Common Security: CDSA and CSSM, Version 2
Copyright © 1999 The Open Group

INDEX

1 [ a b c d e f g h i j k l m n o p q r s t u v w x

1

Footnotes - 1.

[

Protocol for Unloading a Service Module - [??]

a

Algorithm Use Abbreviations, AC Error Values Derived from Common Error Codes, AC Error Values, AC Primary Relation, AC_AuthCompute, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Cryptographic Sessions and Controlled Access to Keys, MDS Installation and Access, Multi-User Access Model, Manifest Attributes for MDS Access Control Privileges, General Access Control over MDS Databases, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Cryptographic Sessions and Controlled Access to Keys, Acknowledgements, Common ACL Error Values, X->N ACL (-,-,S,D,X,-), X->S ACL (-,-,S,D,X,-), XN ACL <-,-,S,D,X,->, XS ACL <-,-,S,D,X,->, DL Error Values Derived from ACL-based Error Codes, Common Error Codes for ACLs, Administrator ACLs, Authorization Computation Modules (ACs), Security Add-In Modules Layer, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, Add-In Module Structure and Administration, Add-In Module Structure, Add-In Module Structure, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, Manufacturing Add-In Modules, Manufacturing an Add-In Module, Data Structure for Add-in Modules, Add-In Module Administration, Add-In Module Interface Functions, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CSSM Add-In Module Overview, CDSA Add-In Module Overview, CDSA Add-In Module Overview, Additional CSP Services, CSSM_ATTRIBUTE_TYPE Additions, MDS Administration, Administration of Elective Module Managers, Add-In Module Structure and Administration, Module Administration Components, Add-In Module Administration, Administrator ACLs, License Agreement for CDSA Specifications, Algorithm Use Abbreviations, Basic Algorithm Usage, Algorithm List, Cryptographic algorithm, Hash algorithm, Key Formats for Public Key-Based Algorithms, CSSM Algorithms, Key Formats for Public Key-Based Algorithms, Asymmetric algorithms, Symmetric algorithms, Common Error Values for All Module Types, Common Error Codes For All Module Types, State Sharing Among Module Managers, State Sharing Among Module Managers, Cryptographic Services API, Trust Policy Services API, Authorization Computation Services API, Certificate Library API, Data Storage Library API, Core Services API, CSP Staged Cryptographic API Error Values, Cryptographic Services API, Trust Policy Services API, Authorization Computation Services API, Certificate Library Services API, Data Storage Library Services API, API Overview, CSSM Key Recovery API, CDSA Embedded Integrity Services Library API, MDS Context APIs, MDS Installation APIs, MDS Database Service APIs, Module Directory Services APIs, An Example Application Using Key Recovery APIs, Key Recovery APIs, Dispatching Application Calls for Security Services, Application Developer View of a Multi-Service Add-In Module, Application Privilege, Multiple CSSM Vendors Authenticating Same Application, Application and Certificate Library Interaction, Definitions for Open Group Application Record Types, Application Memory Functions, Privileged Application, An Example Application Using Key Recovery APIs, Local Application-Domain-Specific Trust Policy Functions, Local Application-Domain-Specific TP Functions, A Phased Approach, Architectural Assumptions, Architectural Overview, Common Data Security Architecture (CDSA), Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Signed Manifests-The Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, PKWARE Archive File Format Specification, Service Module Requirements if USEE Tags are Supported, Signed Objects Whose Signature Blocks are Embedded, Authentication as Part of Access Control, Authorization as Part of Access Control, Authentication as Part of Access Control, Authorization as Part of Access Control, ASN.1 Structures for PKCS #8 Wrapping, Dynamic Sources with no Associated Data, Associating CRL OIDs and CRL Data Structures, Architectural Assumptions, Asymmetric algorithms, Transparent, Dynamic Attach, Transparent, Dynamic Attach, Protocol for Attaching a Service Module, Attaching a Service Module, X->N Attribute Certificate (I,-,S,D,X,V), Credential and Attribute Verification Services, Certificate Attribute Methods, XN Attribute Certificate <I,-,S,D,X,V>, CDSA Relation Attributes, Manifest Attributes for MDS Access Control Privileges, Intended Audience, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, Authentication as Part of Access Control, Phase II. Finding our Friends: Bilateral Authentication, Bilateral Authentication, Bilateral Authentication, Authentication as Part of Access Control, Certification Authority (CA), Authorization Computation Modules (ACs), Authorization Evaluation Services, Authorization Computation Services API, Authorization Computation Modules, Authorization as Part of Access Control, Direct authorization, Authorization via Name, X->S Authorization Certificate (I,-,S,D,X,V), Direct, Delegated Authorization, Authorization via Names, The Logic of Authorization, The Authorization Reduction Process, Example Authorization Request, Authorization Computation Operations, Authorization Computation Services API, Authorization as Part of Access Control, CSSM Authorization Computation Interface, Authorization Computation Overview, Direct Authorization, Authorization via Name, XS Authorization Certificate <I,-,S,D,X,V>, Direct, Delegated Authorization, Authorization via Names, The Logic of Authorization, The Authorization Reduction Process, Example Authorization Request, Authorization Computation Operations, Authorization Computation Interface

b

Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Basic Module Managers, Basic Algorithm Usage, Cryptographic Service Provider Behavior, Phase II. Finding our Friends: Bilateral Authentication, Bilateral Authentication, Bilateral Authentication, Signature Blocks, Signed Objects Whose Signature Blocks are Embedded, Buffer Management for Cryptographic Services, Buffer Management for Cryptographic Services, Returning Buffers of Data, Vector of Buffers, CSP Vector of Buffers Error Values, Returning Buffers of Data, Vector of Buffers, CSSM Service Functions used by an EMM

c

C Language Data Structures, C Language Data Structures for X.509 CRLs, Certification Authority (CA), Dispatching Application Calls for Security Services, CSP Capabilities Relation, Signed Objects Whose Signatures Serve to Carry the Object, carve-outs, Categories of Operations, License Agreement for CDSA Specifications, Common Data Security Architecture (CDSA), Selecting CDSA Components, CDSA and Privileges, CDSA and USEE Privileges, MDS in CDSA, CDSA Directory Database, CDSA Relation Attributes, CDSA Directory, CDSA Embedded Integrity Services Library API, CDSA Signed Manifest, CDSA OIDs for Certificate Library Modules, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CDSA, Certificate Library Modules (CLs), Certificate Library API, Certificate Library Modules, X->N Attribute Certificate (I,-,S,D,X,V), N->S ID Certificate (I,N,S,-,-,V), X->S Authorization Certificate (I,-,S,D,X,V), Application and Certificate Library Interaction, Certificate Operations, Certificate Revocation List Operations, Certificate Library Services API, Verified Certificate Chain Object, Verified Certificate Object, Certificate Chain Methods, Certificate Attribute Methods, CDSA OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, Certificate OID Definition, Certificate OIDs and Certificate Data Structures, OIDs for X.509 Certificate Library Modules, OIDs for X.509 Certificate Revocation Lists, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, XN Attribute Certificate <I,-,S,D,X,V>, NS ID Certificate <I,N,S,-,-,V>, XS Authorization Certificate <I,-,S,D,X,V>, CSSM Certificate Library Interface, Certificate Life Cycle, Certificate Library Module, Certificate Operations, Certificate Revocation List Operations, Certificate Library Interface, Certificate, Certificate chain, Certificate signing, Certificate validity date, Digital certificate, Leaf Certificate, Owned certificate, Root certificate, Classes of Certificates and Other Credentials, Operations on Certificates, Object Identifiers for X.509 V3 Certificates, Classes of Certificates and Other Credentials, Certification Authority (CA), CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, Verified Certificate Chain Object, Certificate Chain Methods, Certificate chain, Signature chain, Phase III. Secure Linkage Check, Creating Checkable Components, CL Error Values Derived from Common Error Codes, CL Error Values, CL Primary Relation, CL Encapsulated Products Relation, Classes of Certificates and Other Credentials, Classes of Certificates and Other Credentials, CL_CertAbortCache, CL_CertAbortQuery, CL_CertCache, CL_CertCreateTemplate, CL_CertDescribeFormat, CL_CertGetAllFields, CL_CertGetAllTemplateFields, CL_CertGetFirstCachedFieldValue, CL_CertGetFirstFieldValue, CL_CertGetKeyInfo, CL_CertGetNextCachedFieldValue, CL_CertGetNextFieldValue, CL_CertGroupFromVerifiedBundle, CL_CertGroupToSignedBundle, CL_CertSign, CL_CertVerify, CL_CertVerifyWithKey, CL_CrlAbortCache, CL_CrlAbortQuery, CL_CrlAddCert, CL_CrlCache, CL_CrlCreateTemplate, CL_CrlDescribeFormat, CL_CrlGetAllCachedRecordFields, CL_CrlGetAllFields, CL_CrlGetFirstCachedFieldValue, CL_CrlGetFirstFieldValue, CL_CrlGetNextCachedFieldValue, CL_CrlGetNextFieldValue, CL_CrlRemoveCert, CL_CrlSetFields, CL_CrlSign, CL_CrlVerify, CL_CrlVerifyWithKey, Initialization and Cleanup, CL_FreeFields, CL_FreeFieldValue, CL_IsCertInCachedCrl, CL_IsCertInCrl, CL_PassThrough, Certificate Library Modules (CLs), Configurable CSSM Error Code Constants, CSSM Error Code Constants, Error Values Derived from Common Error Codes, Common Error Return Codes, CSP Error Values Derived from Common Error Codes, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, Error Codes and Error Values, Error Values and Error Codes Scheme, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Error Codes and Error Value Enumeration, Error Return Codes, Error Return Codes, Error Return Codes, Combination Signatures, Combination Signatures with RSA, Common Data Security Architecture (CDSA), Common Security Services Manager Layer, Common Data Security Architecture, Common Security Services Manager, Common Security Services Manager (CSSM), Common Data Security Architecture, Error Values Derived from Common Error Codes, Common Error Return Codes, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, TP Error Values Derived from Common Error Codes, Common TP Error Values, AC Error Values Derived from Common Error Codes, CL Error Values Derived from Common Error Codes, DL Error Values Derived from Common Error Codes, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Common Data Security Architecture, Common Relation, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Security Services Manager, Verifying Components, Creating Checkable Components, Selecting CDSA Components, Module Administration Components, Authorization Computation Modules (ACs), Authorization Computation Services API, Authorization Computation Modules, Authorization Computation Operations, Authorization Computation Services API, CSSM Authorization Computation Interface, Authorization Computation Overview, Authorization Computation Operations, Authorization Computation Interface, Configurable CSSM Error Code Constants, PVC Policy Configuration Options, Configurable CSSM Error Code Constants, CSSM Error Code Constants, Representation Constraints, Security Context Services, CSP Cryptographic Context Error Values, Cryptographic Context Operations, MDS Context APIs, Key Recovery Context, Key Recovery Context Operations, Key Recovery Context Operations, Privileged Context Functions, Privileged Context Operations, Security Context, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Manifest Attributes for MDS Access Control Privileges, General Access Control over MDS Databases, Authentication as Part of Access Control, Authorization as Part of Access Control, Modules Control Access to Objects, Cryptographic Sessions and Controlled Access to Keys, Cryptographic Sessions and Controlled Access to Keys, Conventions, Data Structures for Core Services, Core Functions, Core Services API, Core Set of Name:Value Pairs, Integrity Core, Dublin Core, Corrigenda, Creating Checkable Components, Credential Format Options, Credential and Attribute Verification Services, Credential Format Options, Classes of Certificates and Other Credentials, Location of Modules and Credentials, Verification of Modules and their Credentials, Integrity Credentials, Module Manager Credentials, Classes of Certificates and Other Credentials, CRL OIDs, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Associating CRL OIDs and CRL Data Structures, C Language Data Structures for X.509 CRLs, Cryptographic Service Providers (CSPs), Cryptographic Service Provider Registration, Cryptographic Services API, Cryptographic Service Provider Modules, Buffer Management for Cryptographic Services, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Cryptographic Context Operations, Cryptographic Sessions and Controlled Access to Keys, Cryptographic Operations, Cryptographic Services API, Cryptographic Service Provider Behavior, Extensions to the Cryptographic Module Manager, CSSM Cryptographic Service Provider Interface, Cryptographic Service Provider Overview, Buffer Management for Cryptographic Services, Cryptographic Operations, Cryptographic Sessions and Controlled Access to Keys, Cryptographic algorithm, Cryptographic Service Providers (CSPs), Cryptoki, CSP Form Factor, Additional CSP Services, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, CSP Primary Relation, CSP Capabilities Relation, CSP Encapsulated Products Relation, CSP SmartcardInfo Relation, CSP_ChangeKeyAcl, CSP_ChangeKeyOwner, CSP_ChangeLoginAcl, CSP_ChangeLoginOwner, CSP_DecryptData, CSP_DecryptDataFinal, CSP_DecryptDataInit, CSP_DecryptDataUpdate, CSP_DeriveKey, CSP_DigestData, CSP_DigestDataClone, CSP_DigestDataFinal, CSP_DigestDataInit, CSP_DigestDataUpdate, CSP_EncryptData, CSP_EncryptDataFinal, CSP_EncryptDataInit, CSP_EncryptDataUpdate, CSP_EventNotify, CSP_FreeKey, CSP_GenerateAlgorithmParams, CSP_GenerateKey, CSP_GenerateKeyPair, CSP_GenerateMac, CSP_GenerateMacFinal, CSP_GenerateMacInit, CSP_GenerateMacUpdate, CSP_GenerateRandom, CSP_GetKeyAcl, CSP_GetKeyOwner, CSP_GetLoginAcl, CSP_GetLoginOwner, CSP_GetTimeValue, CSP_Login, CSP_Logout, CSP_ObtainPrivateKeyFromPublicKey, CSP_PassThrough, CSP_QueryKeySizeInBits, CSP_QuerySize, CSP_RetrieveCounter, CSP_RetrieveUniqueId, Cryptographic Service Providers (CSPs), Legacy CSPs, Cryptographic Service Providers (CSPs), CSP_SignData, CSP_SignDataFinal, CSP_SignDataInit, CSP_SignDataUpdate, CSP_UnwrapKey, CSP_VerifyData, CSP_VerifyDataFinal, CSP_VerifyDataInit, CSP_VerifyDataUpdate, CSP_VerifyDevice, CSP_VerifyMac, CSP_VerifyMacFinal, CSP_VerifyMacInit, CSP_VerifyMacUpdate, CSP_WrapKey, Common Security Services Manager (CSSM), Integrity of the CSSM Environment, Multiple CSSM Vendors Authenticating Same Application, CSSM Module-Specific Error Values, CSSM Algorithms, Configurable CSSM Error Code Constants, CSSM Error Code Constants, CSSM Error Handling, CSSM Module Directory Service (MDS) Interface, CSSM Relation, CSSM Key Recovery API, Key Recovery Enablement in CSSM, CSSM Elective Module Manager, Interaction with CSSM, CSSM Service Functions used by an EMM, Authenticating to Multiple CSSM Vendors, CSSM Upcalls for Service Provider Modules, CSSM Cryptographic Service Provider Interface, CSSM Trust Policy Interface, CSSM Authorization Computation Interface, CSSM Certificate Library Interface, CSSM Add-In Module Overview, CSSM Data Storage Library Interface, CSSM Key Recovery Interface, CSSM, CSSM_AC_AuthCompute, CSSM_ACCESS_CREDENTIALS, CSSM_AC_HANDLE, CSSM_ACL_AUTHORIZATION_TAG, CSSM_ACL_EDIT, CSSM_ACL_EDIT_MODE, CSSM_ACL_ENTRY_INFO, CSSM_ACL_ENTRY_INPUT, CSSM_ACL_ENTRY_PROTOTYPE, CSSM_ACL_HANDLE, CSSM_ACL_OWNER_PROTOTYPE, CSSM_ACL_SUBJECT_CALLBACK, CSSM_ACL_SUBJECT_TYPE, CSSM_ACL_VALIDITY_PERIOD, CSSM_AC_PassThrough, CSSM_AC_PassThrough, CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS, CSSM_API_MEMORY_FUNCS Data Structure, CSSM_API_ModuleEventHandler, CSSM_ATTACH_FLAGS, CSSM_ATTRIBUTE_TYPE, CSSM_ATTRIBUTE_TYPE Additions, CSSM_AUTHORIZATIONGROUP, CSSM_BASE_CERTS, CSSM_BER_TAG, CSSM_BOOL, CSSM_CALLBACK, CSSM_CC_HANDLE, cssm_CcToHandle, CSSM_CERT_BUNDLE, CSSM_CERT_BUNDLE_ENCODING, CSSM_CERT_BUNDLE_HEADER, CSSM_CERT_BUNDLE_TYPE, CSSM_CERT_ENCODING, CSSM_CERTGROUP, CSSM_CERTGROUP_TYPE, CSSM_CERTPAIR, CSSM_CERT_PARSE_FORMAT, CSSM_CERT_TYPE, CSSM_CHALLENGE_CALLBACK, CSSM_ChangeKeyAcl, CSSM_ChangeKeyOwner, CSSM_CL_CertAbortCache, CSSM_CL_CertAbortQuery, CSSM_CL_CertCache, CSSM_CL_CertCreateTemplate, CSSM_CL_CertDescribeFormat, CSSM_CL_CertGetAllFields, CSSM_CL_CertGetAllTemplateFields, CSSM_CL_CertGetFirstCachedFieldValue, CSSM_CL_CertGetFirstFieldValue, CSSM_CL_CertGetKeyInfo, CSSM_CL_CertGetNextCachedFieldValue, CSSM_CL_CertGetNextFieldValue, CSSM_CL_CertGroupFromVerifiedBundle, CSSM_CL_CertGroupToSignedBundle, CSSM_CL_CertSign, CSSM_CL_CertVerify, CSSM_CL_CertVerifyWithKey, CSSM_CL_CrlAbortCache, CSSM_CL_CrlAbortQuery, CSSM_CL_CrlAddCert, CSSM_CL_CrlCache, CSSM_CL_CrlCreateTemplate, CSSM_CL_CrlDescribeFormat, CSSM_CL_CrlGetAllCachedRecordFields, CSSM_CL_CrlGetAllFields, CSSM_CL_CrlGetFirstCachedFieldValue, CSSM_CL_CrlGetFirstFieldValue, CSSM_CL_CrlGetNextCachedFieldValue, CSSM_CL_CrlGetNextFieldValue, CSSM_CL_CrlRemoveCert, CSSM_CL_CrlSetFields, CSSM_CL_CrlSign, CSSM_CL_CrlVerify, CSSM_CL_CrlVerifyWithKey, CSSM_CL_FreeFields, CSSM_CL_FreeFieldValue, CSSM_CL_HANDLE, CSSM_CL_IsCertInCachedCrl, CSSM_CL_IsCertInCrl, CSSM_CL_PassThrough, CSSM_CL_TEMPLATE_TYPE, CSSM_CONTEXT, CSSM_CONTEXT_ATTRIBUTE, CSSM_CONTEXT_EVENT_TYPE, CSSM_CONTEXT_TYPE, CSSM_CRL_ENCODING, CSSM_CRLGROUP, CSSM_CRLGROUP_TYPE, CSSM_CRL_PAIR, CSSM_CRL_PARSE_FORMAT, CSSM_CRL_TYPE, CSSM_CRYPTO_DATA, CSSM_CSP_ChangeLoginAcl, CSSM_CSP_ChangeLoginOwner, CSSM_CSP_CreateAsymmetricContext, CSSM_CSP_CreateDeriveKeyContext, CSSM_CSP_CreateDigestContext, CSSM_CSP_CreateKeyGenContext, CSSM_CSP_CreateMacContext, CSSM_CSP_CreatePassThroughContext, CSSM_CSP_CreateRandomGenContext, CSSM_CSP_CreateSignatureContext, CSSM_CSP_CreateSymmetricContext, CSSM_CSP_FLAGS, CSSM_CSP_GetLoginAcl, CSSM_CSP_GetLoginOwner, CSSM_CSP_GetOperationalStatistics, CSSM_CSP_GetOperationalStatistics, CSSM_CSP_HANDLE, CSSM_CSP_Login, CSSM_CSP_Logout, CSSM_CSP_ObtainPrivateKeyFromPublicKey, CSSM_CSP_OPERATIONAL_STATISTICS, CSSM_CSP_PassThrough, CSSM_CSP_READER_FLAGS, CSSM_CSP_TYPE, CSSM_DATA, CSSM_DATE, CSSM_DB_ACCESS_TYPE, CSSM_DB_ATTRIBUTE_DATA, CSSM_DB_ATTRIBUTE_FORMAT, CSSM_DB_ATTRIBUTE_INFO, CSSM_DB_ATTRIBUTE_NAME_FORMAT, CSSM_DB_CERTRECORD_SEMANTICS, CSSM_DB_CONJUNCTIVE, CSSM_DB_DATASTORES_UNKNOWN, CSSM_DB_HANDLE, CSSM_DB_INDEXED_DATA_LOCATION, CSSM_DB_INDEX_INFO, CSSM_DB_INDEX_TYPE, CSSM_DBINFO, CSSM_DB_MODIFY_MODE, CSSM_DB_OPERATOR, CSSM_DB_PARSING_MODULE_INFO, CSSM_DB_RECORD_ATTRIBUTE_DATA, CSSM_DB_RECORD_ATTRIBUTE_INFO, CSSM_DB_RECORD_INDEX_INFO, CSSM_DB_RECORDTYPE, CSSM_DB_RETRIEVAL_MODES, CSSM_DB_SCHEMA_ATTRIBUTE_INFO, CSSM_DB_SCHEMA_INDEX_INFO, CSSM_DB_UNIQUE_RECORD, CSSM_DecryptData, CSSM_DecryptDataFinal, CSSM_DecryptDataInit, CSSM_DecryptDataInitP, CSSM_DecryptDataP, CSSM_DecryptDataUpdate, CSSM_DeleteContext, CSSM_DeleteContextAttributes, cssm_DeregisterManagerServices, CSSM_DeriveKey, CSSM_DigestData, CSSM_DigestDataClone, CSSM_DigestDataFinal, CSSM_DigestDataInit, CSSM_DigestDataUpdate, CSSM_DL_Authenticate, CSSM_DL_ChangeDbAcl, CSSM_DL_ChangeDbOwner, CSSM_DL_CreateRelation, CSSM_DL_DataAbortQuery, CSSM_DL_DataDelete, CSSM_DL_DataGetFirst, CSSM_DL_DataGetFromUniqueRecordId, CSSM_DL_DataGetNext, CSSM_DL_DataInsert, CSSM_DL_DataModify, CSSM_DL_DbClose, CSSM_DL_DbCreate, CSSM_DL_DbDelete, CSSM_DL_DB_HANDLE, CSSM_DL_DB_LIST, CSSM_DL_DbOpen, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, CSSM_DL_DestroyRelation, CSSM_DL_FreeNameList, CSSM_DL_FreeUniqueRecord, CSSM_DL_GetDbAcl, CSSM_DL_GetDbNameFromHandle, CSSM_DL_GetDbNames, CSSM_DL_GetDbOwner, CSSM_DL_HANDLE, CSSM_DL_PassThrough, CSSM_DL_PKCS11_ATTRIBUTES, CSSM_DLTYPE, CSSM_ELAPSED_TIME_COMPLETE, CSSM_ELAPSED_TIME_UNKNOWN, CSSM_ENCODED_CERT, CSSM_ENCODED_CRL, CSSM_EncryptData, CSSM_EncryptDataFinal, CSSM_EncryptDataInit, CSSM_EncryptDataInitP, CSSM_EncryptDataP, CSSM_EncryptDataUpdate, CSSM_ENCRYPT_MODE, CSSM-Enforced Integrity Verification, CSSM_ESTIMATED_TIME_UNKNOWN, CSSM_EVIDENCE, CSSM_EVIDENCE_FORM, CSSM_FIELD, CSSM_FIELDGROUP, CSSM_FIELDVALUE_COMPLEX_DATA_TYPE, CSSM_FreeContext, CSSM_FreeKey, CSSM_FUNC_NAME_ADDR, CSSM_GenerateAlgorithmParams, CSSM_GenerateKey, CSSM_GenerateKeyP, CSSM_GenerateKeyPair, CSSM_GenerateKeyPairP, CSSM_GenerateMac, CSSM_GenerateMacFinal, CSSM_GenerateMacInit, CSSM_GenerateMacUpdate, CSSM_GenerateRandom, CSSM_GetAPIMemoryFunctions, cssm_GetAppMemoryFunctions, cssm_GetAttachFunctions, CSSM_GetContext, CSSM_GetContextAttribute, CSSM_GetKeyAcl, CSSM_GetKeyOwner, CSSM_GetModuleGUIDFromHandle, cssm_GetModuleInfo, CSSM_GetPrivilege, CSSM_GetSubserviceUIDFromHandle, CSSM_GetTimeValue, CSSM_GUID, CSSM_HANDLE, CSSM_HEADERVERSION, CSSM_Init, CSSM_Introduce, cssm_IsFuncCallValid, CSSM_KEA_DERIVE_PARAMS, CSSM_KEY, CSSM_KEYATTR_FLAGS, CSSM_KEYBLOB_FORMAT, CSSM_KEYBLOB_TYPE, CSSM_KEYCLASS, CSSM_KEYHEADER, CSSM_KEY_HIERARCHY, CSSM_KEY_SIZE, CSSM_KEY_TYPE, CSSM_KEYUSE, CSSM_KR_CreateRecoveryEnablementContext, CSSM_KR_CreateRecoveryRegistrationContext, CSSM_KR_CreateRecoveryRequestContext, CSSM_KR_FreePolicyInfo, CSSM_KR_GenerateRecoveryFields, CSSM_KR_GetPolicyInfo, CSSM_KR_GetRecoveredObject, CSSM_KR_NAME, CSSM_KR_PassThrough, CSSM_KR_POLICY_FLAGS, CSSM_KR_POLICY_INFO, CSSM_KR_POLICY_LIST_ITEM, CSSM_KR_POLICY_TYPE, CSSM_KR_ProcessRecoveryFields, CSSM_KR_PROFILE, CSSM_KR_QueryPolicyInfo, CSSM_KR_RecoveryRequest, CSSM_KR_RecoveryRequestAbort, CSSM_KR_RecoveryRetrieve, CSSM_KR_RegistrationRequest, CSSM_KR_RegistrationRetrieve, CSSM_KR_SetEnterpriseRecoveryPolicy, CSSM_KRSP_HANDLE, CSSM_LIST, CSSM_ListAttachedModuleManagers, CSSM_LIST_ELEMENT, CSSM_LIST_ELEMENT_TYPE, CSSM_LIST_TYPE, CSSM_LONG_HANDLE, CSSM_MANAGER_EVENT_NOTIFICATION, CSSM_MANAGER_EVENT_TYPES, CSSM_MANAGER_REGISTRATION_INFO, CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS, CSSM_ModuleAttach, CSSM_ModuleDetach, CSSM_MODULE_EVENT, CSSM_MODULE_FUNCS, CSSM_MODULE_HANDLE, CSSM_ModuleLoad, CSSM_ModuleUnload, CSSM_NAME_LIST, CSSM_NET_ADDRESS, CSSM_NET_ADDRESS_TYPE, CSSM_NET_PROTOCOL, CSSM_OID, CSSM_PADDING, CSSM_PARSED_CERT, CSSM_PARSED_CRL, CSSM_PBE_PARAMS, CSSM_PKCS_OAEP, CSSM_PKCS_OAEP_PARAMS, CSSM_PRIVILEGE, CSSM_PRIVILEGE_SCOPE, CSSM_PROC_ADDR, CSSM_PVC_MODE, CSSM_QUERY, CSSM_QUERY_FLAGS, CSSM_QueryKeySizeInBits, CSSM_QUERY_LIMITS, CSSM_QuerySize, CSSM_QUERY_SIZE_DATA, CSSM_RANGE, cssm_ReleaseAttachFunctions, CSSM_RESOURCE_CONTROL_CONTEXT, CSSM_RetrieveCounter, CSSM_RetrieveUniqueId, CSSM_RETURN, CSSM_SAMPLE, CSSM_SAMPLEGROUP, CSSM_SAMPLE_TYPE, CSSM_SC_FLAGS, CSSM_SELECTION_PREDICATE, CSSM_SERVICE_MASK, CSSM_SERVICE_TYPE, CSSM_SetContext, CSSM_SetPrivilege, CSSM_SignData, CSSM_SignDataFinal, CSSM_SignDataInit, CSSM_SignDataUpdate, CSSM_SPI_AC_FUNCS, CSSM_SPI_CL_FUNCS, CSSM_SPI_CSP_FUNCS, CSSM_SPI_DL_FUNCS, CSSM_SPI_KR_FUNCS, CSSM_SPI_ModuleAttach, CSSM_SPI_ModuleDetach, CSSM_SPI_ModuleEventHandler, CSSM_SPI_ModuleLoad, CSSM_SPI_ModuleUnload, CSSM_SPI_TP_FUNCS, CSSM_STATE_FUNCS, CSSM_STRING, CSSM_SUBSERVICE_UID, CSSM_Terminate, CSSM_TIMESTRING, CSSM_TP_ACTION, CSSM_TP_ApplyCrlToDb, CSSM_TP_AUTHORITY_ID, CSSM_TP_AUTHORITY_REQUEST_TYPE, CSSM_TP_CALLERAUTH_CONTEXT, CSSM_TP_CERTCHANGE_ACTION, CSSM_TP_CERTCHANGE_INPUT, CSSM_TP_CERTCHANGE_OUTPUT, CSSM_TP_CERTCHANGE_REASON, CSSM_TP_CERTCHANGE_STATUS, CSSM_TP_CertCreateTemplate, CSSM_TP_CertGetAllTemplateFields, CSSM_TP_CertGroupConstruct, CSSM_TP_CertGroupPrune, CSSM_TP_CertGroupToTupleGroup, CSSM_TP_CertGroupVerify, CSSM_TP_CERTISSUE_INPUT, CSSM_TP_CERTISSUE_OUTPUT, CSSM_TP_CERTISSUE_STATUS, CSSM_TP_CERTNOTARIZE_INPUT, CSSM_TP_CERTNOTARIZE_OUTPUT, CSSM_TP_CERTNOTARIZE_STATUS, CSSM_TP_CertReclaimAbort, CSSM_TP_CERTRECLAIM_INPUT, CSSM_TP_CertReclaimKey, CSSM_TP_CERTRECLAIM_OUTPUT, CSSM_TP_CERTRECLAIM_STATUS, CSSM_TP_CertRemoveFromCrlTemplate, CSSM_TP_CertRevoke, CSSM_TP_CertSign, CSSM_TP_CERTVERIFY_INPUT, CSSM_TP_CERTVERIFY_OUTPUT, CSSM_TP_CERTVERIFY_STATUS, CSSM_TP_ConfirmCredResult, CSSM_TP_CONFIRM_RESPONSE, CSSM_TP_CONFIRM_STATUS, CSSM_TP_CrlCreateTemplate, CSSM_TP_CRLISSUE_INPUT, CSSM_TP_CRLISSUE_OUTPUT, CSSM_TP_CRLISSUE_STATUS, CSSM_TP_CrlSign, CSSM_TP_CrlVerify, CSSM_TP_FormRequest, CSSM_TP_FormSubmit, CSSM_TP_FORM_TYPE, CSSM_TP_HANDLE, CSSM_TP_PassThrough, CSSM_TP_POLICYINFO, CSSM_TP_ReceiveConfirmation, CSSM_TP_REQUEST_SET, CSSM_TP_RESULT_SET, CSSM_TP_RetrieveCredResult, CSSM_TP_SERVICES, CSSM_TP_STOP_ON, CSSM_TP_SubmitCredRequest, CSSM_TP_TupleGroupToCertGroup, CSSM_TP_VERIFICATION_RESULTS_CALLBACK, CSSM_TP_VERIFY_CONTEXT, CSSM_TP_VERIFY_CONTEXT_RESULT, CSSM_TUPLE, CSSM_TUPLEGROUP, CSSM_Unintroduce, CSSM_UnwrapKey, CSSM_UnwrapKeyP, CSSM_UPCALLS, CSSM_UpdateContextAttributes, CSSM_VerifyData, CSSM_VerifyDataFinal, CSSM_VerifyDataInit, CSSM_VerifyDataUpdate, CSSM_VerifyDevice, CSSM_VerifyMac, CSSM_VerifyMacFinal, CSSM_VerifyMacInit, CSSM_VerifyMacUpdate, CSSM_VERSION, CSSM_WORDID_TYPE, CSSM_WRAP_KEY, CSSM_WrapKey, CSSM_WrapKeyP, CSSM_X509_ALGORITHM_IDENTIFIER, CSSM_X509EXT_BASICCONSTRAINTS, CSSM_X509EXT_DATA_FORMAT, CSSM_X509_EXTENSION, CSSM_X509_EXTENSIONS, CSSM_X509EXT_PAIR, CSSM_X509EXT_POLICYINFO, CSSM_X509EXT_POLICYQUALIFIERINFO, CSSM_X509EXT_POLICYQUALIFIERS, CSSM_X509EXT_TAGandVALUE, CSSM_X509_NAME, CSSM_X509_OPTION, CSSM_X509_RDN, CSSM_X509_REVOKED_CERT_ENTRY, CSSM_X509_REVOKED_CERT_LIST, CSSM_X509_SIGNATURE, CSSM_X509_SIGNED_CERTIFICATE, CSSM_X509_SIGNED_CRL, CSSM_X509_SUBJECT_PUBLIC_KEY_INFO, CSSM_X509_TBS_CERTIFICATE, CSSM_X509_TBS_CERTLIST, CSSM_X509_TIME, CSSM_X509_TYPE_VALUE_PAIR, CSSM_X509_VALIDITY, EISL Object Relationships and Life Cycle, Runtime Life Cycle of the Module, Certificate Life Cycle

d

Common Data Security Architecture (CDSA), Data Storage Library Modules (DLs), Common Data Security Architecture, Data Storage Library Registration, Data Storage Library API, Data Storage Library Modules, Common Data Security Architecture, Data Structures for Core Services, Returning Buffers of Data, Data Structures, Common Error Values for Specific Data Types, Data Structures, Data Structures, Data Structures, Data Storage Data Structures, DL Error Values for Specific Data Types, Data Storage Functions, Data Record Operations, Data Storage Library Services API, Common Error Codes for Specific Data Types, CSSM_API_MEMORY_FUNCS Data Structure, Common Data Security Architecture, Data Structure, Key Recovery in the Common Data Security Architecture, Data Structures, Types and Data Structure, Data Structures, Common Data Security Architecture, Dynamic Sources with no Associated Data, C Language Data Structures, Certificate OIDs and Certificate Data Structures, C Language Data Structures for X.509 CRLs, Associating CRL OIDs and CRL Data Structures, Data Structures, Common Data Security Architecture, Data Structure for Add-in Modules, Returning Buffers of Data, Data Structures, Data Structures, Data Structures, Data Structures, CSSM Data Storage Library Interface, Data Storage Library Overview, Data Storage Data Structures, Data Storage Library Operations, Data Store Operations, Data Record Operations, Data Storage Library Interface, Key Recovery in the Common Data Security Architecture, Data Structures, Common Data Security Architecture, Object Directory Database and the Object Relation, CDSA Directory Database, MDS Database Service APIs, Updating MDS Databases, Write-Access to MDS Databases, General Access Control over MDS Databases, Certificate validity date, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, Definition, MDS Schema Definition, Functionality Definition, Definition, Definition, Definition, Definition, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Certificate OID Definition, Signature OID Definition, Extension OID Definition, Programmatic Definition of Base Object Identifiers, Definition, Definition, Definition, Definition, Definition, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, Definitions, Direct, Delegated Authorization, Direct, Delegated Authorization, DeregisterDispatchTable, Error Values Derived from Common Error Codes, CSP Error Values Derived from Common Error Codes, TP Error Values Derived from Common Error Codes, AC Error Values Derived from Common Error Codes, CL Error Values Derived from Common Error Codes, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, Protocol for Detaching a Service Module, Application Developer View of a Multi-Service Add-In Module, Development of Product Standards, Diffie-Hellman Private Keys, Message digest, Digital Signatures, Digital certificate, Digital signature, Direct authorization, Direct, Delegated Authorization, Direct Authorization, Direct, Delegated Authorization, CSSM Module Directory Service (MDS) Interface, Object Directory Database and the Object Relation, CDSA Directory Database, Object Directory, CDSA Directory, MDS Name Space and Directory Structures, Module Directory Services APIs, Dispatching Application Calls for Security Services, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, DL Primary Relation, DL Encapsulated Products Relation, DL_Authenticate, DL_ChangeDbAcl, DL_ChangeDbOwner, DL_CreateRelation, DL_DataAbortQuery, DL_DataDelete, DL_DataGetFirst, DL_DataGetFromUniqueRecordId, DL_DataGetNext, DL_DataInsert, DL_DataModify, DL_DbClose, DL_DbCreate, DL_DbDelete, DL_DbOpen, DL_DestroyRelation, DL_FreeNameList, DL_FreeUniqueRecord, DL_GetDbAcl, DL_GetDbNameFromHandle, DL_GetDbNames, DL_GetDbOwner, DL_PassThrough, Data Storage Library Modules (DLs), This Document, Referenced Documents, DSA Private Keys, Dublin Core, Transparent, Dynamic Attach, Dynamic Referent Objects with Verified Source, Dynamic Sources with no Associated Data, Transparent, Dynamic Attach

e

EISL Object Relationships and Life Cycle, EISL Functions, EISL_CheckAddressWithinModule, EISL_CheckDataAddressWithinModule, EISL_ContinueVerification, EISL_CopyCertificateChain, EISL_CreateCertificateAttributeEnumerator, EISL_CreateCertificateChain, EISL_CreateCertificateChainWithCertificate, EISL_CreateCertificateChainWithCredDataAndCert, EISL_CreateCertificateChainWithCredentialData, EISL_CreateManifestAttributeEnumerator, EISL_CreateManifestSectionAttributeEnumerator, EISL_CreateManifestSectionEnumerator, EISL_CreateSignatureAttributeEnumerator, EISL_CreateSignerInfoAttributeEnumerator, EISL_CreateVerifiedSignatureRoot, EISL_CreateVerifiedSignatureRootWithCertificate, EISL_CreateVerifiedSignatureRootWithCredentialData, EISL_CreateVerifiedSigRootWithCredDataAndCert, EISL_DuplicateVerifiedModulePtr, EISL_FindCertificateAttribute, EISL_FindManifestAttribute, EISL_FindManifestSection, EISL_FindManifestSectionAttribute, EISL_FindSignatureAttribute, EISL_FindSignerInfoAttribute, EISL_GetCertficateChain, EISL_GetLibHandle, EISL_GetManifestSignatureRoot, EISL_GetModuleManifestSection, EISL_GetNextAttribute, EISL_GetNextCertificateAttribute, EISL_GetNextManifestSection, EISL_GetNextManifestSectionAttribute, EISL_GetNextSignatureAttribute, EISL_GetReturnAddress, EISL_LocateProcedureAddress, EISL_RecycleAttributeEnumerator, EISL_RecycleCertificateAttributeEnumerator, EISL_RecycleManifestSectionAttributeEnumerator, EISL_RecycleManifestSectionEnumerator, EISL_RecycleSignatureAttributeEnumerator, EISL_RecycleVerifiedCertificateChain, EISL_RecycleVerifiedModuleCredentials, EISL_RecycleVerifiedSignatureRoot, EISL_SelfCheck, EISL_VerifyAndLoadModule, EISL_VerifyAndLoadModuleAndCredDataWithCert, EISL_VerifyAndLoadModuleAndCredentialData, EISL_VerifyAndLoadModuleAndCredentials, EISL_VerifyAndLoadModuleAndCredentialsWithCert, EISL_VerifyLoadedModule, EISL_VerifyLoadedModuleAndCredDataWithCert, EISL_VerifyLoadedModuleAndCredentialData, EISL_VerifyLoadedModuleAndCredentials, EISL_VerifyLoadedModuleAndCredentialsWithCert, Elective Module Managers, CSSM Elective Module Manager, Overview of Elective Module Managers, Installing an Elective Module Manager, Loading an Elective Module Manager, Administration of Elective Module Managers, Elective Module Manager Functions, Elective Module Manager Operations, Secure Electronic Transaction (SET), CDSA Embedded Integrity Services Library API, Why an Embedded Library?, Signed Objects Whose Signature Blocks are Embedded, Embedded or Nested Referent Objects, EMM Module Management Functions, EMM Relation, Primary EMM Service Provider Relation, CSSM Service Functions used by an EMM, Key Recovery Enablement Operations, Key Recovery Enablement in CSSM, Key Recovery Enablement Operations, Key Recovery Enablement Operations, Key Recovery Enablement Operations, Key Recovery Enablement Operations, CSP Encapsulated Products Relation, DL Encapsulated Products Relation, CL Encapsulated Products Relation, TP Encapsulated Products Relation, Encrypt-only Signatures, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, Error Codes and Error Value Enumeration, Integrity of the CSSM Environment, Error Values Derived from Common Error Codes, CSSM Module-Specific Error Values, Common Error Return Codes, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Common TP Error Values, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, AC Error Values, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, CL Error Values, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, Error Codes and Error Values, Error Values and Error Codes Scheme, Configurable CSSM Error Code Constants, CSSM Error Code Constants, General Error Values, Common Error Codes For All Module Types, Common Error Codes for ACLs, Common Error Codes for Specific Data Types, Error Codes and Error Value Enumeration, CSSM Error Handling, Error Handling, Error Return Codes, Error Return Codes, Error Return Codes, Phase I. Establishing a Foothold: Self-Check, Authorization Evaluation Services, Security-relevant event, EventNotifyManager, Example Authorization Request, An Example Application Using Key Recovery APIs, Example Authorization Request, Examples:, Manifest Examples, Signing Information Examples, Module-Granted Use Exemptions, Module-Granted Use Exemptions, Extending Trust, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extension OID Definition, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Extensions to the Cryptographic Module Manager, Extensions to the JavaSoft/Netscape Specification

f

CSP Form Factor, Certificate Library Service Provider X.509 Field OIDs, Lifetime of Key Recovery Fields, Object Identifiers for Fields, Object Identifiers for Fields, Lifetime of Key Recovery Fields, File Permissions, PKWARE Archive File Format Specification, File-Based Representation of Signed Manifests, Phase II. Finding our Friends: Bilateral Authentication, MAGIC-A Flagging Mechanism, Phase I. Establishing a Foothold: Self-Check, Foreign Language Support-Multiple Hash Values, CSP Form Factor, Credential Format Options, Requesting Format Types, Format Specification, Format Specification, PKWARE Archive File Format Specification, Interoperable Format Specifications for X.509, Credential Format Options, Key Formats for Public Key-Based Algorithms, Key Formats, Formats, Key Formats for Public Key-Based Algorithms, Phase II. Finding our Friends: Bilateral Authentication, Frontmatter, Functionality Definition, Core Functions, Module Management Functions, EMM Module Management Functions, Utility Functions, Miscellaneous Functions, Extensibility Functions, Local Application-Domain-Specific Trust Policy Functions, Group Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Data Storage Functions, Extensibility Functions, Application Memory Functions, Extensibility Functions, Extensibility Functions, EISL Functions, Elective Module Manager Functions, CSSM Service Functions used by an EMM, Add-In Module Interface Functions, Miscellaneous Functions, Extensibility Functions, Module Management Functions, Local Application-Domain-Specific TP Functions, Group Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Extensibility Functions, Privileged Context Functions, Extensibility Functions, Extensibility Functions

g

General Module Management Services, General CSP Error Values, General DL Error Values, General Error Values, General Access Control over MDS Databases, Random number generators, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Glossary, Interoperability Goals, Pretty Good Privacy (PGP), The Open Group, Open Group Publications, Group Functions, Definitions for Open Group Application Record Types, Group Functions, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs)

h

CSSM Error Handling, Error Handling, Foreign Language Support-Multiple Hash Values, Hash algorithm, Manifest Header Specification, Signing Information Header, High-Order Word, History, Signed Portion of an HTML Page, Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol (HTTP)

i

Phase I. Establishing a Foothold: Self-Check, N->S ID Certificate (I,N,S,-,-,V), NS ID Certificate <I,N,S,-,-,V>, Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Object Identifiers for X.509 V3 Certificates, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Service Module Requirements if USEE Tags are Supported, Phase II. Finding our Friends: Bilateral Authentication, Phase III. Secure Linkage Check, Ordering Information, Signing Information Header, Signer Information Sections, Signing Information Examples, Signer Information, Initialization and Cleanup, Initialize, MDS Installation and Access, MDS Installation APIs, MDS Installation, Module Installation, Installing an Elective Module Manager, Installing a Service Module, N->S ID Certificate (I,N,S,-,-,V), CSSM-Enforced Integrity Verification, Integrity Services, Integrity of the CSSM Environment, Using MDS in Integrity Verification Protocols, CDSA Embedded Integrity Services Library API, Integrity Credentials, Integrity Core, Integrity and Secure Linkage, Integrity Verification, Integrity Verification, Intended Audience, Application and Certificate Library Interaction, Interaction with CSSM, CSSM Module Directory Service (MDS) Interface, Add-In Module Interface Functions, CSSM Cryptographic Service Provider Interface, Service Provider Interface, CSSM Trust Policy Interface, Trust Policy Interface, CSSM Authorization Computation Interface, Authorization Computation Interface, CSSM Certificate Library Interface, Certificate Library Interface, CSSM Data Storage Library Interface, Data Storage Library Interface, CSSM Key Recovery Interface, Key Recovery Service Provider Interface, Interoperability Goals, Interoperable Format Specifications for X.509, X->N Attribute Certificate (I,-,S,D,X,V), X->S Authorization Certificate (I,-,S,D,X,V), ISL_CONST_DATA, ISL_DATA, ISL_FUNCTION_PTR, ISL_STATUS, Versions and Issues of Specifications, Issuing an Add-In Module Product Certificate, Iterator Objects

j

JAVA, Extensions to the JavaSoft/Netscape Specification

k

Key Formats for Public Key-Based Algorithms, CSP Key Error Values, Schema for DL Records of Type KEY, Key Formats, Key References, CSSM Key Recovery API, Key Recovery Types, Key Recovery Phases, Lifetime of Key Recovery Fields, Key Recovery Policy, Operational Scenarios for Key Recovery, Key Recovery Nomenclature, Key Recovery in the Common Data Security Architecture, Key Recovery Profiles, Key Recovery Context, Key Recovery Policy, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Key Recovery Module Manager, Key Recovery Enablement in CSSM, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, An Example Application Using Key Recovery APIs, Key Recovery MDS Relation, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery APIs, Key Formats for Public Key-Based Algorithms, CSSM Key Recovery Interface, Key Recovery Nomenclature, Key Recovery Types, Lifetime of Key Recovery Fields, Key Recovery Policy, Operational Scenarios for Key Recovery, Key Recovery Overview, Key Recovery in the Common Data Security Architecture, Key Recovery Phases, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery MDS Relation, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Service Provider Interface, Private key, Public key, Secret key, Session key, Key Formats for Public Key-Based Algorithms, Key Formats for Public Key-Based Algorithms, Cryptographic Sessions and Controlled Access to Keys, Plaintext Keys, Wrapped Keys, Diffie-Hellman Private Keys, DSA Private Keys, Cryptographic Sessions and Controlled Access to Keys, KR Primary Relation, KR Primary Relation, KRMM Relation, KRSP_GenerateRecoveryFields, KRSP_GetRecoveredObject, KRSP_PassPrivFunc, KRSP_PassThrough, KRSP_ProcessRecoveryFields, KRSP_RecoveryRequest, KRSP_RecoveryRequestAbort, KRSP_RecoveryRetrieve, KRSP_RegistrationRequest, KRSP_RegistrationRetrieve

l

Foreign Language Support-Multiple Hash Values, C Language Data Structures, C Language Data Structures for X.509 CRLs, Common Security Services Manager Layer, Security Add-In Modules Layer, Secure Sockets Layer (SSL), Layered Security Services, Leaf Certificate, Legacy CSPs, Certificate Library Modules (CLs), Data Storage Library Modules (DLs), Multi-Service Library Module, Certificate Library API, Certificate Library Modules, Data Storage Library Registration, Data Storage Library API, Data Storage Library Modules, Application and Certificate Library Interaction, Certificate Library Services API, Data Storage Library Services API, CDSA Embedded Integrity Services Library API, Why an Embedded Library?, Using Library Services, CDSA OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, OIDs for X.509 Certificate Library Modules, CSSM Certificate Library Interface, Certificate Library Module, Certificate Library Interface, CSSM Data Storage Library Interface, Data Storage Library Overview, Data Storage Library Operations, Data Storage Library Interface, License Agreement for CDSA Specifications, EISL Object Relationships and Life Cycle, Runtime Life Cycle of the Module, Certificate Life Cycle, Runtime LifeCycle of the Service Provider Module, Lifetime of Key Recovery Fields, Lifetime of Key Recovery Fields, Phase III. Secure Linkage Check, Secure Linkage, Secure Linkage Services, Integrity and Secure Linkage, Certificate Revocation List Operations, Algorithm List, Certificate Revocation List Operations, OIDs for X.509 Certificate Revocation Lists, Loading an Elective Module Manager, Local Application-Domain-Specific Trust Policy Functions, Local Application-Domain-Specific TP Functions, Location of Modules and Credentials, Resources that Transform Locations, The Logic of Authorization, The Logic of Authorization, Low-Order Word, NS ID Certificate &lt;I,N,S,-,-,V>;, XN Attribute Certificate &lt;I,-,S,D,X,V>;, XS Authorization Certificate &lt;I,-,S,D,X,V>;, XN ACL &lt;-,-,S,D,X,->;, XS ACL &lt;-,-,S,D,X,->;

m

MAGIC-A Flagging Mechanism, General Module Management Services, Module Management Services, Memory Management Support, Module Management Functions, EMM Module Management Functions, Buffer Management for Cryptographic Services, Definitions for Schema Management Record Types, Module Management Operations, Key Recovery Module Management Operations, Memory Management Upcalls, Buffer Management for Cryptographic Services, Module Management Functions, Common Security Services Manager Layer, Common Security Services Manager, Common Security Services Manager (CSSM), Extensions to the Cryptographic Module Manager, Key Recovery Module Manager, CSSM Elective Module Manager, Module Manager Credentials, Installing an Elective Module Manager, Loading an Elective Module Manager, Elective Module Manager Functions, Elective Module Manager Operations, Common Security Services Manager, Registering Module Managers, State Sharing Among Module Managers, Elective Module Managers, Basic Module Managers, Registering Module Managers, State Sharing Among Module Managers, Overview of Elective Module Managers, Administration of Elective Module Managers, Manifest Attributes for MDS Access Control Privileges, Manifest Section Object, Manifest Section Object Methods, CDSA Signed Manifest, Manifest Header Specification, Manifest Sections, Manifest Examples, The Manifest, Verifying the Manifest, Verifying Referents in the Manifest, Signed Manifests, File-Based Representation of Signed Manifests, Nested Manifests, Signed Manifests, Signed Manifests-Examples, Signed Manifests-Requirements, Signed Manifests-The Architecture, Signed Manifests-Verifying Signatures, Obtaining an Add-In Module Manufacturing Certificate, Manufacturing Add-In Modules, Manufacturing an Add-In Module, CSSM Module Directory Service (MDS) Interface, MDS in CDSA, MDS Installation and Access, Using MDS in Integrity Verification Protocols, MDS Schema Relation, MDS Schema Definition, MDS Name Space, MDS Meta-Data Names, MDS Name Space and Directory Structures, MDS Context APIs, MDS Installation APIs, MDS Database Service APIs, Updating MDS Schema, Updating MDS Databases, Manifest Attributes for MDS Access Control Privileges, Write-Access to MDS Databases, MDS Installation, General Access Control over MDS Databases, MDS Administration, Key Recovery MDS Relation, Key Recovery MDS Relation, MDS_DB_HANDLE, MDS_FUNC, MDS_HANDLE, MDS_Initialize, MDS_Install, MDS_Terminate, MDS_Uninstall, MAGIC-A Flagging Mechanism, Memory Management Support, Application Memory Functions, Memory Management Upcalls, Message digest, MDS Meta-Data Names, Metadata, Ordering Metadata Values, Metadata, Meta-information, Signature Root Methods, Certificate Chain Methods, Certificate Attribute Methods, Manifest Section Object Methods, Secure MIME (S/MIME), Miscellaneous Functions, Miscellaneous Functions, The Threat Model, Multi-User Access Model, Multi-Service Library Module, General Module Management Services, Registering Module Managers, State Sharing Among Module Managers, Elective Module Managers, Basic Module Managers, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, Module Management Services, Service Module Requirements if USEE Tags are Supported, Module Management Functions, EMM Module Management Functions, Common Error Values for All Module Types, Common Error Codes For All Module Types, CSSM Module Directory Service (MDS) Interface, Module Directory Services APIs, Extensions to the Cryptographic Module Manager, Key Recovery Module Manager, Module Management Operations, Key Recovery Module Management Operations, Verified Module Object, CSSM Elective Module Manager, Registering Module Managers, State Sharing Among Module Managers, Overview of Elective Module Managers, Module Manager Credentials, Installing an Elective Module Manager, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, Loading an Elective Module Manager, Administration of Elective Module Managers, Elective Module Manager Functions, Elective Module Manager Operations, Add-In Module Structure and Administration, Add-In Module Structure, Module Installation, Runtime LifeCycle of the Service Provider Module, Service Module Requirements for USEE Tags Support, Module Administration Components, Add-In Module Structure, Obtaining an Add-In Module Manufacturing Certificate, Issuing an Add-In Module Product Certificate, Manufacturing an Add-In Module, The Module Description, Installing a Service Module, Runtime Life Cycle of the Module, Attaching a Service Module, Add-In Module Administration, Add-In Module Interface Functions, CDSA Add-In Module Overview, Module Management Functions, CDSA Add-In Module Overview, CDSA Add-In Module Overview, CSSM Add-In Module Overview, Certificate Library Module, CDSA Add-In Module Overview, CDSA Add-In Module Overview, Module-Granted Use Exemptions, Module-Granted Use Exemptions, ModuleManagerAuthenticate, Trust Policy Modules (TPs), Certificate Library Modules (CLs), Data Storage Library Modules (DLs), Authorization Computation Modules (ACs), Security Add-In Modules Layer, Cryptographic Service Provider Modules, Trust Policy Modules, Authorization Computation Modules, Certificate Library Modules, Data Storage Library Modules, Multi-Service Modules, Modules Control Access to Objects, Location of Modules and Credentials, Verification of Modules and their Credentials, CDSA OIDs for Certificate Library Modules, OIDs for X.509 Certificate Library Modules, Manufacturing Add-In Modules, Modules Control Access to Objects, Data Structure for Add-in Modules, CSSM Upcalls for Service Provider Modules, Using Trust Policy Modules, CSSM Module-Specific Error Values, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, Multi-Service Library Module, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module, Multi-Service Modules, Multi-User Access Model

n

Authorization via Names, MDS Meta-Data Names, Authorization via Names, Core Set of Name:Value Pairs, Nested Manifests, Embedded or Nested Referent Objects, N->S ID Certificate (I,N,S,-,-,V), Dynamic Sources with no Associated Data, Key Recovery Nomenclature, Key Recovery Nomenclature, Nonce, NS ID Certificate <I,N,S,-,-,V>, Random number generators

o

Object Directory Database and the Object Relation, Object Directory, Verified Signature Root Object, Verified Certificate Chain Object, Verified Certificate Object, Manifest Section Object, Verified Module Object, EISL Object Relationships and Life Cycle, Object Pointers, Manifest Section Object Methods, Signed Objects Whose Signatures Serve to Carry the Object, Base of the Object Identifier Name Space, Programmatic Definition of Base Object Identifiers, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Object Identifiers for X.509 V3 Certificates, Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Object Identifiers for Fields, Modules Control Access to Objects, Iterator Objects, Static Referent Objects, Dynamic Referent Objects with Verified Source, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Embedded or Nested Referent Objects, Modules Control Access to Objects, Obtaining an Add-In Module Manufacturing Certificate, Certificate OID Definition, Signature OID Definition, Extension OID Definition, CDSA OIDs for Certificate Library Modules, Certificate Library Service Provider X.509 Field OIDs, Certificate OIDs and Certificate Data Structures, OIDs for X.509 Certificate Library Modules, CRL OIDs, CRL Entry (CRL CertList) OIDs, CRL Entry (CRL CertList) Extension OIDs, CRL Extension OIDs, Associating CRL OIDs and CRL Data Structures, OIDs for X.509 Certificate Revocation Lists, The Open Group, Open Group Publications, Definitions for Open Group Application Record Types, Operational Scenarios for Key Recovery, Operational Scenarios, Operational Scenarios for Key Recovery, Cryptographic Context Operations, Cryptographic Operations, Trust Policy Operations, Authorization Computation Operations, Operations on Certificates, Certificate Operations, Certificate Revocation List Operations, Data Record Operations, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Elective Module Manager Operations, Cryptographic Operations, Trust Policy Operations, Authorization Computation Operations, Certificate Operations, Certificate Revocation List Operations, Categories of Operations, Data Storage Library Operations, Data Store Operations, Data Record Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Privileged Context Operations, PVC Policy Configuration Options, Credential Format Options, Credential Format Options, Ordering Information, Ordering Metadata Values, Phase II. Finding our Friends: Bilateral Authentication, General Access Control over MDS Databases, Architectural Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, Overview, API Overview, Overview, Overview, Overview of Elective Module Managers, CDSA Add-In Module Overview, Cryptographic Service Provider Overview, Overview, CDSA Add-In Module Overview, Trust Policy Overview, Overview, CDSA Add-In Module Overview, Authorization Computation Overview, CSSM Add-In Module Overview, Overview, Overview, CDSA Add-In Module Overview, Data Storage Library Overview, Overview, CDSA Add-In Module Overview, Key Recovery Overview, Overview, Owned certificate, Resource Owner, Resource Owner

p

Signed Portion of an HTML Page, Core Set of Name:Value Pairs, Part 1, Authentication as Part of Access Control, Authorization as Part of Access Control, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9, Authentication as Part of Access Control, Authorization as Part of Access Control, Part 10, Part 11, Part 12, Part 13, Part 14, Part 15, File Permissions, Pretty Good Privacy (PGP), Phase I. Establishing a Foothold: Self-Check, Phase II. Finding our Friends: Bilateral Authentication, Phase III. Secure Linkage Check, A Phased Approach, Key Recovery Phases, Key Recovery Phases, ASN.1 Structures for PKCS #8 Wrapping, PKWARE Archive File Format Specification, Plaintext Keys, Object Pointers, Trust Policy Modules (TPs), Trust Policy Services API, Trust Policy Modules, PVC Policy Configuration Options, Trust Policy Operations, Local Application-Domain-Specific Trust Policy Functions, Trust Policy Services API, Key Recovery Policy, Key Recovery Policy, CSSM Trust Policy Interface, Using Trust Policy Modules, Trust Policy Overview, Trust Policy Operations, Trust Policy Interface, Key Recovery Policy, PolicyMaker, TP Policy-OIDS Relation, Signed Portion of an HTML Page, Preface, Pretty Good Privacy (PGP), Primary EMM Service Provider Relation, CSP Primary Relation, DL Primary Relation, CL Primary Relation, TP Primary Relation, AC Primary Relation, KR Primary Relation, KR Primary Relation, Pretty Good Privacy (PGP), Diffie-Hellman Private Keys, DSA Private Keys, Private key, Application Privilege, Privileged Application, Privileged Context Functions, Privileged Context Operations, CDSA and Privileges, CDSA and USEE Privileges, Manifest Attributes for MDS Access Control Privileges, Problem Statement, The Authorization Reduction Process, The Authorization Reduction Process, Development of Product Standards, Issuing an Add-In Module Product Certificate, CSP Encapsulated Products Relation, DL Encapsulated Products Relation, CL Encapsulated Products Relation, TP Encapsulated Products Relation, Key Recovery Profiles, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Programmatic Definition of Base Object Identifiers, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, Hypertext Transfer Protocol (HTTP), Using MDS in Integrity Verification Protocols, Cryptographic Service Provider Registration, Cryptographic Service Provider Modules, Service Provider View of a Multi-Service Add-In Module, Cryptographic Service Provider Behavior, Primary EMM Service Provider Relation, Certificate Library Service Provider X.509 Field OIDs, Runtime LifeCycle of the Service Provider Module, CSSM Upcalls for Service Provider Modules, CSSM Cryptographic Service Provider Interface, Cryptographic Service Provider Overview, Service Provider Interface, Key Recovery Service Provider Interface, Cryptographic Service Providers (CSPs), Cryptographic Service Providers (CSPs), Provider-specific Services, Key Formats for Public Key-Based Algorithms, Key Formats for Public Key-Based Algorithms, Public key, Open Group Publications, PVC Policy Configuration Options

q

Stock Quote Service

r

Random number generators, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, Data Record Operations, Data Record Operations, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, CSSM Key Recovery API, Key Recovery Types, Key Recovery Phases, Lifetime of Key Recovery Fields, Key Recovery Policy, Operational Scenarios for Key Recovery, Key Recovery Nomenclature, Key Recovery in the Common Data Security Architecture, Key Recovery Profiles, Key Recovery Context, Key Recovery Policy, Key Recovery Enablement Operations, Key Recovery Registration and Request Operations, Key Recovery Module Manager, Key Recovery Enablement in CSSM, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, An Example Application Using Key Recovery APIs, Key Recovery MDS Relation, Key Recovery Module Management Operations, Key Recovery Context Operations, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery APIs, CSSM Key Recovery Interface, Key Recovery Nomenclature, Key Recovery Types, Lifetime of Key Recovery Fields, Key Recovery Policy, Operational Scenarios for Key Recovery, Key Recovery Overview, Key Recovery in the Common Data Security Architecture, Key Recovery Phases, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery MDS Relation, Key Recovery Registration Operations, Key Recovery Enablement Operations, Key Recovery Request Operations, Key Recovery Service Provider Interface, The Authorization Reduction Process, The Authorization Reduction Process, Referenced Documents, Key References, Static Referent Objects, Dynamic Referent Objects with Verified Source, Embedded or Nested Referent Objects, Verifying Referents in the Manifest, RefreshFunctionTable, RegisterDispatchTable, Registering Module Managers, Registering Module Managers, Cryptographic Service Provider Registration, Data Storage Library Registration, Key Recovery Registration and Request Operations, Key Recovery Registration Operations, Key Recovery Registration Operations, Key Recovery Registration Operations, Key Recovery Registration Operations, Object Directory Database and the Object Relation, CSSM Relation, KRMM Relation, EMM Relation, Primary EMM Service Provider Relation, Common Relation, CSP Primary Relation, CSP Capabilities Relation, CSP Encapsulated Products Relation, CSP SmartcardInfo Relation, DL Primary Relation, DL Encapsulated Products Relation, CL Primary Relation, CL Encapsulated Products Relation, TP Primary Relation, TP Policy-OIDS Relation, TP Encapsulated Products Relation, MDS Schema Relation, AC Primary Relation, KR Primary Relation, CDSA Relation Attributes, Key Recovery MDS Relation, KR Primary Relation, Key Recovery MDS Relation, EISL Object Relationships and Life Cycle, Representation Constraints, File-Based Representation of Signed Manifests, Example Authorization Request, Key Recovery Registration and Request Operations, Key Recovery Request Operations, Key Recovery Request Operations, Example Authorization Request, Key Recovery Request Operations, Key Recovery Request Operations, Requesting Format Types, Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, Resource Owner, Resource Owner, Resources that Transform Locations, Common Error Return Codes, Error Return Codes, Error Return Codes, Error Return Codes, Returning Buffers of Data, Returning Buffers of Data, Certificate Revocation List Operations, OIDs for X.509 Certificate Revocation Lists, Certificate Revocation List Operations, Verified Signature Root Object, Signature Root Methods, Root certificate, RSA, Combination Signatures with RSA, Runtime LifeCycle of the Service Provider Module, Runtime Life Cycle of the Module

s

Multiple CSSM Vendors Authenticating Same Application, Operational Scenarios for Key Recovery, Operational Scenarios, Operational Scenarios for Key Recovery, Definitions for Schema Management Record Types, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, MDS Schema Relation, MDS Schema Definition, Updating MDS Schema, Error Values and Error Codes Scheme, X->N ACL (-,-,S,D,X,-), X->S ACL (-,-,S,D,X,-), Secret key, Manifest Section Object, Manifest Section Object Methods, Manifest Sections, Signer Information Sections, Phase III. Secure Linkage Check, Secure Linkage, Secure Linkage Services, Integrity and Secure Linkage, Secure Electronic Transaction (SET), Secure MIME (S/MIME), Secure Sockets Layer (SSL), Common Data Security Architecture (CDSA), Layered Security Services, Common Security Services Manager Layer, Security Add-In Modules Layer, Common Data Security Architecture, Dispatching Application Calls for Security Services, Security Context Services, Common Security Services Manager, System Security Services, Common Security Services Manager (CSSM), Common Data Security Architecture, Common Data Security Architecture, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Data Security Architecture, Security Services, Key Recovery in the Common Data Security Architecture, Common Data Security Architecture, Common Security Services Manager, Security Context, Security-relevant event, Selecting CDSA Components, Phase I. Establishing a Foothold: Self-Check, Signed Objects Whose Signatures Serve to Carry the Object, Cryptographic Service Providers (CSPs), Cryptographic Service Provider Registration, Cryptographic Service Provider Modules, Service Provider View of a Multi-Service Add-In Module, Service Module Requirements if USEE Tags are Supported, Cryptographic Service Provider Behavior, CSSM Module Directory Service (MDS) Interface, Primary EMM Service Provider Relation, MDS Database Service APIs, Stock Quote Service, Certificate Library Service Provider X.509 Field OIDs, Protocol for Attaching a Service Module, Protocol for Detaching a Service Module, Protocol for Unloading a Service Module, CSSM Service Functions used by an EMM, Runtime LifeCycle of the Service Provider Module, Service Module Requirements for USEE Tags Support, Installing a Service Module, Attaching a Service Module, CSSM Upcalls for Service Provider Modules, CSSM Cryptographic Service Provider Interface, Cryptographic Service Provider Overview, Service Provider Interface, Key Recovery Service Provider Interface, Cryptographic Service Providers (CSPs), Layered Security Services, Common Security Services Manager Layer, General Module Management Services, Dispatching Application Calls for Security Services, Integrity Services, Security Context Services, Common Security Services Manager, Cryptographic Services API, Additional CSP Services, Trust Policy Services API, Authorization Evaluation Services, Provider-specific Services, Authorization Computation Services API, System Security Services, Common Security Services Manager (CSSM), Module Management Services, Data Structures for Core Services, Core Services API, Buffer Management for Cryptographic Services, Cryptographic Services API, Trust Policy Services API, Authorization Computation Services API, Certificate Library Services API, Data Storage Library Services API, Module Directory Services APIs, CDSA Embedded Integrity Services Library API, Using Library Services, Credential and Attribute Verification Services, Secure Linkage Services, Security Services, Buffer Management for Cryptographic Services, Common Security Services Manager, Session key, Cryptographic Sessions and Controlled Access to Keys, Cryptographic Sessions and Controlled Access to Keys, Core Set of Name:Value Pairs, Secure Electronic Transaction (SET), State Sharing Among Module Managers, State Sharing Among Module Managers, Verified Signature Root Object, Signature Root Methods, Signature Blocks, Signed Objects Whose Signature Blocks are Embedded, Signature OID Definition, Digital signature, Signature, Signature chain, Combination Signatures, Encrypt-only Signatures, Digital Signatures, Combination Signatures with RSA, Signed Manifests-Verifying Signatures, Signed Objects Whose Signatures Serve to Carry the Object, CDSA Signed Manifest, Signed Manifests, Signed Manifests-Requirements, Signed Manifests-The Architecture, Signed Manifests-Verifying Signatures, File-Based Representation of Signed Manifests, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Signed Portion of an HTML Page, Signed Manifests-Examples, Signed Manifests, Signer Information Sections, Signer Information, Signing Information Header, Signing Information Examples, Certificate signing, CSP SmartcardInfo Relation, Secure MIME (S/MIME), Secure Sockets Layer (SSL), Dynamic Referent Objects with Verified Source, Dynamic Sources with no Associated Data, MDS Name Space, MDS Name Space and Directory Structures, Base of the Object Identifier Name Space, Common Error Values for Specific Data Types, DL Error Values for Specific Data Types, DL Specific Error Values, Common Error Codes for Specific Data Types, Manifest Header Specification, Format Specification, Format Specification, Extensions to the JavaSoft/Netscape Specification, PKWARE Archive File Format Specification, Versions and Issues of Specifications, License Agreement for CDSA Specifications, Use of Other Standards or Specifications, Interoperable Format Specifications for X.509, Secure Sockets Layer (SSL), CSP Staged Cryptographic API Error Values, Development of Product Standards, Use of Other Standards or Specifications, State Sharing Among Module Managers, State Sharing Among Module Managers, Problem Statement, Static Referent Objects, Stock Quote Service, Data Storage Library Modules (DLs), Data Storage Library Registration, Data Storage Library API, Data Storage Library Modules, Data Storage Data Structures, Data Storage Functions, Data Storage Library Services API, CSSM Data Storage Library Interface, Data Storage Library Overview, Data Storage Data Structures, Data Storage Library Operations, Data Storage Library Interface, Data Store Operations, CSSM_API_MEMORY_FUNCS Data Structure, Data Structure, Types and Data Structure, Add-In Module Structure and Administration, Add-In Module Structure, Add-In Module Structure, Data Structure for Add-in Modules, Data Structures for Core Services, Data Structures, Data Structures, Data Structures, Data Structures, Data Storage Data Structures, ASN.1 Structures for PKCS #8 Wrapping, MDS Name Space and Directory Structures, Data Structures, Data Structures, C Language Data Structures, Certificate OIDs and Certificate Data Structures, C Language Data Structures for X.509 CRLs, Associating CRL OIDs and CRL Data Structures, Data Structures, Data Structures, Data Structures, Data Structures, Data Structures, Data Storage Data Structures, Data Structures, Memory Management Support, Service Module Requirements for USEE Tags Support, Service Module Requirements if USEE Tags are Supported, Foreign Language Support-Multiple Hash Values, Symmetric algorithms, System Security Services

t

Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, Terminate, Terminology, Resources that Transform Locations, Verification of Modules and their Credentials, This Document, The Threat Model, Token, TP Error Values Derived from Common Error Codes, Common TP Error Values, TP Primary Relation, TP Policy-OIDS Relation, TP Encapsulated Products Relation, Local Application-Domain-Specific TP Functions, TP_ApplyCrlToDb, TP_CertCreateTemplate, TP_CertGetAllTemplateFields, TP_CertGroupConstruct, TP_CertGroupPrune, TP_CertGroupToTupleGroup, TP_CertGroupVerify, TP_CertReclaimAbort, TP_CertReclaimKey, TP_CertRemoveFromCrlTemplate, TP_CertRevoke, TP_CertSign, TP_ConfirmCredResult, TP_CrlCreateTemplate, TP_CrlSign, TP_CrlVerify, TP_FormRequest, TP_FormSubmit, TP_PassThrough, TP_ReceiveConfirmation, Trust Policy Modules (TPs), TP_SubmitCredRequest, TP_TupleGroupToCertGroup, Trademarks, Secure Electronic Transaction (SET), Hypertext Transfer Protocol (HTTP), Resources that Transform Locations, Transparent, Dynamic Attach, Transparent, Dynamic Attach, Trust Policy Modules (TPs), Trust Policy Services API, Trust Policy Modules, Trust Policy Operations, Local Application-Domain-Specific Trust Policy Functions, Trust Policy Services API, Extending Trust, CSSM Trust Policy Interface, Using Trust Policy Modules, Trust Policy Overview, Trust Policy Operations, Trust Policy Interface, Web of trust, Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT, Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL, Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY, Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC, Schema for DL Records of Type KEY, Common Error Values for All Module Types, Common Error Values for Specific Data Types, Definitions for Schema Management Record Types, Definitions for Open Group Application Record Types, DL Error Values for Specific Data Types, Common Error Codes For All Module Types, Common Error Codes for Specific Data Types, Requesting Format Types, Key Recovery Types, Types and Data Structure, Key Recovery Types

u

Global Unique Identifiers (GUIDs), Global Unique Identifiers (GUIDs), Protocol for Unloading a Service Module, Memory Management Upcalls, CSSM Upcalls for Service Provider Modules, Updating MDS Schema, Updating MDS Databases, Basic Algorithm Usage, Module-Granted Use Exemptions, Algorithm Use Abbreviations, Use of Other Standards or Specifications, Module-Granted Use Exemptions, CSSM Service Functions used by an EMM, CDSA and USEE Privileges, Service Module Requirements if USEE Tags are Supported, Service Module Requirements for USEE Tags Support, USEE, Using MDS in Integrity Verification Protocols, An Example Application Using Key Recovery APIs, Using Library Services, Using Trust Policy Modules, Utility Functions

v

Object Identifiers for X.509 V3 Certificates, Certificate validity date, Error Codes and Error Value Enumeration, Error Values Derived from Common Error Codes, CSSM Module-Specific Error Values, Common Error Values for All Module Types, Common ACL Error Values, Common Error Values for Specific Data Types, CSP Error Values Derived from Common Error Codes, General CSP Error Values, CSP Key Error Values, CSP Vector of Buffers Error Values, CSP Cryptographic Context Error Values, CSP Staged Cryptographic API Error Values, Other CSP Error Values, Error Codes and Error Values, TP Error Values Derived from Common Error Codes, Common TP Error Values, Error Codes and Error Values, AC Error Values Derived from Common Error Codes, AC Error Values, Error Codes and Error Values, CL Error Values Derived from Common Error Codes, CL Error Values, Error Codes and Error Values, DL Error Values Derived from Common Error Codes, DL Error Values Derived from ACL-based Error Codes, DL Error Values for Specific Data Types, General DL Error Values, DL Specific Error Values, Error Codes and Error Values, Error Values and Error Codes Scheme, General Error Values, Ordering Metadata Values, Foreign Language Support-Multiple Hash Values, Vector of Buffers, CSP Vector of Buffers Error Values, Vector of Buffers, Multiple CSSM Vendors Authenticating Same Application, Authenticating to Multiple CSSM Vendors, CSSM-Enforced Integrity Verification, Using MDS in Integrity Verification Protocols, Verification of Modules and their Credentials, Credential and Attribute Verification Services, Integrity Verification, Integrity Verification, Verification, Verified Signature Root Object, Verified Certificate Chain Object, Verified Certificate Object, Verified Module Object, Dynamic Referent Objects with Verified Source, Verifying Components, Verifying the Manifest, Verifying Referents in the Manifest, Versions and Issues of Specifications, Authorization via Name, Authorization via Names, Authorization via Name, Authorization via Names, Application Developer View of a Multi-Service Add-In Module, Service Provider View of a Multi-Service Add-In Module

w

Web of trust, Signed Objects Whose Signatures Serve to Carry the Object, Signed Objects Whose Signature Blocks are Embedded, Why an Embedded Library?, Low-Order Word, High-Order Word, Wrapped Keys, ASN.1 Structures for PKCS #8 Wrapping, Write-Access to MDS Databases

x

Certificate Library Service Provider X.509 Field OIDs, Interoperable Format Specifications for X.509, Object Identifiers for X.509 V3 Certificates, OIDs for X.509 Certificate Library Modules, C Language Data Structures for X.509 CRLs, OIDs for X.509 Certificate Revocation Lists, X->N ACL (-,-,S,D,X,-), X->N Attribute Certificate (I,-,S,D,X,V), X->S ACL (-,-,S,D,X,-), X->S Authorization Certificate (I,-,S,D,X,V), XN ACL <-,-,S,D,X,->, XN Attribute Certificate <I,-,S,D,X,V>, XS ACL <-,-,S,D,X,->, XS Authorization Certificate <I,-,S,D,X,V>


Click here to return to the publication details.