Among Module Managers, State Sharing Among Module Managers, CSP Staged Cryptographic API Error Values, Trust Policy Services API, CSSM API, API Overview, MDS Context APIs, MDS Installation APIs, MDS Database Service APIs, Module Directory Services APIs, Example Application Using Key Recovery APIs, Appendices, Glossary and Index, Dispatching Application Calls for Security Services, Application Developer View of a Multi-Service Add-In Module, Application Privilege, Multiple CSSM Vendors Authenticating Same Application, Application and Certificate Library Interaction, Definitions for Open Group Application Record Types, Privileged Application, Example Application Using Key Recovery APIs, Application Memory Functions, Local Application-Domain-Specific Trust Policy Functions, A Phased Approach, Architectural Assumptions, Architectural Overview, Common Data Security Architecture (CDSA), Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Signed Manifests-The Architecture, Common Data Security Architecture, Common Data Security Architecture, PKWARE Archive File Format Specification, Service Module Requirements if USEE Tags are Supported, Signed Objects Whose Signature Blocks are Embedded, Authentication as Part of Access Control, Authorization as Part of Access Control, Authentication as Part of Access Control, Authorization as Part of Access Control, ASN.1 Structures for PKCS #8 Wrapping, Assigning GroupId Values, Assigning Subservice Identifiers, Dynamic Sources with no Associated Data, Associating CRL OIDs and CRL Data Structures, Architectural Assumptions, Asymmetric Key Generation Capabilities, Asymmetric Encryption Capabilities, Asymmetric Signature Capabilities, Asymmetric algorithms, Transparent, Dynamic Attach, Transparent, Dynamic Attach, Protocol for Attaching a Service Module, Attaching a Service Module, X->N Attribute Certificate (I,-,S,D,X,V), Credential and Attribute Verification Services, Certificate Attribute Methods, CDSA Relation Attributes, Manifest Attributes for MDS Access Control Privileges, Required Capability Attributes, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, Authentication as Part of Access Control, Phase II. Finding our Friends: Bilateral Authentication, Bilateral Authentication, Bilateral Authentication, Authentication as Part of Access Control, Protected Authentication Paths, Client Authentication and Authorization, Message Authentication Code Capabilities, Client Authentication and Authorization, Certification Authority (CA), Authorization Computation Modules (ACs), Authorization as Part of Access Control, Authorization Computation (AC) Services, Direct authorization, Authorization via Name, X->S Authorization Certificate (I,-,S,D,X,V), Direct, Delegated Authorization, Authorization via Names, Logic of Authorization, Authorization Reduction Process, Example Authorization Request, Authorization, Certificates, and Credentials, Authorization Computation Operations, Authorization Computation Services, Authorization as Part of Access Control, Client Authentication and Authorization, Client Authentication and Authorization

b

Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Password Based Key Derivation (PKCS #5), Basic Module Managers, Basic Algorithm Usage, Cryptographic Service Provider Behavior, Phase II. Finding our Friends: Bilateral Authentication, Bilateral Authentication, Bilateral Authentication, Symmetric Block Cipher Capabilities, Generic Block Ciphers, Signature Blocks, Signed Objects Whose Signature Blocks are Embedded, Buffer Management for Cryptographic Services, Returning Buffers of Data, Vector of Buffers, CSP Vector of Buffers Error Values, Allocation of Single Output Buffers, CSSM Service Functions used by an EMM

c

C Language Data Structures, C Language Data Structures for X.509 CRLs, Certification Authority (CA), Dispatching Application Calls for Security Services, Summary of Interface Calls, CSP Capabilities Relation, Privileged Capabilities, Random Number Generation Capabilities, Message Digest Capabilities, Symmetric Key Generation Capabilities, Symmetric Block Cipher Capabilities, Symmetric Stream Cipher Capabilities, Message Authentication Code Capabilities, Asymmetric Key Generation Capabilities, Asymmetric Encryption Capabilities, Asymmetric Signature Capabilities, Key Derivation Capabilities, CSP Capabilities Relation, Required Capability Attributes, Signed Objects Whose Signatures Serve to Carry the Object, carve-outs, Categories of Operations, License Agreement for CDSA Specifications, Common Data Security Architecture (CDSA), Selecting CDSA Components, CDSA and Privileges, CDSA and USEE Privileges, CDSA Add-In Modules, CDSA CSP Operation, CDSA TP Features, MDS in CDSA, CDSA Directory Database, CDSA Relation Attributes, CDSA Directory, Key Recovery in the CDSA, CDSA, Certificate Library Modules (CLs), Digital Certificate, X->N Attribute Certificate (I,-,S,D,X,V), N->S ID Certificate (I,N,S,-,-,V), X->S Authorization Certificate (I,-,S,D,X,V), Certificate Library (CL) Services, Application and Certificate Library Interaction, Certificate Life Cycle, Certificate Operations, Certificate Revocation List Operations, Certificate Library Services, Verified Certificate Chain Object, Verified Certificate Object, Certificate Chain Methods, Certificate Attribute Methods, OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, Certificate OID Definition, Certificate OIDs and Certificate Data Structures, OIDs for X.509 Certificate Library Modules, OIDs for X.509 Certificate Revocation Lists, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, Certificate, Certificate chain, Certificate signing, Certificate validity date, Digital certificate, Leaf Certificate, Owned certificate, Root certificate, Classes of Certificates and Other Credentials, Authorization, Certificates, and Credentials, Certificates and CRLs, Operations on Certificates, Object Identifiers for X.509 V3 Certificates, Certification Authority (CA), CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, Verified Certificate Chain Object, Certificate Chain Methods, Certificate chain, Signature chain, Phase III. Secure Linkage Check, Creating Checkable Components, Symmetric Block Cipher Capabilities, Symmetric Stream Cipher Capabilities, Generic Block Ciphers, Generic Stream Ciphers, Certificate Library (CL) Services, CL Error Values Derived from Common Error Codes, CL Error Values, CL Primary Relation, CL Encapsulated Products Relation, Classes of Certificates and Other Credentials, CL_CertAbortCache, CL_CertAbortQuery, CL_CertCache, CL_CertCreateTemplate, CL_CertDescribeFormat, CL_CertGetAllFields, CL_CertGetAllTemplateFields, CL_CertGetFirstCachedFieldValue, CL_CertGetFirstFieldValue, CL_CertGetKeyInfo, CL_CertGetNextCachedFieldValue, CL_CertGetNextFieldValue, CL_CertGroupFromVerifiedBundle, CL_CertGroupToSignedBundle, CL_CertSign, CL_CertVerify, CL_CertVerifyWithKey, CL_CrlAbortCache, CL_CrlAbortQuery, CL_CrlAddCert, CL_CrlCache, CL_CrlCreateTemplate, CL_CrlDescribeFormat, CL_CrlGetAllCachedRecordFields, CL_CrlGetAllFields, CL_CrlGetFirstCachedFieldValue, CL_CrlGetFirstFieldValue, CL_CrlGetNextCachedFieldValue, CL_CrlGetNextFieldValue, CL_CrlRemoveCert, CL_CrlSetFields, CL_CrlSign, CL_CrlVerify, CL_CrlVerifyWithKey, Initialization and Cleanup, CL_FreeFields, CL_FreeFieldValue, Managing Client Login ACLs, Client Login ACLs, Client Authentication and Authorization, Client Authentication and Authorization, CL_IsCertInCachedCrl, CL_IsCertInCrl, CL_PassThrough, Certificate Library Modules (CLs), Configurable CSSM Error Code Constants, CSSM Error Code Constants, Message Authentication Code Capabilities, Error Values Derived from Common Error Codes, Common Error Return Codes, CSP Error Values Derived from Common Error Codes, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, Error Codes and Error Values, Error Values and Error Codes Scheme, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Error Codes and Error Value Enumeration, Combination Signatures, Combination Signatures with RSA, Combination Signatures with DSA, Common Data Security Architecture (CDSA), Common Security Services Manager Layer, Common Data Security Architecture, Common Security Services Manager, Common Data Security Architecture, Error Values Derived from Common Error Codes, Common Error Return Codes, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, TP Error Values Derived from Common Error Codes, Common TP Error Values, AC Error Values Derived from Common Error Codes, CL Error Values Derived from Common Error Codes, DL Error Values Derived from Common Error Codes, Common Data Security Architecture, Common Relation, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Common Relation, Common Data Security Architecture, Common Security Services Manager, Verifying Components, Creating Checkable Components, Selecting CDSA Components, Module Administration Components, Authorization Computation Modules (ACs), Authorization Computation (AC) Services, Authorization Computation Operations, Authorization Computation Services, Configurable CSSM Error Code Constants, PVC Policy Configuration Options, Configurable CSSM Error Code Constants, CSSM Error Code Constants, Representation Constraints, ACL Contents, ACL Contents, Security Context Services, CSP Cryptographic Context Error Values, Cryptographic Context Operations, MDS Context APIs, Key Recovery Context, Key Recovery Context Operations, Privileged Context Function, Key Recovery Context Operations, Privileged Context Operation, Receiving Context Events, Security Context, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Manifest Attributes for MDS Access Control Privileges, General Access Control over MDS Databases, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Cryptographic Sessions and Controlled Access to Keys, Typographic Conventions, Conventions, CSSM Core Services, Core Services, Data Structures for Core Services, Core Functions, CSSM Core Services, Core Set of Name:Value Pairs, Integrity Core, Dublin Core, Corrigenda, Creating Checkable Components, Credential Format Options, Credential and Attribute Verification Services, Classes of Certificates and Other Credentials, Authorization, Certificates, and Credentials, Location of Modules and Credentials, Verification of Modules and their Credentials, Integrity Credentials, Module Manager Credentials, CRL OIDs, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Associating CRL OIDs and CRL Data Structures, Certificates and CRLs, C Language Data Structures for X.509 CRLs, Cryptographic Service Providers (CSPs), Cryptographic Service Providers (CSP), Cryptographic Service Providers, Cryptographic Services Operations, Buffer Management for Cryptographic Services, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Cryptographic Context Operations, Cryptographic Sessions and Controlled Access to Keys, Cryptographic Operations, Cryptographic Services, Extensions to the Cryptographic Module Manager, Cryptographic Service Provider Behavior, Cryptographic algorithm, Cryptographic Service Providers (CSPs), Cryptoki, Cryptographic Service Providers (CSP), CSP Form Factor, CSP Registration, CDSA CSP Operation, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, CSP Primary Relation, CSP Capabilities Relation, CSP Encapsulated Products Relation, CSP SmartcardInfo Relation, Querying State of the CSP Subservice, CSP Query Mechanisms, CSP Primary Relation, CSP Encapsulated Product Relation, CSP Smartcard Relation, CSP Capabilities Relation, Purpose of CSP Multi-Service Modules, CSP Multi-Service Modules with DL Interface, CSP_EventNotify, Cryptographic Service Providers (CSPs), Legacy CSPs, Cryptographic Service Providers (CSPs), CSSM Core Services, Integrity of the CSSM Environment, Multiple CSSM Vendors Authenticating Same Application, CSSM Module-Specific Error Values, CSSM Core Services, CSSM Infrastructure, CSSM Algorithms, CSSM API, CSSM Relation, CSSM Elective Module Manager (EMM), Interaction with CSSM, CSSM Service Functions used by an EMM, Authenticating to Multiple CSSM Vendors, CSSM Upcalls for Service Provider Modules, Configurable CSSM Error Code Constants, CSSM Error Code Constants, CSSM Error Handling, CSSM, CSSM_ACCESS_CREDENTIALS, CSSM_AC_HANDLE, CSSM_ACL_AUTHORIZATION_TAG, CSSM_ACL_EDIT, CSSM_ACL_EDIT_MODE, CSSM_ACL_ENTRY_INFO, CSSM_ACL_ENTRY_INPUT, CSSM_ACL_ENTRY_PROTOTYPE, CSSM_ACL_HANDLE, CSSM_ACL_OWNER_PROTOTYPE, CSSM_ACL_SUBJECT_CALLBACK, CSSM_ACL_SUBJECT_TYPE, CSSM_ACL_VALIDITY_PERIOD, CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS, CSSM_API_MEMORY_FUNCS Data Structure, CSSM_API_ModuleEventHandler, CSSM_ATTACH_FLAGS, CSSM_ATTRIBUTE_TYPE, CSSM_ATTRIBUTE_TYPE Additions, CSSM_AUTHORIZATIONGROUP, CSSM_BASE_CERTS, CSSM_BER_TAG, CSSM_BOOL, CSSM_CALLBACK, CSSM_CC_HANDLE, cssm_CcToHandle, CSSM_CERT_BUNDLE, CSSM_CERT_BUNDLE_ENCODING, CSSM_CERT_BUNDLE_HEADER, CSSM_CERT_BUNDLE_TYPE, CSSM_CERT_ENCODING, CSSM_CERTGROUP, CSSM_CERTGROUP_TYPE, CSSM_CERTPAIR, CSSM_CERT_PARSE_FORMAT, CSSM_CERT_TYPE, CSSM_CHALLENGE_CALLBACK, CSSM_ChangeKeyAcl, CSSM_ChangeKeyOwner, CSSM_CL_HANDLE, CSSM_CL_TEMPLATE_TYPE, CSSM_CONTEXT, CSSM_CONTEXT_ATTRIBUTE, CSSM_CONTEXT_EVENT_TYPE, CSSM_CONTEXT_TYPE, CSSM_CRL_ENCODING, CSSM_CRLGROUP, CSSM_CRLGROUP_TYPE, CSSM_CRL_PAIR, CSSM_CRL_PARSE_FORMAT, CSSM_CRL_TYPE, CSSM_CRYPTO_DATA, CSSM_CSP_ChangeLoginAcl, CSSM_CSP_ChangeLoginOwner, CSSM_CSP_CreateAsymmetricContext, CSSM_CSP_CreateDeriveKeyContext, CSSM_CSP_CreateDigestContext, CSSM_CSP_CreateKeyGenContext, CSSM_CSP_CreateMacContext, CSSM_CSP_CreatePassThroughContext, CSSM_CSP_CreateRandomGenContext, CSSM_CSP_CreateSignatureContext, CSSM_CSP_CreateSymmetricContext, CSSM_CSP_FLAGS, CSSM_CSP_GetLoginAcl, CSSM_CSP_GetLoginOwner, CSSM_CSP_HANDLE, CSSM_CSP_Login, CSSM_CSP_Logout, CSSM_CSP_OPERATIONAL_STATISTICS, CSSM_CSP_READER_FLAGS, CSSM_CSP_TYPE, CSSM_DATA, CSSM_DATE, CSSM_DB_ACCESS_TYPE, CSSM_DB_ATTRIBUTE_DATA, CSSM_DB_ATTRIBUTE_FORMAT, CSSM_DB_ATTRIBUTE_INFO, CSSM_DB_ATTRIBUTE_NAME_FORMAT, CSSM_DB_CERTRECORD_SEMANTICS, CSSM_DB_CONJUNCTIVE, CSSM_DB_DATASTORES_UNKNOWN, CSSM_DB_HANDLE, CSSM_DB_INDEXED_DATA_LOCATION, CSSM_DB_INDEX_INFO, CSSM_DB_INDEX_TYPE, CSSM_DBINFO, CSSM_DB_MODIFY_MODE, CSSM_DB_OPERATOR, CSSM_DB_PARSING_MODULE_INFO, CSSM_DB_RECORD_ATTRIBUTE_DATA, CSSM_DB_RECORD_ATTRIBUTE_INFO, CSSM_DB_RECORD_INDEX_INFO, CSSM_DB_RECORDTYPE, CSSM_DB_RETRIEVAL_MODES, CSSM_DB_SCHEMA_ATTRIBUTE_INFO, CSSM_DB_SCHEMA_INDEX_INFO, CSSM_DB_UNIQUE_RECORD, CSSM_DeleteContext, CSSM_DeleteContextAttributes, cssm_DeregisterManagerServices, CSSM_DL_DB_HANDLE, CSSM_DL_DB_LIST, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, CSSM_DL_HANDLE, CSSM_DL_PKCS11_ATTRIBUTES, CSSM_DLTYPE, CSSM_ELAPSED_TIME_COMPLETE, CSSM_ELAPSED_TIME_UNKNOWN, CSSM_ENCODED_CERT, CSSM_ENCODED_CRL, CSSM_ENCRYPT_MODE, CSSM-Enforced Integrity Verification, CSSM_ESTIMATED_TIME_UNKNOWN, CSSM_EVIDENCE, CSSM_EVIDENCE_FORM, CSSM_FIELD, CSSM_FIELDGROUP, CSSM_FIELDVALUE_COMPLEX_DATA_TYPE, CSSM_FreeContext, CSSM_FUNC_NAME_ADDR, CSSM_GetAPIMemoryFunctions, cssm_GetAppMemoryFunctions, cssm_GetAttachFunctions, CSSM_GetContext, CSSM_GetContextAttribute, CSSM_GetKeyAcl, CSSM_GetKeyOwner, CSSM_GetModuleGUIDFromHandle, cssm_GetModuleInfo, CSSM_GetPrivilege, CSSM_GetSubserviceUIDFromHandle, CSSM_GUID, CSSM_HANDLE, CSSM_HEADERVERSION, CSSM_HINT_xxx Parameter, CSSM_Init, CSSM_Introduce, cssm_IsFuncCallValid, CSSM_KEA_DERIVE_PARAMS, CSSM_KEY, CSSM_KEYATTR_FLAGS, CSSM_KEYBLOB_FORMAT, CSSM_KEYBLOB_TYPE, CSSM_KEYCLASS, CSSM_KEYHEADER, CSSM_KEY_HIERARCHY, CSSM_KEY_SIZE, CSSM_KEY_TYPE, CSSM_KEYUSE, CSSM_KR_CreateRecoveryEnablementContext, CSSM_KR_CreateRecoveryRegistrationContext, CSSM_KR_CreateRecoveryRequestContext, CSSM_KR_FreePolicyInfo, CSSM_KR_GetPolicyInfo, CSSM_KR_NAME, CSSM_KR_POLICY_FLAGS, CSSM_KR_POLICY_INFO, CSSM_KR_POLICY_LIST_ITEM, CSSM_KR_POLICY_TYPE, CSSM_KR_PROFILE, CSSM_KR_QueryPolicyInfo, CSSM_KR_SetEnterpriseRecoveryPolicy, CSSM_KRSP_HANDLE, CSSM_LIST, CSSM_ListAttachedModuleManagers, CSSM_LIST_ELEMENT, CSSM_LIST_ELEMENT_TYPE, CSSM_LIST_TYPE, CSSM_LONG_HANDLE, CSSM_MANAGER_EVENT_NOTIFICATION, CSSM_MANAGER_EVENT_TYPES, CSSM_MANAGER_REGISTRATION_INFO, CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS, CSSM_ModuleAttach, CSSM_ModuleDetach, CSSM_MODULE_EVENT, CSSM_MODULE_FUNCS, CSSM_MODULE_HANDLE, CSSM_ModuleLoad, CSSM_ModuleUnload, CSSM_NAME_LIST, CSSM_NET_ADDRESS, CSSM_NET_ADDRESS_TYPE, CSSM_NET_PROTOCOL, CSSM_OID, CSSM_PADDING, CSSM_PARSED_CERT, CSSM_PARSED_CRL, CSSM_PKCS5_PBKDF1_PARAMS, CSSM_PKCS5_PBKDF2_PARAMS, CSSM_PKCS5_PBKDF2_PRF, CSSM_PKCS_OAEP, CSSM_PKCS_OAEP_PARAMS, CSSM_PRIVILEGE, CSSM_PRIVILEGE_SCOPE, CSSM_PROC_ADDR, CSSM_PVC_MODE, CSSM_QUERY, CSSM_QUERY_FLAGS, CSSM_QUERY_LIMITS, CSSM_QUERY_SIZE_DATA, CSSM_RANGE, cssm_ReleaseAttachFunctions, CSSM_RESOURCE_CONTROL_CONTEXT, CSSM_RETURN, CSSM_SAMPLE, CSSM_SAMPLEGROUP, CSSM_SAMPLE_TYPE, CSSM_SC_FLAGS, CSSM_SELECTION_PREDICATE, CSSM_SERVICE_MASK, CSSM_SERVICE_TYPE, CSSM_SetContext, CSSM_SetPrivilege, CSSM_SPI_ModuleAttach, CSSM_SPI_ModuleDetach, CSSM_SPI_ModuleEventHandler, CSSM_SPI_ModuleLoad, CSSM_SPI_ModuleUnload, CSSM_SSL3_KEY_AND_MAC_DERIVE_PARAMS, CSSM_SSL3_MASTER_KEY_DERIVE_PARAMS, CSSM_STATE_FUNCS, CSSM_STRING, CSSM_SUBSERVICE_UID, CSSM_Terminate, CSSM_TIMESTRING, CSSM_TP_ACTION, CSSM_TP_AUTHORITY_ID, CSSM_TP_AUTHORITY_REQUEST_TYPE, CSSM_TP_CALLERAUTH_CONTEXT, CSSM_TP_CERTCHANGE_ACTION, CSSM_TP_CERTCHANGE_INPUT, CSSM_TP_CERTCHANGE_OUTPUT, CSSM_TP_CERTCHANGE_REASON, CSSM_TP_CERTCHANGE_STATUS, CSSM_TP_CERTISSUE_INPUT, CSSM_TP_CERTISSUE_OUTPUT, CSSM_TP_CERTISSUE_STATUS, CSSM_TP_CERTNOTARIZE_INPUT, CSSM_TP_CERTNOTARIZE_OUTPUT, CSSM_TP_CERTNOTARIZE_STATUS, CSSM_TP_CERTRECLAIM_INPUT, CSSM_TP_CERTRECLAIM_OUTPUT, CSSM_TP_CERTRECLAIM_STATUS, CSSM_TP_CERTVERIFY_INPUT, CSSM_TP_CERTVERIFY_OUTPUT, CSSM_TP_CERTVERIFY_STATUS, CSSM_TP_CONFIRM_RESPONSE, CSSM_TP_CONFIRM_STATUS, CSSM_TP_CRLISSUE_INPUT, CSSM_TP_CRLISSUE_OUTPUT, CSSM_TP_CRLISSUE_STATUS, CSSM_TP_FORM_TYPE, CSSM_TP_HANDLE, CSSM_TP_POLICYINFO, CSSM_TP_REQUEST_SET, CSSM_TP_RESULT_SET, CSSM_TP_RetrieveCredResult, CSSM_TP_SERVICES, CSSM_TP_STOP_ON, CSSM_TP_VERIFICATION_RESULTS_CALLBACK, CSSM_TP_VERIFY_CONTEXT, CSSM_TP_VERIFY_CONTEXT_RESULT, CSSM_TUPLE, CSSM_TUPLEGROUP, CSSM_Unintroduce, CSSM_UPCALLS, CSSM_UpdateContextAttributes, CSSM_VERSION, CSSM_WORDID_TYPE, CSSM_WRAP_KEY, CSSM_X509_ALGORITHM_IDENTIFIER, CSSM_X509EXT_BASICCONSTRAINTS, CSSM_X509EXT_DATA_FORMAT, CSSM_X509_EXTENSION, CSSM_X509_EXTENSIONS, CSSM_X509EXT_PAIR, CSSM_X509EXT_POLICYINFO, CSSM_X509EXT_POLICYQUALIFIERINFO, CSSM_X509EXT_POLICYQUALIFIERS, CSSM_X509EXT_TAGandVALUE, CSSM_X509_NAME, CSSM_X509_OPTION, CSSM_X509_RDN, CSSM_X509_REVOKED_CERT_ENTRY, CSSM_X509_REVOKED_CERT_LIST, CSSM_X509_SIGNATURE, CSSM_X509_SIGNED_CERTIFICATE, CSSM_X509_SIGNED_CRL, CSSM_X509_SUBJECT_PUBLIC_KEY_INFO, CSSM_X509_TBS_CERTIFICATE, CSSM_X509_TBS_CERTLIST, CSSM_X509_TIME, CSSM_X509_TYPE_VALUE_PAIR, CSSM_X509_VALIDITY, Certificate Life Cycle, EISL Object Relationships and Life Cycle, Runtime Life Cycle of the Module

d

Common Data Security Architecture (CDSA), Data Storage Library Modules (DLs), Common Data Security Architecture, Common Data Security Architecture, Data Structures for Core Services, Returning Buffers of Data, Data Structures, Common Error Values for Specific Data Types, Data Structures, Data Structures, Data Structures, Data Storage Library (DL) Services, Data Storage Data Structures, DL Error Values for Specific Data Types, Data Storage Library Operations, Data Storage Operations, Data Record Operations, Data Storage Library Services, Common Data Security Architecture, Data Structure, Key Recovery in the Common Data Security Architecture, Data Structures, Types and Data Structure, Data Structures, Common Data Security Architecture, Dynamic Sources with no Associated Data, C Language Data Structures, Certificate OIDs and Certificate Data Structures, C Language Data Structures for X.509 CRLs, Associating CRL OIDs and CRL Data Structures, Data Structures, Common Data Security Architecture, Data Structure for Add-in Modules, Common Error Codes for Specific Data Types, CSSM_API_MEMORY_FUNCS Data Structure, Data Structures, Data Structures, Common Data Security Architecture, Object Directory Database and the Object Relation, CDSA Directory Database, MDS Database Service APIs, Updating MDS Databases, Write-Access to MDS Databases, General Access Control over MDS Databases, Managing Multiple Key Storage Databases, Certificate validity date, DecryptData, DecryptDataFinal, DecryptDataInit, DecryptDataInitP, DecryptDataP, DecryptDataUpdate, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, MDS Schema Definition, Functionality Definition, Definition, Definition, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Certificate OID Definition, Signature OID Definition, Extension OID Definition, Programmatic Definition of Base Object Identifiers, Definition, Definition, Definition, Definition, Definition, Definition, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, Definitions, Definitions, Definitions, Definitions, Direct, Delegated Authorization, DeregisterDispatchTable, Key Derivation Capabilities, Password Based Key Derivation (PKCS #5), Master Key Derivation, Encryption and MACing Secret Key Derivation, Error Values Derived from Common Error Codes, CSP Error Values Derived from Common Error Codes, TP Error Values Derived from Common Error Codes, AC Error Values Derived from Common Error Codes, CL Error Values Derived from Common Error Codes, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DeriveKey, Protocol for Detaching a Service Module, Application Developer View of a Multi-Service Add-In Module, Diffie-Hellman (PKCS #3), Message Digest Capabilities, Message digest, DigestData, DigestDataClone, DigestDataFinal, DigestDataInit, DigestDataUpdate, Generic Message Digests, Digital Certificate, Digital Signatures, Digital certificate, Digital signature, Direct authorization, Direct, Delegated Authorization, Module Directory Service (MDS), Object Directory Database and the Object Relation, CDSA Directory Database, Object Directory, CDSA Directory, MDS Name Space and Directory Structures, Module Directory Services APIs, Module Directory Service Information, Dispatching Application Calls for Security Services, Data Storage Library (DL) Services, DL SPI, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, DL Primary Relation, DL Encapsulated Products Relation, CSP Multi-Service Modules with DL Interface, DL_Authenticate, DL_ChangeDbAcl, DL_ChangeDbOwner, DL_CreateRelation, DL_DataAbortQuery, DL_DataDelete, DL_DataGetFirst, DL_DataGetFromUniqueRecordId, DL_DataGetNext, DL_DataInsert, DL_DataModify, DL_DbClose, DL_DbCreate, DL_DbDelete, DL_DbOpen, DL_DestroyRelation, DL_FreeNameList, DL_FreeUniqueRecord, DL_GetDbAcl, DL_GetDbNameFromHandle, DL_GetDbNames, DL_GetDbOwner, DL_PassThrough, Data Storage Library Modules (DLs), This Document, Referenced Documents, DSA, Combination Signatures with DSA, Dublin Core, Transparent, Dynamic Attach, Dynamic Referent Objects with Verified Source, Dynamic Sources with no Associated Data, Transparent, Dynamic Attach

e

Guidelines for Each Service Provider type, Embedded Integrity Services Library (EISL), EISL Object Relationships and Life Cycle, EISL Functions, EISL_CheckAddressWithinModule, EISL_CheckDataAddressWithinModule, EISL_ContinueVerification, EISL_CopyCertificateChain, EISL_CreateCertificateAttributeEnumerator, EISL_CreateCertificateChain, EISL_CreateCertificateChainWithCertificate, EISL_CreateCertificateChainWithCredDataAndCert, EISL_CreateCertificateChainWithCredentialData, EISL_CreateManifestAttributeEnumerator, EISL_CreateManifestSectionAttributeEnumerator, EISL_CreateManifestSectionEnumerator, EISL_CreateSignatureAttributeEnumerator, EISL_CreateSignerInfoAttributeEnumerator, EISL_CreateVerifiedSignatureRoot, EISL_CreateVerifiedSignatureRootWithCertificate, EISL_CreateVerifiedSignatureRootWithCredentialData, EISL_CreateVerifiedSigRootWithCredDataAndCert, EISL_DuplicateVerifiedModulePtr, EISL_FindCertificateAttribute, EISL_FindManifestAttribute, EISL_FindManifestSection, EISL_FindManifestSectionAttribute, EISL_FindSignatureAttribute, EISL_FindSignerInfoAttribute, EISL_GetCertficateChain, EISL_GetLibHandle, EISL_GetManifestSignatureRoot, EISL_GetModuleManifestSection, EISL_GetNextAttribute, EISL_GetNextCertificateAttribute, EISL_GetNextManifestSection, EISL_GetNextManifestSectionAttribute, EISL_GetNextSignatureAttribute, EISL_GetReturnAddress, EISL_LocateProcedureAddress, EISL_RecycleAttributeEnumerator, EISL_RecycleCertificateAttributeEnumerator, EISL_RecycleManifestSectionAttributeEnumerator, EISL_RecycleManifestSectionEnumerator, EISL_RecycleSignatureAttributeEnumerator, EISL_RecycleVerifiedCertificateChain, EISL_RecycleVerifiedModuleCredentials, EISL_RecycleVerifiedSignatureRoot, EISL_SelfCheck, EISL_VerifyAndLoadModule, EISL_VerifyAndLoadModuleAndCredDataWithCert, EISL_VerifyAndLoadModuleAndCredentialData, EISL_VerifyAndLoadModuleAndCredentials, EISL_VerifyAndLoadModuleAndCredentialsWithCert, EISL_VerifyLoadedModule, EISL_VerifyLoadedModuleAndCredDataWithCert, EISL_VerifyLoadedModuleAndCredentialData, EISL_VerifyLoadedModuleAndCredentials, EISL_VerifyLoadedModuleAndCredentialsWithCert, Elective Module Managers, CSSM Elective Module Manager (EMM), Overview of Elective Module Managers, Installing an Elective Module Manager, Loading an Elective Module Manager, Administration of Elective Module Managers, Elective Module Manager Functions, Elective Module Manager Operations, Secure Electronic Transaction (SET), Embedded Integrity Services Library (EISL), Why an Embedded Library?, Signed Objects Whose Signature Blocks are Embedded, Embedded or Nested Referent Objects, EMM Module Management Functions, EMM Relation, Primary EMM Service Provider Relation, CSSM Elective Module Manager (EMM), CSSM Service Functions used by an EMM, Key Recovery Enablement Operations, Key Recovery Enablement, Key Recovery Enablement Operations, Key Recovery Enablement Operations, CSP Encapsulated Products Relation, DL Encapsulated Products Relation, CL Encapsulated Products Relation, TP Encapsulated Products Relation, CSP Encapsulated Product Relation, EncryptData, EncryptDataFinal, EncryptDataInit, EncryptDataInitP, EncryptDataP, EncryptDataUpdate, Asymmetric Encryption Capabilities, Encryption and MACing Secret Key Derivation, Encrypt-only Signatures, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, Error Codes and Error Value Enumeration, Integrity of the CSSM Environment, Error Values Derived from Common Error Codes, CSSM Module-Specific Error Values, Common Error Return Codes, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Common TP Error Values, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, AC Error Values, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, CL Error Values, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, Error Codes and Error Values, Error Handling, Error Values and Error Codes Scheme, Configurable CSSM Error Code Constants, CSSM Error Code Constants, General Error Values, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Error Codes and Error Value Enumeration, CSSM Error Handling, Phase I. Establishing a Foothold: Self-Check, Security-relevant event, EventNotifyManager, Receiving Context Events, Sending Insert and Remove Events, Sending Fault Events, Events, Example Authorization Request, Example Application Using Key Recovery APIs, Examples:, Manifest Examples, Signing Information Examples, Module-Granted Use Exemptions, Module-Granted Use Exemptions, Extending Trust, Extensibility Function, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Operations, Extensibility Function, Extensibility Function, Extension OID Definition, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Extensions to the Cryptographic Module Manager, Extensions to the JavaSoft/Netscape Specification

f

CSP Form Factor, Sending Fault Events, CDSA TP Features, Certificate Library Service Provider X.509 Field OIDs, Lifetime of Key Recovery Fields, Object Identifiers for Fields, Object Identifiers for Fields, File Permissions, PKWARE Archive File Format Specification, File-Based Representation of Signed Manifests, Phase II. Finding our Friends: Bilateral Authentication, MAGIC-A Flagging Mechanism, Phase I. Establishing a Foothold: Self-Check, Foreign Language Support-Multiple Hash Values, CSP Form Factor, Credential Format Options, Format Specification, Format Specification, Interoperable Format Specifications for X.509, Requesting Key Format Types, PKWARE Archive File Format Specification, Key Formats for Public Key-Based Algorithms, Key Formats, Formats, FreeKey, Phase II. Finding our Friends: Bilateral Authentication, Frontmatter, Extensibility Function, Module Management Function, Privileged Context Function, Extensibility Function, Extensibility Function, Functionality Definition, Core Functions, Module Management Functions, EMM Module Management Functions, Utility Functions, Miscellaneous Functions, Local Application-Domain-Specific Trust Policy Functions, Group Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, EISL Functions, Elective Module Manager Functions, CSSM Service Functions used by an EMM, Add-In Module Interface Functions, Application Memory Functions

g

General Module Management Services, General CSP Error Values, General DL Error Values, General Access Control over MDS Databases, General Error Values, GenerateAlgorithmParams, GenerateKey, GenerateKeyP, GenerateKeyPair, GenerateKeyPairP, GenerateMac, GenerateMacFinal, GenerateMacInit, GenerateMacUpdate, GenerateRandom, Random Number Generation Capabilities, Symmetric Key Generation Capabilities, Asymmetric Key Generation Capabilities, Pre-Master Key Generation, Random number generators, Generic Module Management Operations, Generic Message Digests, Generic Block Ciphers, Generic Stream Ciphers, GetOperationalStatistics, GetTimeValue, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Appendices, Glossary and Index, Glossary, Interoperability Goals, Pretty Good Privacy (PGP), The Open Group, Open Group Publications, Group Functions, Definitions for Open Group Application Record Types, Assigning GroupId Values, Guidelines for Each Service Provider type, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs)

h

Error Handling, CSSM Error Handling, Foreign Language Support-Multiple Hash Values, Hash algorithm, Manifest Header Specification, Signing Information Header, High-Order Word, History, Signed Portion of an HTML Page, Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol (HTTP)

i

Phase I. Establishing a Foothold: Self-Check, N->S ID Certificate (I,N,S,-,-,V), Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Object Identifiers for X.509 V3 Certificates, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Assigning Subservice Identifiers, Identifying Multi-Service Modules, Service Module Requirements if USEE Tags are Supported, Phase II. Finding our Friends: Bilateral Authentication, Phase III. Secure Linkage Check, Appendices, Glossary and Index, Individual Key ACLs, Ordering Information, Signing Information Header, Signer Information Sections, Signing Information Examples, Signer Information, Allocation of Key Information, Module Directory Service Information, CSSM Infrastructure, Initialization and Cleanup, Initialize, Sending Insert and Remove Events, MDS Installation and Access, MDS Installation APIs, MDS Installation, Module Installation, Installing an Elective Module Manager, Installing a Service Module, N->S ID Certificate (I,N,S,-,-,V), CSSM-Enforced Integrity Verification, Integrity Services, Integrity of the CSSM Environment, Using MDS in Integrity Verification Protocols, Embedded Integrity Services Library (EISL), Integrity Credentials, Integrity and Secure Linkage, Integrity Verification, Integrity Verification, Integrity Core, Application and Certificate Library Interaction, Interaction with CSSM, Summary of Interface Calls, Add-In Module Interface Functions, CSP Multi-Service Modules with DL Interface, Key Recovery Interfaces, Interoperability Goals, Interoperability, Interoperable Format Specifications for X.509, X->N Attribute Certificate (I,-,S,D,X,V), X->S Authorization Certificate (I,-,S,D,X,V), ISL_CONST_DATA, ISL_DATA, ISL_FUNCTION_PTR, ISL_STATUS, Versions and Issues of Specifications, Issuing an Add-In Module Product Certificate, Iterator Objects

j

JAVA, Extensions to the JavaSoft/Netscape Specification

k

Key Management, Key Formats for Public Key-Based Algorithms, CSP Key Error Values, Schema for DL Records of Type KEY, Key Recovery (KR) Services, Key Recovery Types, Key Recovery Phases, Lifetime of Key Recovery Fields, Key Recovery Policy, Key Recovery Nomenclature, Key Recovery in the Common Data Security Architecture, Key Recovery in the CDSA, Operational Scenarios for Key Recovery, Key Recovery Profiles, Key Recovery Context, Key Recovery Policy, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Key Recovery Module Manager, Key Recovery Enablement, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Example Application Using Key Recovery APIs, Key Recovery MDS Relation, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Interfaces, Key References, Key Formats, Requesting Key Format Types, Allocation of Key Information, Querying Key Sizes, Individual Key ACLs, Symmetric Key Generation Capabilities, Asymmetric Key Generation Capabilities, Key Derivation Capabilities, Managing Multiple Key Storage Databases, Password Based Key Derivation (PKCS #5), Pre-Master Key Generation, Master Key Derivation, Encryption and MACing Secret Key Derivation, Private key, Public key, Secret key, Session key, Key Formats for Public Key-Based Algorithms, Cryptographic Sessions and Controlled Access to Keys, Plaintext Keys, Wrapped Keys, KR Primary Relation, Key Recovery (KR) Services, KR_GenerateRecoveryFields, KR_GetRecoveredObject, KRMM Relation, KR_PassThrough, KR_ProcessRecoveryFields, KR_RecoveryRequest, KR_RecoveryRequestAbort, KR_RecoveryRetrieve, KR_RegistrationRequest, KR_RegistrationRetrieve, KRSP_PassPrivFunc

l

Foreign Language Support-Multiple Hash Values, C Language Data Structures, C Language Data Structures for X.509 CRLs, Common Security Services Manager Layer, Security Add-In Modules Layer, Secure Sockets Layer (SSL), Layered Security Services, Leaf Certificate, Legacy CSPs, Certificate Library Modules (CLs), Data Storage Library Modules (DLs), Multi-Service Library Module, Certificate Library (CL) Services, Application and Certificate Library Interaction, Certificate Library Services, Data Storage Library (DL) Services, Data Storage Library Operations, Data Storage Library Services, Embedded Integrity Services Library (EISL), Why an Embedded Library?, Using Library Services, OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, OIDs for X.509 Certificate Library Modules, License Agreement for CDSA Specifications, Certificate Life Cycle, EISL Object Relationships and Life Cycle, Runtime Life Cycle of the Module, Runtime LifeCycle of the Service Provider Module, Lifetime of Key Recovery Fields, Phase III. Secure Linkage Check, Secure Linkage, Secure Linkage Services, Integrity and Secure Linkage, Certificate Revocation List Operations, Algorithm List, OIDs for X.509 Certificate Revocation Lists, Loading an Elective Module Manager, Local Application-Domain-Specific Trust Policy Functions, Location of Modules and Credentials, Resources that Transform Locations, Logic of Authorization, Managing Client Login ACLs, Client Login ACLs, Low-Order Word

m

Encryption and MACing Secret Key Derivation, MD5 and SHA-1 MACing, MAGIC-A Flagging Mechanism, General Module Management Services, Module Management Services, Memory Management Support, Module Management Functions, EMM Module Management Functions, Key Management, Buffer Management for Cryptographic Services, Module Management Function, Definitions for Schema Management Record Types, Module Management Operations, Key Recovery Module Management Operations, Generic Module Management Operations, Key Recovery Module Management Operations, Memory Management Upcalls, Memory Management, Common Security Services Manager Layer, Common Security Services Manager, Extensions to the Cryptographic Module Manager, Key Recovery Module Manager, CSSM Elective Module Manager (EMM), Module Manager Credentials, Installing an Elective Module Manager, Loading an Elective Module Manager, Elective Module Manager Functions, Elective Module Manager Operations, Common Security Services Manager, Registering Module Managers, State Sharing Among Module Managers, Elective Module Managers, Basic Module Managers, Registering Module Managers, State Sharing Among Module Managers, Overview of Elective Module Managers, Administration of Elective Module Managers, Managing Client Login ACLs, Managing Multiple Key Storage Databases, Manifest Attributes for MDS Access Control Privileges, Manifest Section Object, Manifest Section Object Methods, Signed Manifest, Manifest Header Specification, Manifest Sections, Manifest Examples, The Manifest, Verifying the Manifest, Verifying Referents in the Manifest, Signed Manifests, File-Based Representation of Signed Manifests, Nested Manifests, Signed Manifests, Signed Manifests-Examples, Signed Manifests-Requirements, Signed Manifests-The Architecture, Signed Manifests-Verifying Signatures, Obtaining an Add-In Module Manufacturing Certificate, Manufacturing Add-In Modules, Manufacturing an Add-In Module, Master Key Derivation, MD5 and SHA-1 MACing, Module Directory Service (MDS), MDS in CDSA, MDS Installation and Access, Using MDS in Integrity Verification Protocols, MDS Schema Relation, MDS Schema Definition, MDS Name Space, MDS Meta-Data Names, MDS Name Space and Directory Structures, MDS Context APIs, MDS Installation APIs, MDS Database Service APIs, Updating MDS Schema, Updating MDS Databases, Manifest Attributes for MDS Access Control Privileges, Write-Access to MDS Databases, MDS Installation, General Access Control over MDS Databases, MDS Administration, Key Recovery MDS Relation, MDS_DB_HANDLE, MDS_FUNC, MDS_HANDLE, MDS_Initialize, MDS_Install, MDS_Terminate, MDS_Uninstall, MAGIC-A Flagging Mechanism, CSP Query Mechanisms, Memory Management Support, Memory Management Upcalls, Application Memory Functions, Types of Memory Allocation, Memory Management, Message Digest Capabilities, Message Authentication Code Capabilities, Generic Message Digests, Message digest, MDS Meta-Data Names, Metadata, Ordering Metadata Values, Metadata, Meta-information, Signature Root Methods, Certificate Chain Methods, Certificate Attribute Methods, Manifest Section Object Methods, Secure MIME (S/MIME), Miscellaneous Functions, The Threat Model, Trust Model, Multi-User Access Model, Multi-Service Library Module, General Module Management Services, Registering Module Managers, State Sharing Among Module Managers, Elective Module Managers, Basic Module Managers, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, Module Management Services, Service Module Requirements if USEE Tags are Supported, Module Management Functions, EMM Module Management Functions, Common Error Values for All Module Types, Module Management Function, Add-In Module, Add-In Module, Add-In Module, Add-In Module, Module Directory Service (MDS), Module Directory Services APIs, Extensions to the Cryptographic Module Manager, Key Recovery Module Manager, Module Management Operations, Key Recovery Module Management Operations, Generic Module Management Operations, Key Recovery Module Management Operations, Verified Module Object, CSSM Elective Module Manager (EMM), Registering Module Managers, State Sharing Among Module Managers, Overview of Elective Module Managers, Module Manager Credentials, Installing an Elective Module Manager, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, Loading an Elective Module Manager, Administration of Elective Module Managers, Elective Module Manager Functions, Elective Module Manager Operations, Add-In Module Structure and Administration, Add-In Module Structure, Module Installation, Runtime LifeCycle of the Service Provider Module, Service Module Requirements for USEE Tags Support, Module Administration Components, Add-In Module Structure, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, Manufacturing an Add-In Module, The Module Description, Installing a Service Module, Runtime Life Cycle of the Module, Attaching a Service Module, Add-In Module Administration, Add-In Module Interface Functions, Common Error Codes For All Module Types, Module Directory Service Information, Module-Granted Use Exemptions, Module-Granted Use Exemptions, ModuleManagerAuthenticate, Trust Policy Modules (TPs), Certificate Library Modules (CLs), Data Storage Library Modules (DLs), Authorization Computation Modules (ACs), Security Add-In Modules Layer, Multi-Service Modules, Modules Control Access to Objects, CDSA Add-In Modules, Location of Modules and Credentials, Verification of Modules and their Credentials, OIDs for Certificate Library Modules, OIDs for X.509 Certificate Library Modules, Manufacturing Add-In Modules, Modules Control Access to Objects, Data Structure for Add-in Modules, CSSM Upcalls for Service Provider Modules, Purpose of CSP Multi-Service Modules, Identifying Multi-Service Modules, CSP Multi-Service Modules with DL Interface, CSSM Module-Specific Error Values, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, Managing Multiple Key Storage Databases, Multi-Service Library Module, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, Multi-Service Modules, Purpose of CSP Multi-Service Modules, Identifying Multi-Service Modules, CSP Multi-Service Modules with DL Interface, Multi-User Access Model

n

Authorization via Names, MDS Meta-Data Names, Core Set of Name:Value Pairs, Nested Manifests, Embedded or Nested Referent Objects, N->S ID Certificate (I,N,S,-,-,V), Dynamic Sources with no Associated Data, Key Recovery Nomenclature, Nonce, Random Number Generation Capabilities, Random number generators

o

Object Directory Database and the Object Relation, Object Directory, Verified Signature Root Object, Verified Certificate Chain Object, Verified Certificate Object, Manifest Section Object, Verified Module Object, EISL Object Relationships and Life Cycle, Object Pointers, Manifest Section Object Methods, Signed Objects Whose Signatures Serve to Carry the Object, Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Object Identifiers for X.509 V3 Certificates, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Modules Control Access to Objects, Iterator Objects, Static Referent Objects, Dynamic Referent Objects with Verified Source, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Embedded or Nested Referent Objects, Modules Control Access to Objects, Obtaining an Add-In Module Manufacturing Certificate, ObtainPrivateKeyFromPublicKey, Certificate OID Definition, Signature OID Definition, Extension OID Definition, OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, Certificate OIDs and Certificate Data Structures, OIDs for X.509 Certificate Library Modules, CRL OIDs, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Associating CRL OIDs and CRL Data Structures, OIDs for X.509 Certificate Revocation Lists, The Open Group, Open Group Publications, Definitions for Open Group Application Record Types, CDSA CSP Operation, Operation, Privileged Context Operation, Operational Scenarios for Key Recovery, Cryptographic Services Operations, Cryptographic Context Operations, Cryptographic Operations, Operations, Trust Policy Operations, Authorization Computation Operations, Operations on Certificates, Certificate Operations, Certificate Revocation List Operations, Categories of Operations, Data Storage Library Operations, Data Storage Operations, Data Record Operations, Extensibility Operations, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Module Management Operations, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Generic Module Management Operations, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Elective Module Manager Operations, PVC Policy Configuration Options, Credential Format Options, Ordering Information, Ordering Metadata Values, Phase II. Finding our Friends: Bilateral Authentication, Allocation of Single Output Buffers, Querying Output Sizes, General Access Control over MDS Databases, Architectural Overview, Overview, Overview, Overview, Overview, Overview, Overview, API Overview, Overview, Overview, Overview of Elective Module Managers, Owned certificate, Resource Owner, Resource Owner, ACL Owner, ACL Owner

p

Signed Portion of an HTML Page, Core Set of Name:Value Pairs, CSSM_HINT_xxx Parameter, Algorithm Parameters, Algorithm Parameters, Algorithm Parameters, Algorithm Parameters, Part 1, Authentication as Part of Access Control, Authorization as Part of Access Control, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9, Part 10, Part 11, Part 12, Part 13, Part 14, Authentication as Part of Access Control, Authorization as Part of Access Control, Part 15, PassThrough, Password Based Key Derivation (PKCS #5), Protected Authentication Paths, File Permissions, Pretty Good Privacy (PGP), Phase I. Establishing a Foothold: Self-Check, Phase II. Finding our Friends: Bilateral Authentication, Phase III. Secure Linkage Check, A Phased Approach, Key Recovery Phases, ASN.1 Structures for PKCS #8 Wrapping, Diffie-Hellman (PKCS #3), Password Based Key Derivation (PKCS #5), PKWARE Archive File Format Specification, Plaintext Keys, Object Pointers, Trust Policy Modules (TPs), PVC Policy Configuration Options, Trust Policy (TP) Services, Trust Policy Operations, Local Application-Domain-Specific Trust Policy Functions, Trust Policy Services API, Key Recovery Policy, Key Recovery Policy, PolicyMaker, TP Policy-OIDS Relation, Signed Portion of an HTML Page, Preface, Pre-Master Key Generation, Pretty Good Privacy (PGP), Primary EMM Service Provider Relation, CSP Primary Relation, DL Primary Relation, CL Primary Relation, TP Primary Relation, AC Primary Relation, KR Primary Relation, CSP Primary Relation, Pretty Good Privacy (PGP), Private key, Application Privilege, Privileged Application, Privileged Context Function, Privileged Context Operation, Privileged Capabilities, CDSA and Privileges, CDSA and USEE Privileges, Manifest Attributes for MDS Access Control Privileges, Problem Statement, Authorization Reduction Process, Issuing an Add-In Module Product Certificate, CSP Encapsulated Product Relation, CSP Encapsulated Products Relation, DL Encapsulated Products Relation, CL Encapsulated Products Relation, TP Encapsulated Products Relation, Key Recovery Profiles, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Protected Authentication Paths, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, Hypertext Transfer Protocol (HTTP), Using MDS in Integrity Verification Protocols, Service Provider View of a Multi-Service Add-In Module, Primary EMM Service Provider Relation, Certificate Library Service Provider X.509 Field OIDs, Runtime LifeCycle of the Service Provider Module, CSSM Upcalls for Service Provider Modules, Guidelines for Each Service Provider type, Cryptographic Service Provider Behavior, Cryptographic Service Providers (CSPs), Cryptographic Service Providers (CSP), Cryptographic Service Providers, Cryptographic Service Providers (CSPs), Key Formats for Public Key-Based Algorithms, Public key, Open Group Publications, Purpose of CSP Multi-Service Modules, PVC Policy Configuration Options

q

CSP Query Mechanisms, Querying Key Sizes, Querying Output Sizes, Querying State of the CSP Subservice, QueryKeySizeInBits, QuerySize, Stock Quote Service

r

Random Number Generation Capabilities, Random number generators, Additional RC2 Requirements, Additional RC5 Requirements, Receiving Context Events, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, Data Record Operations, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, Key Recovery (KR) Services, Key Recovery Types, Key Recovery Phases, Lifetime of Key Recovery Fields, Key Recovery Policy, Key Recovery Nomenclature, Key Recovery in the Common Data Security Architecture, Key Recovery in the CDSA, Operational Scenarios for Key Recovery, Key Recovery Profiles, Key Recovery Context, Key Recovery Policy, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Key Recovery Module Manager, Key Recovery Enablement, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Example Application Using Key Recovery APIs, Key Recovery MDS Relation, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Interfaces, Authorization Reduction Process, Algorithm Reference, Referenced Documents, Key References, Static Referent Objects, Dynamic Referent Objects with Verified Source, Embedded or Nested Referent Objects, Verifying Referents in the Manifest, RefreshFunctionTable, RegisterDispatchTable, Registering Module Managers, Registering Module Managers, CSP Registration, Key Recovery Registration and Request Operations, Key Recovery Registration Operations, Key Recovery Registration Operations, Object Directory Database and the Object Relation, CSSM Relation, KRMM Relation, EMM Relation, Primary EMM Service Provider Relation, Common Relation, CSP Primary Relation, CSP Capabilities Relation, CSP Encapsulated Products Relation, CSP SmartcardInfo Relation, DL Primary Relation, DL Encapsulated Products Relation, CL Primary Relation, CL Encapsulated Products Relation, TP Primary Relation, TP Policy-OIDS Relation, TP Encapsulated Products Relation, MDS Schema Relation, AC Primary Relation, KR Primary Relation, CDSA Relation Attributes, Key Recovery MDS Relation, Common Relation, CSP Primary Relation, CSP Encapsulated Product Relation, CSP Smartcard Relation, CSP Capabilities Relation, EISL Object Relationships and Life Cycle, Sending Insert and Remove Events, Representation Constraints, File-Based Representation of Signed Manifests, Example Authorization Request, Key Recovery Registration and Request Operations, Key Recovery Request Operations, Key Recovery Request Operations, Requesting Key Format Types, Required Capability Attributes, Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, Additional RC2 Requirements, Additional RC5 Requirements, Resource Owner, Resource Owner, Resources that Transform Locations, RetrieveCounter, RetrieveUniqueId, Common Error Return Codes, Returning Buffers of Data, Certificate Revocation List Operations, OIDs for X.509 Certificate Revocation Lists, Verified Signature Root Object, Signature Root Methods, Root certificate, RSA, Combination Signatures with RSA, Runtime LifeCycle of the Service Provider Module, Runtime Life Cycle of the Module

s

Multiple CSSM Vendors Authenticating Same Application, Operational Scenarios for Key Recovery, Definitions for Schema Management Record Types, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, MDS Schema Relation, MDS Schema Definition, Updating MDS Schema, Error Values and Error Codes Scheme, X->N ACL (-,-,S,D,X,-), X->S ACL (-,-,S,D,X,-), Encryption and MACing Secret Key Derivation, Secret key, Manifest Section Object, Manifest Section Object Methods, Manifest Sections, Signer Information Sections, Phase III. Secure Linkage Check, Secure Linkage, Secure Linkage Services, Integrity and Secure Linkage, Secure Electronic Transaction (SET), Secure MIME (S/MIME), Secure Sockets Layer (SSL), Common Data Security Architecture (CDSA), Layered Security Services, Common Security Services Manager Layer, Security Add-In Modules Layer, Common Data Security Architecture, Dispatching Application Calls for Security Services, Security Context Services, Common Security Services Manager, System Security Services, Common Data Security Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Security Services, Common Data Security Architecture, Common Security Services Manager, Security Context, Security-relevant event, Selecting CDSA Components, Phase I. Establishing a Foothold: Self-Check, Sending Insert and Remove Events, Sending Fault Events, Signed Objects Whose Signatures Serve to Carry the Object, Cryptographic Service Providers (CSPs), Service Provider View of a Multi-Service Add-In Module, Service Module Requirements if USEE Tags are Supported, Cryptographic Service Providers (CSP), Cryptographic Service Providers, Module Directory Service (MDS), Primary EMM Service Provider Relation, MDS Database Service APIs, Stock Quote Service, Certificate Library Service Provider X.509 Field OIDs, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, CSSM Service Functions used by an EMM, Runtime LifeCycle of the Service Provider Module, Service Module Requirements for USEE Tags Support, Installing a Service Module, Attaching a Service Module, CSSM Upcalls for Service Provider Modules, Guidelines for Each Service Provider type, Module Directory Service Information, Cryptographic Service Provider Behavior, Cryptographic Service Providers (CSPs), Layered Security Services, Common Security Services Manager Layer, General Module Management Services, Dispatching Application Calls for Security Services, Integrity Services, Security Context Services, Common Security Services Manager, System Security Services, CSSM Core Services, Module Management Services, Core Services, Data Structures for Core Services, CSSM Core Services, Cryptographic Services Operations, Buffer Management for Cryptographic Services, Cryptographic Services, Trust Policy (TP) Services, Trust Services, Trust Policy Services API, Authorization Computation (AC) Services, Authorization Computation Services, Certificate Library (CL) Services, Certificate Library Services, Data Storage Library (DL) Services, Data Storage Library Services, Module Directory Services APIs, Key Recovery (KR) Services, Embedded Integrity Services Library (EISL), Using Library Services, Credential and Attribute Verification Services, Secure Linkage Services, Security Services, Common Security Services Manager, Session key, Cryptographic Sessions and Controlled Access to Keys, Core Set of Name:Value Pairs, Secure Electronic Transaction (SET), MD5 and SHA-1 MACing, State Sharing Among Module Managers, State Sharing Among Module Managers, Verified Signature Root Object, Signature Root Methods, Signature Blocks, Signed Objects Whose Signature Blocks are Embedded, Signature OID Definition, Asymmetric Signature Capabilities, Digital signature, Signature, Signature chain, Signed Manifests-Verifying Signatures, Signed Objects Whose Signatures Serve to Carry the Object, Digital Signatures, Combination Signatures, Encrypt-only Signatures, Combination Signatures with RSA, Combination Signatures with DSA, SignData, SignDataFinal, SignDataInit, SignDataUpdate, Signed Manifest, Signed Manifests, Signed Manifests-Requirements, Signed Manifests-The Architecture, Signed Manifests-Verifying Signatures, File-Based Representation of Signed Manifests, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Signed Portion of an HTML Page, Signed Manifests-Examples, Signed Manifests, Signer Information Sections, Signer Information, Signing Information Header, Signing Information Examples, Certificate signing, Allocation of Single Output Buffers, Querying Key Sizes, Querying Output Sizes, CSP Smartcard Relation, CSP SmartcardInfo Relation, Secure MIME (S/MIME), Secure Sockets Layer (SSL), Dynamic Referent Objects with Verified Source, Dynamic Sources with no Associated Data, MDS Name Space, MDS Name Space and Directory Structures, Base of the Object Identifier Name Space, Common Error Values for Specific Data Types, DL Error Values for Specific Data Types, DL Specific Error Values, Common Error Codes for Specific Data Types, Manifest Header Specification, Format Specification, Format Specification, Extensions to the JavaSoft/Netscape Specification, PKWARE Archive File Format Specification, Versions and Issues of Specifications, License Agreement for CDSA Specifications, Use of Other Standards or Specifications, Interoperable Format Specifications for X.509, SPI TP, DL SPI, SSL 3.0 Algorithms, Secure Sockets Layer (SSL), CSP Staged Cryptographic API Error Values, Use of Other Standards or Specifications, State Sharing Among Module Managers, State Sharing Among Module Managers, Querying State of the CSP Subservice, Problem Statement, Static Referent Objects, Stock Quote Service, Data Storage Library Modules (DLs), Data Storage Library (DL) Services, Data Storage Data Structures, Data Storage Library Operations, Data Storage Operations, Data Storage Library Services, Managing Multiple Key Storage Databases, Symmetric Stream Cipher Capabilities, Generic Stream Ciphers, Data Structure, Types and Data Structure, Add-In Module Structure and Administration, Add-In Module Structure, Add-In Module Structure, Data Structure for Add-in Modules, CSSM_API_MEMORY_FUNCS Data Structure, Data Structures for Core Services, Data Structures, Data Structures, Data Structures, Data Structures, Data Storage Data Structures, MDS Name Space and Directory Structures, Data Structures, Data Structures, C Language Data Structures, Certificate OIDs and Certificate Data Structures, C Language Data Structures for X.509 CRLs, Associating CRL OIDs and CRL Data Structures, Data Structures, ASN.1 Structures for PKCS #8 Wrapping, Data Structures, Data Structures, Querying State of the CSP Subservice, Assigning Subservice Identifiers, Summary of Interface Calls, Memory Management Support, Service Module Requirements for USEE Tags Support, Service Module Requirements if USEE Tags are Supported, Foreign Language Support-Multiple Hash Values, Symmetric Key Generation Capabilities, Symmetric Block Cipher Capabilities, Symmetric Stream Cipher Capabilities, Symmetric algorithms, System Security Services

t

Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, Terminate, Terminology, Resources that Transform Locations, Verification of Modules and their Credentials, This Document, The Threat Model, Token, Trust Policy (TP) Services, CDSA TP Features, SPI TP, TP Error Values Derived from Common Error Codes, Common TP Error Values, TP Primary Relation, TP Policy-OIDS Relation, TP Encapsulated Products Relation, TP_ApplyCrlToDb, TP_CertCreateTemplate, TP_CertGetAllTemplateFields, TP_CertGroupConstruct, TP_CertGroupPrune, TP_CertGroupToTupleGroup, TP_CertGroupVerify, TP_CertReclaimAbort, TP_CertReclaimKey, TP_CertRemoveFromCrlTemplate, TP_CertRevoke, TP_CertSign, TP_ConfirmCredResult, TP_CrlCreateTemplate, TP_CrlSign, TP_CrlVerify, TP_FormRequest, TP_FormSubmit, TP_PassThrough, TP_ReceiveConfirmation, Trust Policy Modules (TPs), TP_SubmitCredRequest, TP_TupleGroupToCertGroup, Trademarks, Secure Electronic Transaction (SET), Hypertext Transfer Protocol (HTTP), Resources that Transform Locations, Transparent, Dynamic Attach, Transparent, Dynamic Attach, Trust Policy Modules (TPs), Trust Policy (TP) Services, Trust Model, Trust Services, Trust Policy Operations, Local Application-Domain-Specific Trust Policy Functions, Trust Policy Services API, Extending Trust, Web of trust, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, Guidelines for Each Service Provider type, Common Error Values for All Module Types, Common Error Values for Specific Data Types, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, DL Error Values for Specific Data Types, Key Recovery Types, Types and Data Structure, Common Error Codes For All Module Types, Common Error Codes for Specific Data Types, Requesting Key Format Types, Types of Memory Allocation, Typographic Conventions

u

Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Protocol for Unloading a Service Module, UnwrapKey, UnwrapKeyP, Memory Management Upcalls, CSSM Upcalls for Service Provider Modules, Updating MDS Schema, Updating MDS Databases, Basic Algorithm Usage, Module-Granted Use Exemptions, Use of Other Standards or Specifications, Module-Granted Use Exemptions, CSSM Service Functions used by an EMM, CDSA and USEE Privileges, Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, USEE, Using MDS in Integrity Verification Protocols, Example Application Using Key Recovery APIs, Using Library Services, Utility Functions

v

Object Identifiers for X.509 V3 Certificates, Certificate validity date, Error Codes and Error Value Enumeration, Error Values Derived from Common Error Codes, CSSM Module-Specific Error Values, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Common TP Error Values, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, AC Error Values, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, CL Error Values, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, Error Codes and Error Values, Ordering Metadata Values, Foreign Language Support-Multiple Hash Values, Error Values and Error Codes Scheme, General Error Values, Assigning GroupId Values, Vector of Buffers, CSP Vector of Buffers Error Values, Allocation of Vector-of-Buffers, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, CSSM-Enforced Integrity Verification, Using MDS in Integrity Verification Protocols, Verification of Modules and their Credentials, Credential and Attribute Verification Services, Integrity Verification, Integrity Verification, Verification, Verified Signature Root Object, Verified Certificate Chain Object, Verified Certificate Object, Verified Module Object, Dynamic Referent Objects with Verified Source, VerifyData, VerifyDataFinal, VerifyDataInit, VerifyDataUpdate, VerifyDevice, Verifying Components, Verifying the Manifest, Verifying Referents in the Manifest, VerifyMac, VerifyMacFinal, VerifyMacInit, VerifyMacUpdate, Versions and Issues of Specifications, Authorization via Name, Authorization via Names, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module

w

Web of trust, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Why an Embedded Library?, Low-Order Word, High-Order Word, WrapKey, WrapKeyP, Wrapped Keys, ASN.1 Structures for PKCS #8 Wrapping, Write-Access to MDS Databases

x

Certificate Library Service Provider X.509 Field OIDs, Interoperable Format Specifications for X.509, Object Identifiers for X.509 V3 Certificates, OIDs for X.509 Certificate Library Modules, C Language Data Structures for X.509 CRLs, OIDs for X.509 Certificate Revocation Lists, X->N ACL (-,-,S,D,X,-), X->N Attribute Certificate (I,-,S,D,X,V), X->S ACL (-,-,S,D,X,-), X->S Authorization Certificate (I,-,S,D,X,V)