Common Security: CDSA and CSSM, Version 2
Copyright © 1999 The Open Group

---

Technical Standard
Common Security: CDSA and CSSM, Version 2
Document Number: C902
ISBN: 1-85912-236-1

• Frontmatter
  • Preface
    • The Open Group
    • Development of Product Standards
    • Open Group Publications
    • Versions and Issues of Specifications
    • Corrigenda
    • Ordering Information
    • This Document
    • Intended Audience
    • History
  • Trademarks
  • Acknowledgements
  • Referenced Documents
  • License Agreement for CDSA Specifications
• Part 1
  • Common Data Security Architecture (CDSA)
• Introduction
  • The Threat Model
  • Common Data Security Architecture
    • Architectural Assumptions
    • Architectural Overview
    • Layered Security Services
    • Common Security Services Manager Layer
    • Security Add-In Modules Layer
      • Cryptographic Service Providers (CSPs)
      • Trust Policy Modules (TPs)
      • Certificate Library Modules (CLs)
      • Data Storage Library Modules (DLs)
      • Authorization Computation Modules (ACs)
      • Multi-Service Library Module
  • Interoperability Goals
• Common Security Services Manager
  • Overview
  • General Module Management Services
  • Elective Module Managers
    • Transparent, Dynamic Attach
    • Registering Module Managers
    • State Sharing Among Module Managers
  • Basic Module Managers
  • Dispatching Application Calls for Security Services
  • Integrity Services
    • CSSM-Enforced Integrity Verification
  • Creating Checkable Components
    • Verifying Components
  • Security Context Services
• Cryptographic Service Provider Modules
  • CSP Form Factor
  • Legacy CSPs
  • Cryptographic Service Provider Registration
  • Cryptographic Services API
  • Additional CSP Services
• Trust Policy Modules
  • Overview
  • Trust Policy Services API
• Authorization Computation Modules
  • Overview
  • Authorization Computation Services API
    • Authorization Evaluation Services
    • Provider-specific Services
• Certificate Library Modules
  • Overview
  • Certificate Library API
• Data Storage Library Modules
  • Overview
  • Data Storage Library Registration
  • Data Storage Library API
• Multi-Service Modules
  • Overview
  • Application Developer View of a Multi-Service Add-In Module
  • Service Provider View of a Multi-Service Add-In Module
• Modules Control Access to Objects
  • Overview
  • Authentication as Part of Access Control
  • Authorization as Part of Access Control
  • Resource Owner
• System Security Services
• Part 2
  • Common Security Services Manager (CSSM)
• Introduction
  • Common Data Security Architecture
  • Selecting CDSA Components
• Core Services API
  • Overview
    • Module Management Services
    • Memory Management Support
    • Integrity of the CSSM Environment
    • CDSA and Privileges
    • CDSA and USEE Privileges
    • Module-Granted Use Exemptions
    • Service Module Requirements if USEE Tags are Supported
    • Application Privilege
    • Multiple CSSM Vendors Authenticating Same Application
  • Data Structures for Core Services
    • CSSM_BOOL
      • Definitions
    • CSSM_RETURN
      • Definitions
    • CSSM_STRING
    • CSSM_DATA
      • Definitions
    • CSSM_GUID
      • Definitions
    • CSSM_KEY_HIERARCHY
      • Definitions
    • CSSM_PVC_MODE
    • CSSM_PRIVILEGE_SCOPE
    • CSSM_VERSION
      • Definitions
      • Examples:
    • CSSM_SUBSERVICE_UID
      • Definitions
    • CSSM_HANDLE
    • CSSM_LONG_HANDLE
    • CSSM_MODULE_HANDLE
    • CSSM_MODULE_EVENT
    • CSSM_SERVICE_MASK
    • CSSM_SERVICE_TYPE
    • CSSM_API_ModuleEventHandler
      • Definitions
    • CSSM_ATTACH_FLAGS
      • Definitions
    • CSSM_PRIVILEGE
      • Low-Order Word
      • High-Order Word
      • Definitions
    • CSSM_NET_ADDRESS_TYPE
    • CSSM_NET_ADDRESS
    • CSSM_NET_PROTOCOL
    • CSSM_CALLBACK
      • Definitions
    • CSSM_CRYPTO_DATA
      • Definitions
    • CSSM_WORDID_TYPE
      • Definitions
    • CSSM_LIST_ELEMENT_TYPE
    • CSSM_LIST_TYPE
    • CSSM_LIST
      • Definitions
    • CSSM_LIST_ELEMENT
      • Definitions
    • CSSM_TUPLE
      • Definitions
    • CSSM_TUPLEGROUP
      • Definitions
    • CSSM_SAMPLE_TYPE
    • CSSM_SAMPLE
      • Definitions
    • CSSM_SAMPLEGROUP
      • Definitions
    • CSSM_CHALLENGE_CALLBACK
      • Definitions
    • CSSM_CERT_TYPE
    • CSSM_CERT_ENCODING
    • CSSM_ENCODED_CERT
      • Definition
    • CSSM_CERT_PARSE_FORMAT
    • CSSM_PARSED_CERT
      • Definition
    • CSSM_CERTPAIR
      • Definition
    • CSSM_CERTGROUP_TYPE
    • CSSM_CERTGROUP
      • Definition
    • CSSM_BASE_CERTS
      • Definitions
    • CSSM_ACCESS_CREDENTIALS
      • Definitions
    • CSSM_ACL_SUBJECT_TYPE
    • CSSM_ACL_AUTHORIZATION_TAG
    • CSSM_AUTHORIZATIONGROUP
      • Definitions
    • CSSM_ACL_VALIDITY_PERIOD
    • CSSM_ACL_ENTRY_PROTOTYPE
      • Definitions
    • CSSM_ACL_OWNER_PROTOTYPE
    • CSSM_ACL_SUBJECT_CALLBACK
      • Definitions
    • CSSM_ACL_ENTRY_INPUT
      • Definitions
    • CSSM_RESOURCE_CONTROL_CONTEXT
      • Definitions
    • CSSM_ACL_HANDLE
    • CSSM_ACL_ENTRY_INFO
      • Definitions
    • CSSM_ACL_EDIT_MODE
    • CSSM_ACL_EDIT
      • Definitions
    • CSSM_PROC_ADDR
    • CSSM_KR_POLICY_TYPE
    • CSSM_FUNC_NAME_ADDR
      • Definition
    • CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS
      • Definition
  • Common Error Return Codes
    • Error Values Derived from Common Error Codes
    • CSSM Module-Specific Error Values
  • Core Functions
  • CSSM_Init
  • CSSM_Terminate
  • Module Management Functions
  • CSSM_ModuleLoad
  • CSSM_ModuleUnload
  • CSSM_Introduce
  • CSSM_Unintroduce
  • CSSM_ModuleAttach
  • CSSM_ModuleDetach
  • CSSM_SetPrivilege
  • CSSM_GetPrivilege
  • CSSM_GetModuleGUIDFromHandle
  • CSSM_GetSubserviceUIDFromHandle
  • EMM Module Management Functions
  • CSSM_ListAttachedModuleManagers
  • Utility Functions
  • CSSM_GetAPIMemoryFunctions
• Cryptographic Services API
  • Overview
    • Key Formats for Public Key-Based Algorithms
    • Buffer Management for Cryptographic Services
      • Returning Buffers of Data
      • Vector of Buffers
  • Data Structures
    • CSSM_CC_HANDLE
    • CSSM_CSP_HANDLE
    • CSSM_DATE
      • Definition
    • CSSM_RANGE
      • Definition
    • CSSM_QUERY_SIZE_DATA
      • Definition
    • CSSM_HEADERVERSION
      • Definition
    • CSSM_KEY_SIZE
      • Definition
    • CSSM_KEYBLOB_TYPE
    • CSSM_KEYBLOB_FORMAT
    • CSSM_KEYCLASS
    • CSSM_KEYATTR_FLAGS
    • CSSM_KEYUSE
    • CSSM_KEYHEADER
      • Definition
    • CSSM_KEY
      • Definition
    • CSSM_WRAP_KEY
    • CSSM_CSP_TYPE
    • CSSM_CONTEXT_TYPE
    • CSSM Algorithms
    • CSSM_ATTRIBUTE_TYPE
    • CSSM_ENCRYPT_MODE
    • CSSM_PADDING
    • CSSM_KEY_TYPE
      • Definition
    • CSSM_CONTEXT_ATTRIBUTE
      • Definition
    • CSSM_CONTEXT
      • Definition
    • CSSM_SC_FLAGS
      • Definition
    • CSSM_CSP_READER_FLAGS
    • CSSM_CSP_FLAGS
      • Description
    • CSSM_PKCS_OAEP
    • CSSM_PKCS_OAEP_PARAMS
      • Definition
    • CSSM_CSP_OPERATIONAL_STATISTICS
      • Definition
    • CSSM_PBE_PARAMS
      • Definition
    • CSSM_KEA_DERIVE_PARAMS
      • Definition
  • Error Codes and Error Values
    • CSP Error Values Derived from Common Error Codes
      • Common Error Values for All Module Types
      • Common ACL Error Values
      • Common Error Values for Specific Data Types
    • General CSP Error Values
    • CSP Key Error Values
    • CSP Vector of Buffers Error Values
    • CSP Cryptographic Context Error Values
    • CSP Staged Cryptographic API Error Values
    • Other CSP Error Values
  • Cryptographic Context Operations
  • CSSM_CSP_CreateSignatureContext
  • CSSM_CSP_CreateSymmetricContext
  • CSSM_CSP_CreateDigestContext
  • CSSM_CSP_CreateMacContext
  • CSSM_CSP_CreateRandomGenContext
  • CSSM_CSP_CreateAsymmetricContext
  • CSSM_CSP_CreateDeriveKeyContext
  • CSSM_CSP_CreateKeyGenContext
  • CSSM_CSP_CreatePassThroughContext
  • CSSM_GetContext
  • CSSM_FreeContext
  • CSSM_SetContext
  • CSSM_DeleteContext
  • CSSM_GetContextAttribute
  • CSSM_UpdateContextAttributes
  • CSSM_DeleteContextAttributes
  • Cryptographic Sessions and Controlled Access to Keys
  • CSSM_CSP_Login
  • CSSM_CSP_Logout
  • CSSM_CSP_GetLoginAcl
  • CSSM_CSP_ChangeLoginAcl
  • CSSM_GetKeyAcl
  • CSSM_ChangeKeyAcl
  • CSSM_GetKeyOwner
  • CSSM_ChangeKeyOwner
  • CSSM_CSP_GetLoginOwner
  • CSSM_CSP_ChangeLoginOwner
  • Cryptographic Operations
  • CSSM_SignData
  • CSSM_SignDataInit
  • CSSM_SignDataUpdate
  • CSSM_SignDataFinal
  • CSSM_VerifyData
  • CSSM_VerifyDataInit
  • CSSM_VerifyDataUpdate
  • CSSM_VerifyDataFinal
  • CSSM_DigestData
  • CSSM_DigestDataInit
  • CSSM_DigestDataUpdate
  • CSSM_DigestDataClone
  • CSSM_DigestDataFinal
  • CSSM_GenerateMac
  • CSSM_GenerateMacInit
  • CSSM_GenerateMacUpdate
  • CSSM_GenerateMacFinal
  • CSSM_VerifyMac
  • CSSM_VerifyMacInit
  • CSSM_VerifyMacUpdate
  • CSSM_VerifyMacFinal
  • CSSM_QuerySize
  • CSSM_EncryptData
  • CSSM_EncryptDataP
  • CSSM_EncryptDataInit
  • CSSM_EncryptDataInitP
  • CSSM_EncryptDataUpdate
  • CSSM_EncryptDataFinal
  • CSSM_DecryptData
  • CSSM_DecryptDataP
  • CSSM_DecryptDataInit
  • CSSM_DecryptDataInitP
  • CSSM_DecryptDataUpdate
  • CSSM_DecryptDataFinal
  • CSSM_QueryKeySizeInBits
  • CSSM_GenerateKey
  • CSSM_GenerateKeyP
  • CSSM_GenerateKeyPair
  • CSSM_GenerateKeyPairP
  • CSSM_GenerateRandom
  • CSSM_CSP_ObtainPrivateKeyFromPublicKey
  • CSSM_WrapKey
  • CSSM_UnwrapKey
  • CSSM_WrapKeyP
  • CSSM_UnwrapKeyP
  • CSSM_DeriveKey
  • CSSM_FreeKey
  • CSSM_GenerateAlgorithmParams
  • Miscellaneous Functions
  • CSSM_CSP_GetOperationalStatistics
  • CSSM_GetTimeValue
  • CSSM_RetrieveUniqueId
  • CSSM_RetrieveCounter
  • CSSM_VerifyDevice
  • Extensibility Functions
  • CSSM_CSP_PassThrough
• Trust Policy Services API
  • Overview
  • Data Structures
    • CSSM_TP_HANDLE
    • CSSM_TP_AUTHORITY_ID
      • Definitions
    • CSSM_TP_AUTHORITY_REQUEST_TYPE
    • CSSM_TP_VERIFICATION_RESULTS_CALLBACK
      • Definitions
    • CSSM_TP_POLICYINFO
      • Definitions
    • CSSM_TP_SERVICES
    • CSSM_TP_ACTION
    • CSSM_TP_STOP_ON
    • CSSM_TIMESTRING
    • CSSM_TP_CALLERAUTH_CONTEXT
      • Definitions
    • CSSM_CRL_PARSE_FORMAT
    • CSSM_PARSED_CRL
      • Definitions
    • CSSM_CRL_PAIR
      • Definitions
    • CSSM_CRLGROUP_TYPE
    • CSSM_CRLGROUP
      • Definitions
    • CSSM_FIELDGROUP
      • Definitions
    • CSSM_EVIDENCE_FORM
    • CSSM_EVIDENCE
      • Definitions
    • CSSM_TP_VERIFY_CONTEXT
      • Definitions
    • CSSM_TP_VERIFY_CONTEXT_RESULT
      • Definitions
    • CSSM_TP_REQUEST_SET
      • Definitions
    • CSSM_TP_RESULT_SET
      • Definitions
    • CSSM_TP_CONFIRM_STATUS
    • CSSM_TP_CONFIRM_RESPONSE
      • Definitions
    • CSSM_ESTIMATED_TIME_UNKNOWN
    • CSSM_ELAPSED_TIME_UNKNOWN
    • CSSM_ELAPSED_TIME_COMPLETE
    • CSSM_TP_CERTISSUE_INPUT
      • Definitions
    • CSSM_TP_CERTISSUE_STATUS
    • CSSM_TP_CERTISSUE_OUTPUT
      • Definitions
    • CSSM_TP_CERTCHANGE_ACTION
    • CSSM_TP_CERTCHANGE_REASON
    • CSSM_TP_CERTCHANGE_INPUT
      • Definitions
    • CSSM_TP_CERTCHANGE_STATUS
    • CSSM_TP_CERTCHANGE_OUTPUT
      • Definitions
    • CSSM_TP_CERTVERIFY_INPUT
      • Definitions
    • CSSM_TP_CERTVERIFY_STATUS
    • CSSM_TP_CERTVERIFY_OUTPUT
      • Definitions
    • CSSM_TP_CERTNOTARIZE_INPUT
      • Definitions
    • CSSM_TP_CERTNOTARIZE_STATUS
    • CSSM_TP_CERTNOTARIZE_OUTPUT
      • Definitions
    • CSSM_TP_CERTRECLAIM_INPUT
      • Definitions
    • CSSM_TP_CERTRECLAIM_STATUS
    • CSSM_TP_CERTRECLAIM_OUTPUT
      • Definitions
    • CSSM_TP_CRLISSUE_INPUT
      • Definitions
    • CSSM_TP_CRLISSUE_STATUS
    • CSSM_TP_CRLISSUE_OUTPUT
      • Definitions
    • CSSM_TP_FORM_TYPE
  • Error Codes and Error Values
    • TP Error Values Derived from Common Error Codes
    • Common TP Error Values
  • Trust Policy Operations
  • CSSM_TP_SubmitCredRequest
  • CSSM_TP_RetrieveCredResult
  • CSSM_TP_ConfirmCredResult
  • CSSM_TP_ReceiveConfirmation
  • CSSM_TP_CertReclaimKey
  • CSSM_TP_CertReclaimAbort
  • CSSM_TP_FormRequest
  • CSSM_TP_FormSubmit
  • Local Application-Domain-Specific Trust Policy Functions
  • CSSM_TP_CertGroupVerify
  • CSSM_TP_CertCreateTemplate
  • CSSM_TP_CertGetAllTemplateFields
  • CSSM_TP_CertSign
  • CSSM_TP_CrlVerify
  • CSSM_TP_CrlCreateTemplate
  • CSSM_TP_CertRevoke
  • CSSM_TP_CertRemoveFromCrlTemplate
  • CSSM_TP_CrlSign
  • CSSM_TP_ApplyCrlToDb
  • Group Functions
  • CSSM_TP_CertGroupConstruct
  • CSSM_TP_CertGroupPrune
  • CSSM_TP_CertGroupToTupleGroup
  • CSSM_TP_TupleGroupToCertGroup
  • Extensibility Functions
  • CSSM_TP_PassThrough
• Authorization Computation Services API
  • Overview
    • Classes of Certificates and Other Credentials
      • Direct authorization
      • Authorization via Name
    • Credential Format Options
      • X->N ACL (-,-,S,D,X,-)
      • X->N Attribute Certificate (I,-,S,D,X,V)
      • N->S ID Certificate (I,N,S,-,-,V)
      • X->S ACL (-,-,S,D,X,-)
      • X->S Authorization Certificate (I,-,S,D,X,V)
    • The Logic of Authorization
      • Direct, Delegated Authorization
      • Authorization via Names
    • The Authorization Reduction Process
    • Example Authorization Request
  • Data Structures
    • CSSM_AC_HANDLE
  • Error Codes and Error Values
    • AC Error Values Derived from Common Error Codes
    • AC Error Values
  • Authorization Computation Operations
  • CSSM_AC_AuthCompute
  • Extensibility Functions
  • CSSM_AC_PassThrough
• Certificate Library Services API
  • Overview
    • Application and Certificate Library Interaction
    • Operations on Certificates
  • Data Structures
    • CSSM_CL_HANDLE
    • CSSM_CL_TEMPLATE_TYPE
    • CSSM_CERT_BUNDLE_TYPE
    • CSSM_CERT_BUNDLE_ENCODING
    • CSSM_CERT_BUNDLE_HEADER
      • Definition
    • CSSM_CERT_BUNDLE
      • Definition
    • CSSM_OID
    • CSSM_CRL_TYPE
    • CSSM_CRL_ENCODING
    • CSSM_ENCODED_CRL
      • Definition
    • CSSM_FIELD
      • Definition
    • CSSM_FIELDVALUE_COMPLEX_DATA_TYPE
  • Error Codes and Error Values
    • CL Error Values Derived from Common Error Codes
    • CL Error Values
  • Certificate Operations
  • CSSM_CL_CertCreateTemplate
  • CSSM_CL_CertGetAllTemplateFields
  • CSSM_CL_CertSign
  • CSSM_CL_CertVerify
  • CSSM_CL_CertVerifyWithKey
  • CSSM_CL_CertGetFirstFieldValue
  • CSSM_CL_CertGetNextFieldValue
  • CSSM_CL_CertAbortQuery
  • CSSM_CL_CertGetKeyInfo
  • CSSM_CL_CertGetAllFields
  • CSSM_CL_FreeFields
  • CSSM_CL_FreeFieldValue
  • CSSM_CL_CertCache
  • CSSM_CL_CertGetFirstCachedFieldValue
  • CSSM_CL_CertGetNextCachedFieldValue
  • CSSM_CL_CertAbortCache
  • CSSM_CL_CertGroupToSignedBundle
  • CSSM_CL_CertGroupFromVerifiedBundle
  • CSSM_CL_CertDescribeFormat
  • Certificate Revocation List Operations
  • CSSM_CL_CrlCreateTemplate
  • CSSM_CL_CrlSetFields
  • CSSM_CL_CrlAddCert
  • CSSM_CL_CrlRemoveCert
  • CSSM_CL_CrlSign
  • CSSM_CL_CrlVerify
  • CSSM_CL_CrlVerifyWithKey
  • CSSM_CL_IsCertInCrl
  • CSSM_CL_CrlGetFirstFieldValue
  • CSSM_CL_CrlGetNextFieldValue
  • CSSM_CL_CrlAbortQuery
  • CSSM_CL_CrlGetAllFields
  • CSSM_CL_CrlCache
  • CSSM_CL_IsCertInCachedCrl
  • CSSM_CL_CrlGetFirstCachedFieldValue
  • CSSM_CL_CrlGetNextCachedFieldValue
  • CSSM_CL_CrlGetAllCachedRecordFields
  • CSSM_CL_CrlAbortCache
  • CSSM_CL_CrlDescribeFormat
  • Extensibility Functions
  • CSSM_CL_PassThrough
• Data Storage Library Services API
  • Overview
  • Data Storage Data Structures
    • CSSM_DL_HANDLE
    • CSSM_DB_HANDLE
    • CSSM_DL_DB_HANDLE
      • Definition
    • CSSM_DL_DB_LIST
      • Definition
    • CSSM_DB_ATTRIBUTE_NAME_FORMAT
    • CSSM_DB_ATTRIBUTE_FORMAT
      • Definitions
    • CSSM_DB_ATTRIBUTE_INFO
      • Definition
    • CSSM_DB_ATTRIBUTE_DATA
      • Definition
    • CSSM_DB_RECORDTYPE
      • Definitions for Schema Management Record Types
      • Definitions for Open Group Application Record Types
      • Schema for DL Records of Type CSSM_DL_DB_RECORD_CERT
      • Schema for DL Records of Type CSSM_DL_DB_RECORD_CRL
      • Schema for DL Records of Type CSSM_DL_DB_RECORD_POLICY
      • Schema for DL Records of Type CSSM_DL_DB_RECORD_GENERIC
      • Schema for DL Records of Type KEY
    • CSSM_DB_CERTRECORD_SEMANTICS
    • CSSM_DB_RECORD_ATTRIBUTE_INFO
      • Definition
    • CSSM_DB_RECORD_ATTRIBUTE_DATA
      • Definition
    • CSSM_DB_PARSING_MODULE_INFO
      • Definition
    • CSSM_DB_INDEX_TYPE
    • CSSM_DB_INDEXED_DATA_LOCATION
    • CSSM_DB_INDEX_INFO
      • Definition
    • CSSM_DB_UNIQUE_RECORD
      • Definition
    • CSSM_DB_RECORD_INDEX_INFO
      • Definition
    • CSSM_DB_ACCESS_TYPE
    • CSSM_DB_MODIFY_MODE
    • CSSM_DBINFO
      • Definition
    • CSSM_DB_OPERATOR
    • CSSM_DB_CONJUNCTIVE
    • CSSM_SELECTION_PREDICATE
      • Definition
    • CSSM_QUERY_LIMITS
      • Definition
    • CSSM_QUERY_FLAGS
    • CSSM_QUERY
      • Definition
    • CSSM_DLTYPE
    • CSSM_DL_PKCS11_ATTRIBUTES
      • Definition
    • CSSM_DB_DATASTORES_UNKNOWN
    • CSSM_NAME_LIST
      • Definition
    • CSSM_DB_RETRIEVAL_MODES
    • CSSM_DB_SCHEMA_ATTRIBUTE_INFO
    • CSSM_DB_SCHEMA_INDEX_INFO
  • Error Codes and Error Values
    • DL Error Values Derived from Common Error Codes
    • DL Error Values Derived from ACL-based Error Codes
    • DL Error Values for Specific Data Types
    • General DL Error Values
    • DL Specific Error Values
  • Data Storage Functions
  • CSSM_DL_DbOpen
  • CSSM_DL_DbClose
  • CSSM_DL_DbCreate
  • CSSM_DL_DbDelete
  • CSSM_DL_CreateRelation
  • CSSM_DL_DestroyRelation
  • CSSM_DL_Authenticate
  • CSSM_DL_GetDbAcl
  • CSSM_DL_ChangeDbAcl
  • CSSM_DL_GetDbOwner
  • CSSM_DL_ChangeDbOwner
  • CSSM_DL_GetDbNames
  • CSSM_DL_GetDbNameFromHandle
  • CSSM_DL_FreeNameList
  • Data Record Operations
  • CSSM_DL_DataInsert
  • CSSM_DL_DataDelete
  • CSSM_DL_DataModify
  • CSSM_DL_DataGetFirst
  • CSSM_DL_DataGetNext
  • CSSM_DL_DataAbortQuery
  • CSSM_DL_DataGetFromUniqueRecordId
  • CSSM_DL_FreeUniqueRecord
  • Extensibility Functions
  • CSSM_DL_PassThrough
• CSSM Error Handling
  • Introduction
  • Error Values and Error Codes Scheme
  • Error Codes and Error Value Enumeration
    • Configurable CSSM Error Code Constants
    • CSSM Error Code Constants
    • General Error Values
    • Common Error Codes For All Module Types
    • Common Error Codes for ACLs
    • Common Error Codes for Specific Data Types
• Application Memory Functions
  • Introduction
  • CSSM_API_MEMORY_FUNCS Data Structure
    • Definition
• Cryptographic Service Provider Behavior
  • Introduction
  • Conventions
  • Formats
    • Key Formats
    • Plaintext Keys
  • Key References
    • Wrapped Keys
    • ASN.1 Structures for PKCS #8 Wrapping
      • Diffie-Hellman Private Keys
      • DSA Private Keys
  • Requesting Format Types
  • Algorithm Use Abbreviations
  • Basic Algorithm Usage
    • Digital Signatures
      • Combination Signatures
      • Encrypt-only Signatures
  • Algorithm List
    • RSA
    • Combination Signatures with RSA
• Part 3
  • CSSM Module Directory Service (MDS) Interface
• Introduction
  • Common Data Security Architecture
  • MDS in CDSA
  • MDS Installation and Access
  • Using MDS in Integrity Verification Protocols
  • Multi-User Access Model
  • API Overview
    • Footnotes
• MDS Schema Definition
  • Object Directory Database and the Object Relation
  • CDSA Directory Database
  • CSSM Relation
  • KRMM Relation
  • EMM Relation
  • Primary EMM Service Provider Relation
  • Common Relation
  • CSP Primary Relation
  • CSP Capabilities Relation
  • CSP Encapsulated Products Relation
  • CSP SmartcardInfo Relation
  • DL Primary Relation
  • DL Encapsulated Products Relation
  • CL Primary Relation
  • CL Encapsulated Products Relation
  • TP Primary Relation
  • TP Policy-OIDS Relation
  • TP Encapsulated Products Relation
  • MDS Schema Relation
  • AC Primary Relation
  • KR Primary Relation
• MDS Name Space and Directory Structures
  • MDS Name Space
  • Object Directory
  • CDSA Directory
    • CDSA Relation Attributes
  • MDS Meta-Data Names
  • Data Structure
    • MDS_HANDLE
    • MDS_DB_HANDLE
    • MDS_FUNC
• Module Directory Services APIs
  • MDS Context APIs
  • MDS_Initialize
  • MDS_Terminate
  • MDS Installation APIs
  • MDS_Install
  • MDS_Uninstall
  • MDS Database Service APIs
  • Write-Access to MDS Databases
    • Updating MDS Schema
    • Updating MDS Databases
    • Manifest Attributes for MDS Access Control Privileges
• MDS Administration
  • MDS Installation
  • General Access Control over MDS Databases
    • Privileged Application
    • File Permissions
    • Administrator ACLs
• Part 4
  • CSSM Key Recovery API
• Overview
  • Key Recovery Nomenclature
    • Key Recovery Types
    • Key Recovery Phases
    • Lifetime of Key Recovery Fields
    • Key Recovery Policy
    • Operational Scenarios for Key Recovery
  • Key Recovery in the Common Data Security Architecture
• Key Recovery Enablement in CSSM
  • Functionality Definition
  • Extensions to the Cryptographic Module Manager
  • Key Recovery Module Manager
    • Operational Scenarios
    • Key Recovery Profiles
    • Key Recovery Context
    • Key Recovery Policy
    • Key Recovery Enablement Operations
    • Key Recovery Registration and Request Operations
• Key Recovery APIs
  • Module Management Operations
  • Key Recovery Context Operations
  • Key Recovery Registration Operations
  • Key Recovery Enablement Operations
  • Key Recovery Request Operations
  • Extensibility Functions
  • An Example Application Using Key Recovery APIs
  • Data Structures
    • CSSM_KRSP_HANDLE
    • CSSM_KR_NAME
      • Definition
    • CSSM_KR_PROFILE
      • Definition
    • CSSM_ATTRIBUTE_TYPE Additions
    • CSSM_KR_POLICY_FLAGS
    • CSSM_KR_POLICY_LIST_ITEM
      • Definitions
    • CSSM_KR_POLICY_INFO
  • Key Recovery MDS Relation
  • Key Recovery Module Management Operations
  • CSSM_KR_SetEnterpriseRecoveryPolicy
  • Key Recovery Context Operations
  • CSSM_KR_CreateRecoveryRegistrationContext
  • CSSM_KR_CreateRecoveryEnablementContext
  • CSSM_KR_CreateRecoveryRequestContext
  • CSSM_KR_GetPolicyInfo
  • Key Recovery Registration Operations
  • CSSM_KR_RegistrationRequest
  • CSSM_KR_RegistrationRetrieve
  • Key Recovery Enablement Operations
  • CSSM_KR_GenerateRecoveryFields
  • CSSM_KR_ProcessRecoveryFields
  • Key Recovery Request Operations
  • CSSM_KR_RecoveryRequest
  • CSSM_KR_RecoveryRetrieve
  • CSSM_KR_GetRecoveredObject
  • CSSM_KR_RecoveryRequestAbort
  • CSSM_KR_QueryPolicyInfo
  • CSSM_KR_FreePolicyInfo
  • Extensibility Functions
  • CSSM_KR_PassThrough
• Part 5
  • CDSA Embedded Integrity Services Library API
• Introduction
  • Problem Statement
  • Extending Trust
  • Why an Embedded Library?
  • A Phased Approach
    • Phase I. Establishing a Foothold: Self-Check
    • Phase II. Finding our Friends: Bilateral Authentication
    • Phase III. Secure Linkage Check
  • Using Library Services
    • Location of Modules and Credentials
    • Verification of Modules and their Credentials
    • Secure Linkage
    • Integrity Credentials
  • Use of Other Standards or Specifications
• Data Structures
  • Object Pointers
    • Iterator Objects
    • Verified Signature Root Object
    • Verified Certificate Chain Object
    • Verified Certificate Object
    • Manifest Section Object
    • Verified Module Object
    • EISL Object Relationships and Life Cycle
  • Types and Data Structure
    • ISL_DATA
      • Definition
    • ISL_CONST_DATA
      • Definition
    • ISL_STATUS
    • ISL_FUNCTION_PTR
• EISL Functions
  • Credential and Attribute Verification Services
  • EISL_SelfCheck
  • EISL_VerifyAndLoadModuleAndCredentialData
  • EISL_VerifyAndLoadModuleAndCredDataWithCert
  • EISL_VerifyAndLoadModuleAndCredentials
  • EISL_VerifyAndLoadModuleAndCredentialsWithCert
  • EISL_VerifyLoadedModuleAndCredentialData
  • EISL_VerifyLoadedModuleAndCredDataWithCert
  • EISL_VerifyLoadedModuleAndCredentials
  • EISL_VerifyLoadedModuleAndCredentialsWithCert
  • EISL_GetCertficateChain
  • EISL_ContinueVerification
  • EISL_DuplicateVerifiedModulePtr
  • EISL_RecycleVerifiedModuleCredentials
  • Signature Root Methods
  • EISL_CreateVerifiedSignatureRootWithCredentialData
  • EISL_CreateVerifiedSigRootWithCredDataAndCert
  • EISL_CreateVerifiedSignatureRoot
  • EISL_CreateVerifiedSignatureRootWithCertificate
  • EISL_FindManifestSection
  • EISL_CreateManifestSectionEnumerator
  • EISL_GetNextManifestSection
  • EISL_RecycleManifestSectionEnumerator
  • EISL_FindManifestAttribute
  • EISL_CreateManifestAttributeEnumerator
  • EISL_FindSignerInfoAttribute
  • EISL_CreateSignerInfoAttributeEnumerator
  • EISL_GetNextAttribute
  • EISL_RecycleAttributeEnumerator
  • EISL_FindSignatureAttribute
  • EISL_CreateSignatureAttributeEnumerator
  • EISL_GetNextSignatureAttribute
  • EISL_RecycleSignatureAttributeEnumerator
  • EISL_RecycleVerifiedSignatureRoot
  • Certificate Chain Methods
  • EISL_CreateCertificateChainWithCredentialData
  • EISL_CreateCertificateChainWithCredDataAndCert
  • EISL_CreateCertificateChain
  • EISL_CreateCertificateChainWithCertificate
  • EISL_CopyCertificateChain
  • EISL_RecycleVerifiedCertificateChain
  • Certificate Attribute Methods
  • EISL_FindCertificateAttribute
  • EISL_CreateCertificateAttributeEnumerator
  • EISL_GetNextCertificateAttribute
  • EISL_RecycleCertificateAttributeEnumerator
  • Manifest Section Object Methods
  • EISL_GetManifestSignatureRoot
  • EISL_VerifyAndLoadModule
  • EISL_VerifyLoadedModule
  • EISL_FindManifestSectionAttribute
  • EISL_CreateManifestSectionAttributeEnumerator
  • EISL_GetNextManifestSectionAttribute
  • EISL_RecycleManifestSectionAttributeEnumerator
  • EISL_GetModuleManifestSection
  • Secure Linkage Services
  • EISL_LocateProcedureAddress
  • EISL_GetReturnAddress
  • EISL_CheckAddressWithinModule
  • EISL_CheckDataAddressWithinModule
  • EISL_GetLibHandle
• Part 6
  • CDSA Signed Manifest
• Introduction
  • Signed Manifests
  • Common Data Security Architecture
• Signed Manifests-Requirements
• Signed Manifests-The Architecture
• Format Specification
  • The Manifest
    • Manifest Header Specification
    • Manifest Sections
    • Format Specification
    • MAGIC-A Flagging Mechanism
    • Metadata
    • Ordering Metadata Values
    • Manifest Examples
  • Signer Information
    • Signing Information Header
    • Signer Information Sections
    • Signing Information Examples
  • Signature Blocks
• Signed Manifests-Verifying Signatures
  • Verifying the Manifest
  • Verifying Referents in the Manifest
• File-Based Representation of Signed Manifests
  • Description
  • Representation Constraints
• Signed Manifests-Examples
  • Static Referent Objects
  • Dynamic Referent Objects with Verified Source
    • Stock Quote Service
  • Embedded or Nested Referent Objects
    • Signed Objects Whose Signatures Serve to Carry the Object
    • Signed Objects Whose Signature Blocks are Embedded
    • Nested Manifests
    • Signed Portion of an HTML Page
    • Foreign Language Support-Multiple Hash Values
    • Dynamic Sources with no Associated Data
    • Resources that Transform Locations
• Signed Manifests
  • Extensions to the JavaSoft/Netscape Specification
  • Core Set of Name:Value Pairs
  • Metadata
    • Integrity Core
    • Dublin Core
    • PKWARE Archive File Format Specification
• Part 7
  • CDSA OIDs for Certificate Library Modules
• Introduction
• OIDs for X.509 Certificate Library Modules
  • Overview
  • Interoperable Format Specifications for X.509
    • Certificate Library Service Provider X.509 Field OIDs
    • Base of the Object Identifier Name Space
    • Programmatic Definition of Base Object Identifiers
    • Terminology
  • Object Identifiers for X.509 V3 Certificates
    • Base Object Identifiers
    • Programmatic Definition of Base Object Identifiers
    • Object Identifiers for Fields
    • Certificate OID Definition
    • Signature OID Definition
    • Extension OID Definition
  • C Language Data Structures
    • CSSM_BER_TAG
    • CSSM_X509_ALGORITHM_IDENTIFIER
      • DESCRIPTION
    • CSSM_X509_TYPE_VALUE_PAIR
      • DESCRIPTION
    • CSSM_X509_RDN
      • DESCRIPTION
    • CSSM_X509_NAME
      • DESCRIPTION
    • CSSM_X509_SUBJECT_PUBLIC_KEY_INFO
      • DESCRIPTION
    • CSSM_X509_TIME
      • DESCRIPTION
    • CSSM_X509_VALIDITY
      • DESCRIPTION
    • CSSM_X509_OPTION
      • DESCRIPTION
    • CSSM_X509EXT_BASICCONSTRAINTS
      • DESCRIPTION
    • CSSM_X509EXT_DATA_FORMAT
      • DESCRIPTION
    • CSSM_X509EXT_TAGandVALUE
      • DESCRIPTION
    • CSSM_X509EXT_PAIR
      • DESCRIPTION
    • CSSM_X509_EXTENSION
      • DESCRIPTION
    • CSSM_X509_EXTENSIONS
      • DESCRIPTION
    • CSSM_X509_TBS_CERTIFICATE
      • DESCRIPTION
    • CSSM_X509_SIGNATURE
      • DESCRIPTION
    • CSSM_X509_SIGNED_CERTIFICATE
      • DESCRIPTION
    • CSSM_X509EXT_POLICYQUALIFIERINFO
      • DESCRIPTION
    • CSSM_X509EXT_POLICYQUALIFIERS
      • DESCRIPTION
    • CSSM_X509EXT_POLICYINFO
      • DESCRIPTION
  • Certificate OIDs and Certificate Data Structures
• OIDs for X.509 Certificate Revocation Lists
  • Base Object Identifiers
  • Programmatic Definition of Base Object Identifiers
  • Object Identifiers for Fields
    • CRL OIDs
    • CRL Entry (CRL CertList) OIDs
    • CRL Entry (CRL CertList) Extension OIDs
    • CRL Extension OIDs
  • C Language Data Structures for X.509 CRLs
    • CSSM_X509_REVOKED_CERT_ENTRY
      • DESCRIPTION
    • CSSM_X509_REVOKED_CERT_LIST
      • DESCRIPTION
    • CSSM_X509_TBS_CERTLIST
      • DESCRIPTION
    • CSSM_X509_SIGNED_CRL
      • DESCRIPTION
  • Associating CRL OIDs and CRL Data Structures
• Part 8
  • CSSM Elective Module Manager
• Introduction
• Overview of Elective Module Managers
  • Transparent, Dynamic Attach
  • Registering Module Managers
  • Interaction with CSSM
  • Integrity and Secure Linkage
  • State Sharing Among Module Managers
• Administration of Elective Module Managers
  • Integrity Verification
  • Module Manager Credentials
  • Installing an Elective Module Manager
    • Global Unique Identifiers (GUIDs)
  • Loading an Elective Module Manager
    • Bilateral Authentication
    • Protocol for Attaching a Service Module
    • Protocol for Detaching a Service Module
    • Protocol for Unloading a Service Module
• Elective Module Manager Operations
  • Data Structures
    • CSSM_STATE_FUNCS
    • CSSM_MANAGER_EVENT_TYPES
    • CSSM_MANAGER_EVENT_NOTIFICATION
      • Definition
    • CSSM_MANAGER_REGISTRATION_INFO
      • Definition
  • Elective Module Manager Functions
  • Initialize
  • Terminate
  • ModuleManagerAuthenticate
  • RegisterDispatchTable
  • DeregisterDispatchTable
  • EventNotifyManager
  • RefreshFunctionTable
  • CSSM Service Functions used by an EMM
  • cssm_GetAttachFunctions
  • cssm_ReleaseAttachFunctions
  • cssm_GetAppMemoryFunctions
  • cssm_IsFuncCallValid
  • cssm_DeregisterManagerServices
• Part 9
  • Add-In Module Structure and Administration
• Introduction
  • Common Data Security Architecture
  • Add-In Module Structure
  • Module Installation
  • Runtime LifeCycle of the Service Provider Module
• Add-In Module Structure
  • Security Services
  • Module Administration Components
    • Integrity Verification
    • Module-Granted Use Exemptions
    • Service Module Requirements for USEE Tags Support
    • Initialization and Cleanup
• Add-In Module Administration
  • Manufacturing an Add-In Module
    • Authenticating to Multiple CSSM Vendors
    • Obtaining an Add-In Module Manufacturing Certificate
    • Issuing an Add-In Module Product Certificate
    • Manufacturing Add-In Modules
  • Installing a Service Module
    • Global Unique Identifiers (GUIDs)
    • The Module Description
  • Attaching a Service Module
    • Runtime Life Cycle of the Module
    • Bilateral Authentication
    • Memory Management Upcalls
  • Modules Control Access to Objects
    • Authentication as Part of Access Control
    • Authorization as Part of Access Control
    • Resource Owner
  • Error Handling
  • Data Structure for Add-in Modules
    • CSSM_SPI_ModuleEventHandler
      • Definition
    • CSSM_CONTEXT_EVENT_TYPE
    • CSSM_MODULE_FUNCS
      • Definition
    • CSSM_UPCALLS
      • Definition
• Add-In Module Interface Functions
  • CSSM_SPI_ModuleLoad
  • CSSM_SPI_ModuleUnload
  • CSSM_SPI_ModuleAttach
  • CSSM_SPI_ModuleDetach
• CSSM Upcalls for Service Provider Modules
  • cssm_CcToHandle
  • cssm_GetModuleInfo
• Part 10
  • CSSM Cryptographic Service Provider Interface
• Introduction
  • CDSA Add-In Module Overview
  • Cryptographic Service Provider Overview
• Service Provider Interface
  • Overview
    • Key Formats for Public Key-Based Algorithms
    • Buffer Management for Cryptographic Services
      • Returning Buffers of Data
      • Vector of Buffers
  • Data Structures
    • CSSM_SPI_CSP_FUNCS
  • Error Return Codes
  • Cryptographic Operations
  • CSP_SignData
  • CSP_SignDataInit
  • CSP_SignDataUpdate
  • CSP_SignDataFinal
  • CSP_VerifyData
  • CSP_VerifyDataInit
  • CSP_VerifyDataUpdate
  • CSP_VerifyDataFinal
  • CSP_DigestData
  • CSP_DigestDataInit
  • CSP_DigestDataUpdate
  • CSP_DigestDataClone
  • CSP_DigestDataFinal
  • CSP_GenerateMac
  • CSP_GenerateMacInit
  • CSP_GenerateMacUpdate
  • CSP_GenerateMacFinal
  • CSP_VerifyMac
  • CSP_VerifyMacInit
  • CSP_VerifyMacUpdate
  • CSP_VerifyMacFinal
  • CSP_QuerySize
  • CSP_EncryptData
  • CSP_EncryptDataInit
  • CSP_EncryptDataUpdate
  • CSP_EncryptDataFinal
  • CSP_DecryptData
  • CSP_DecryptDataInit
  • CSP_DecryptDataUpdate
  • CSP_DecryptDataFinal
  • CSP_GenerateKey
  • CSP_GenerateKeyPair
  • CSP_GenerateRandom
  • CSP_FreeKey
  • CSP_ObtainPrivateKeyFromPublicKey
  • CSP_WrapKey
  • CSP_UnwrapKey
  • CSP_DeriveKey
  • CSP_GenerateAlgorithmParams
  • CSP_QueryKeySizeInBits
  • Cryptographic Sessions and Controlled Access to Keys
  • CSP_Login
  • CSP_Logout
  • CSP_GetLoginAcl
  • CSP_ChangeLoginAcl
  • CSP_GetLoginOwner
  • CSP_ChangeLoginOwner
  • CSP_GetKeyAcl
  • CSP_ChangeKeyAcl
  • CSP_GetKeyOwner
  • CSP_ChangeKeyOwner
  • Miscellaneous Functions
  • CSSM_CSP_GetOperationalStatistics
  • CSP_GetTimeValue
  • CSP_RetrieveUniqueId
  • CSP_RetrieveCounter
  • CSP_VerifyDevice
  • Extensibility Functions
  • CSP_PassThrough
  • Module Management Functions
  • CSP_EventNotify
• Part 11
  • CSSM Trust Policy Interface
• Introduction
  • CDSA Add-In Module Overview
  • Trust Policy Overview
    • Using Trust Policy Modules
• Trust Policy Interface
  • Overview
  • Data Structures
    • CSSM_SPI_TP_FUNCS
  • Error Return Codes
  • Trust Policy Operations
  • TP_SubmitCredRequest
  • TP_ConfirmCredResult
  • TP_ReceiveConfirmation
  • TP_CertReclaimKey
  • TP_CertReclaimAbort
  • TP_FormRequest
  • TP_FormSubmit
  • Local Application-Domain-Specific TP Functions
  • TP_CertGroupVerify
  • TP_CertCreateTemplate
  • TP_CertGetAllTemplateFields
  • TP_CertSign
  • TP_CrlVerify
  • TP_CrlCreateTemplate
  • TP_CertRevoke
  • TP_CertRemoveFromCrlTemplate
  • TP_CrlSign
  • TP_ApplyCrlToDb
  • Group Functions
  • TP_CertGroupConstruct
  • TP_CertGroupPrune
  • TP_CertGroupToTupleGroup
  • TP_TupleGroupToCertGroup
  • Extensibility Functions
  • TP_PassThrough
• Part 12
  • CSSM Authorization Computation Interface
• Introduction
  • CDSA Add-In Module Overview
  • Authorization Computation Overview
• Authorization Computation Interface
  • Classes of Certificates and Other Credentials
    • Direct Authorization
    • Authorization via Name
    • Credential Format Options
      • X®N ACL <-,-,S,D,X,->
      • X®N Attribute Certificate <I,-,S,D,X,V>
      • N®S ID Certificate <I,N,S,-,-,V>
      • X®S ACL <-,-,S,D,X,->
      • X®S Authorization Certificate <I,-,S,D,X,V>
    • The Logic of Authorization
      • Direct, Delegated Authorization
      • Authorization via Names
    • The Authorization Reduction Process
    • Example Authorization Request
  • Data Structures
    • CSSM_SPI_AC_FUNCS
  • Authorization Computation Operations
  • AC_AuthCompute
  • Extensibility Functions
  • CSSM_AC_PassThrough
• Part 13
  • CSSM Certificate Library Interface
• Introduction
  • CSSM Add-In Module Overview
  • Certificate Library Module
    • Overview
    • Certificate Life Cycle
• Certificate Library Interface
  • Overview
  • Data Structures
    • CSSM_SPI_CL_FUNCS
  • Error Return Codes
  • Certificate Operations
  • CL_CertCreateTemplate
  • CL_CertGetAllTemplateFields
  • CL_CertSign
  • CL_CertVerify
  • CL_CertVerifyWithKey
  • CL_CertGetFirstFieldValue
  • CL_CertGetNextFieldValue
  • CL_CertAbortQuery
  • CL_CertGetKeyInfo
  • CL_FreeFields
  • CL_CertGetAllFields
  • CL_FreeFieldValue
  • CL_CertCache
  • CL_CertGetFirstCachedFieldValue
  • CL_CertGetNextCachedFieldValue
  • CL_CertAbortCache
  • CL_CertGroupToSignedBundle
  • CL_CertGroupFromVerifiedBundle
  • CL_CertDescribeFormat
  • Certificate Revocation List Operations
  • CL_CrlCreateTemplate
  • CL_CrlSetFields
  • CL_CrlAddCert
  • CL_CrlRemoveCert
  • CL_CrlSign
  • CL_CrlVerify
  • CL_CrlVerifyWithKey
  • CL_IsCertInCrl
  • CL_CrlGetFirstFieldValue
  • CL_CrlGetNextFieldValue
  • CL_CrlAbortQuery
  • CL_CrlGetAllFields
  • CL_CrlCache
  • CL_IsCertInCachedCrl
  • CL_CrlGetFirstCachedFieldValue
  • CL_CrlGetNextCachedFieldValue
  • CL_CrlGetAllCachedRecordFields
  • CL_CrlAbortCache
  • CL_CrlDescribeFormat
  • Extensibility Functions
  • CL_PassThrough
• Part 14
  • CSSM Data Storage Library Interface
• Introduction
  • CDSA Add-In Module Overview
  • Data Storage Library Overview
• Data Storage Library Interface
  • Overview
    • Categories of Operations
  • Data Storage Data Structures
    • CSSM_SPI_DL_FUNCS
  • Data Storage Library Operations
  • DL_Authenticate
  • DL_GetDbAcl
  • DL_ChangeDbAcl
  • DL_GetDbOwner
  • DL_ChangeDbOwner
  • Data Store Operations
  • DL_DbOpen
  • DL_DbClose
  • DL_DbCreate
  • DL_DbDelete
  • DL_CreateRelation
  • DL_DestroyRelation
  • DL_GetDbNames
  • DL_GetDbNameFromHandle
  • DL_FreeNameList
  • Data Record Operations
  • DL_DataInsert
  • DL_DataDelete
  • DL_DataModify
  • DL_DataGetFirst
  • DL_DataGetNext
  • DL_DataAbortQuery
  • DL_DataGetFromUniqueRecordId
  • DL_FreeUniqueRecord
  • Extensibility Functions
  • DL_PassThrough
• Part 15
  • CSSM Key Recovery Interface
• Introduction
  • CDSA Add-In Module Overview
  • Key Recovery Overview
    • Key Recovery Nomenclature
    • Key Recovery Types
    • Lifetime of Key Recovery Fields
    • Key Recovery Policy
    • Operational Scenarios for Key Recovery
  • Key Recovery in the Common Data Security Architecture
• Key Recovery Service Provider Interface
  • Overview
    • Key Recovery Phases
    • Key Recovery Registration Operations
    • Key Recovery Enablement Operations
    • Key Recovery Request Operations
    • Privileged Context Functions
    • Extensibility Functions
  • Data Structures
    • CSSM_SPI_KR_FUNCS
  • Key Recovery MDS Relation
    • KR Primary Relation
  • Key Recovery Registration Operations
  • KRSP_RegistrationRequest
  • KRSP_RegistrationRetrieve
  • Key Recovery Enablement Operations
  • KRSP_GenerateRecoveryFields
  • KRSP_ProcessRecoveryFields
  • Key Recovery Request Operations
  • KRSP_RecoveryRequest
  • KRSP_RecoveryRetrieve
  • KRSP_GetRecoveredObject
  • KRSP_RecoveryRequestAbort
  • Privileged Context Operations
  • KRSP_PassPrivFunc
  • Extensibility Functions
  • KRSP_PassThrough
• Glossary
  • Asymmetric algorithms
  • carve-outs
  • CDSA
  • Certification Authority (CA)
  • Certificate
  • Certificate chain
  • Certificate signing
  • Certificate validity date
  • Common Data Security Architecture
  • Common Security Services Manager
  • Cryptographic algorithm
  • Cryptoki
  • Cryptographic Service Providers (CSPs)
  • CSSM
  • Digital certificate
  • Digital signature
  • Hash algorithm
  • Hypertext Transfer Protocol (HTTP)
  • JAVA
  • Leaf Certificate
  • Meta-information
  • Message digest
  • Nonce
  • Owned certificate
  • PolicyMaker
  • Pretty Good Privacy (PGP)
  • Private key
  • Public key
  • Random number generators
  • Root certificate
  • Secret key
  • Secure Electronic Transaction (SET)
  • Secure MIME (S/MIME)
  • Secure Sockets Layer (SSL)
  • Security Context
  • Security-relevant event
  • Session key
  • Signature
  • Signature chain
  • Symmetric algorithms
  • Token
  • USEE
  • Verification
  • Web of trust
• INDEX

---

Click here to return to the publication details.