INDEX
INDEX
[??]
License Agreement
acknowledgements
Acknowledgements
Add-In
Security Add-In Modules Layer
Application Developer's View of a Multi-Service Add-in Module
Service Provider's View of a Multi-Service Add-in Module
Application-Authenticated Add-In Modules
CSSM Add-In Module Structure and Administration
Add-In Module Structure
Add-In Module Usage
Add-In Module Structure
Add-In Module Administration
Manufacturing an Add-In Module
Obtaining an Add-In Module Manufacturing Certificate
Issuing an Add-In Module Product Certificate
Manufacturing Add-In Modules
Installing an Add-In Module
Attaching an Add-In Module
Add-In Module Interface Functions
CDSA Add-In Module Overview
CDSA Add-In Module Overview
CSSM Add-In Module Overview
CDSA Add-In Module Overview
CDSA Add-In Module Overview
AddInAuthenticate
Attach/Detach and AddInAuthenticate Example
AddInAuthenticate
additional
Additional CSP Services
additions
CSSM_ATTRIBUTE_TYPE Additions
CSSM_ATTRIBUTE_TYPE Additions
administration
Administration of Elective Module Managers
CSSM Add-In Module Structure and Administration
Module Administration Components
Add-In Module Administration
agreement
License Agreement
algorithm
Key Formats for Public Key-Based Algorithms
Key Formats for Public Key-Based Algorithms
Asymmetric algorithms
Cryptographic algorithm
Hash algorithm
Symmetric algorithms
among
State Sharing Among Module Managers
State Sharing Among Module Managers
API
Cryptographic Services API
Trust Policy Services API
Certificate Library API
Data Storage Library API
Core Services API
Cryptographic Services API
Trust Policy Services API
Certificate Library Services API
Data Storage Library Services API
CSSM Key Recovery API
Key Recovery APIs
An Example Application Using Key Recovery APIs
CDSA Embedded Integrity Services Library API
Low-Level Data Structures Used in API Functions
Relevant CSSM API Functions
Trust Policy Services API
application
Dispatching Application Calls for Security Services
Application Developer's View of a Multi-Service Add-in Module
Application Exemptions
Application and Certificate Library Interaction
Application Memory Functions
An Example Application Using Key Recovery APIs
Built-In Policies and Application Exemptions
Application Interaction
Application-Authenticated
Application-Authenticated Add-In Modules
approach
A Phased Approach
Goals and General Approach
Assumptions and Architectural Approach
architectural
Architectural Assumptions
Architectural Overview
Assumptions and Architectural Approach
architecture
Common Data Security Architecture (CDSA)
Common Data Security Architecture
Common Data Security Architecture
Key Recovery in the Common Data Security Architecture
Overview of the Common Data Security Architecture
Signed Manifests-The Architecture
Common Data Security Architecture
Key Recovery in the Common Data Security Architecture
Common Data Security Architecture (CDSA)
archive
PKWARE Archive File Format Specification
are
Signed Objects Whose Signature Blocks are Embedded
associated
Dynamic Sources with no Associated Data
assumptions
Architectural Assumptions
Assumptions and Architectural Approach
asymmetric
Asymmetric algorithms
attach
Transparent, Dynamic Attach
Transparent, Dynamic Attach
Attach/Detach
Attach/Detach and AddInAuthenticate Example
attaching
Attaching an Add-In Module
attribute
Credential and Attribute Verification Services
Certificate Attribute Methods
audience
Intended Audience
authenticating
Authenticating to Multiple CSSM Vendors
authentication
Phase II. Finding our Friends: Bilateral Authentication
Bilateral Authentication
Bilateral Authentication
authority
Certification Authority (CA)
based
Screening Requests Based on Simple Policies
Screening Requests Based on Complex Policies
basic
Basic Module Managers
bilateral
Phase II. Finding our Friends: Bilateral Authentication
Bilateral Authentication
Bilateral Authentication
blocks
Signature Blocks
Signed Objects Whose Signature Blocks are Embedded
Built-In
Built-In Policies and Application Exemptions
CA
Certification Authority (CA)
calls
Dispatching Application Calls for Security Services
carry
Signed Objects Whose Signatures Serve to Carry the Object
categories
Categories of Operations
CDSA
Common Data Security Architecture (CDSA)
CDSA Embedded Integrity Services Library API
CDSA Signed Manifest
CDSA Mechanisms for Policy Compliance
Overview of CDSA
CDSA Add-In Module Overview
CDSA Add-In Module Overview
CDSA Add-In Module Overview
CDSA Add-In Module Overview
Common Data Security Architecture (CDSA)
certificate
Certificate Library Modules (CLs)
Certificate Library Modules
Certificate Library API
Certificate Library Services API
Certificate Life Cycle
Application and Certificate Library Interaction
Operations on Certificates
Certificate Operations
Certificate Revocation List Operations
Verified Certificate Chain Object
Verified Certificate Object
Certificate Chain Methods
Certificate Attribute Methods
Obtaining an Add-In Module Manufacturing Certificate
Issuing an Add-In Module Product Certificate
A Module's Certificate Chain
CSSM Certificate Library Interface
Certificate Library Overview
Certificate Life Cycle
Certificate Library Interface
Certificate Operations
Certificate Revocation List Operations
Certificate Operations
Certificate Revocation List Operations
Certificate
Certificate chain
Certificate signing
Certificate validity date
Digital certificate
Leaf Certificate
Owned certificate
Root certificate
certification
Certification Authority (CA)
chain
Verified Certificate Chain Object
Certificate Chain Methods
A Module's Certificate Chain
Certificate chain
Signature chain
check
Phase III. Secure Linkage Check
checkable
Creating Checkable Components
checking
Checking a Module's Credentials
CL
CL Module Install
CL_CertAbortQuery
CL_CertAbortQuery
CL_CertAbortRecovery
CL_CertAbortRecovery
CL_CertDescribeFormat
CL_CertDescribeFormat
CL_CertExport
CL_CertExport
CL_CertGetAllFields
CL_CertGetAllFields
CL_CertGetFirstFieldValue
CL_CertGetFirstFieldValue
CL_CertGetKeyInfo
CL_CertGetKeyInfo
CL_CertGetNextFieldValue
CL_CertGetNextFieldValue
CL_CertGroupFromVerifiedBundle
CL_CertGroupFromVerifiedBundle
CL_CertGroupToSignedBundle
CL_CertGroupToSignedBundle
CL_CertImport
CL_CertImport
CL_CertKeyRecover
CL_CertKeyRecover
CL_CertMultiSignRequest
CL_CertMultiSignRequest
CL_CertMultiSignRetrieve
CL_CertMultiSignRetrieve
CL_CertRecover
CL_CertRecover
CL_CertRecoveryRequest
CL_CertRecoveryRequest
CL_CertRecoveryRetrieve
CL_CertRecoveryRetrieve
CL_CertRequest
CL_CertRequest
CL_CertRetrieve
CL_CertRetrieve
CL_CertVerify
CL_CertVerify
CL_CrlAbortQuery
CL_CrlAbortQuery
CL_CrlAddCert
CL_CrlAddCert
CL_CrlCreateTemplate
CL_CrlCreateTemplate
CL_CrlDescribeFormat
CL_CrlDescribeFormat
CL_CrlGetFirstFieldValue
CL_CrlGetFirstFieldValue
CL_CrlGetNextFieldValue
CL_CrlGetNextFieldValue
CL_CrlRemoveCert
CL_CrlRemoveCert
CL_CrlRequest
CL_CrlRequest
CL_CrlRetrieve
CL_CrlRetrieve
CL_CrlSetFields
CL_CrlSetFields
CL_CrlSign
CL_CrlSign
CL_CrlVerify
CL_CrlVerify
CL_IsCertInCrl
CL_IsCertInCrl
CL_PassThrough
CL_PassThrough
CL_RegistrationFormRequest
CL_RegistrationFormRequest
CL_RegistrationFormSubmit
CL_RegistrationFormSubmit
cleanup
Initialization and Cleanup
CLs
Certificate Library Modules (CLs)
comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
Comments
common
Common Data Security Architecture (CDSA)
Common Data Security Architecture
Common Security Services Manager Layer
Common Security Services Manager
Common Security Services Manager (CSSM)
Common Data Security Architecture
Key Recovery in the Common Data Security Architecture
Overview of the Common Data Security Architecture
Common Data Security Architecture
Key Recovery in the Common Data Security Architecture
Common Data Security Architecture (CDSA)
Common Security Services Manager (CSSM)
companion
Companion Modules
complex
Screening Requests Based on Complex Policies
Complex Policies
compliance
CDSA Mechanisms for Policy Compliance
components
Creating Checkable Components
Verifying Components
Module Administration Components
constraints
Representation Constraints
context
Security Context Services
Cryptographic Context Operations
Key Recovery Context
Key Recovery Context Operations
Key Recovery Context Operations
Privileged Context Functions
Privileged Context Operations
Security Context
core
Core Services API
Core Services for CSSM Management
Data Structures for Core Services
Core Functions
Core Set of Name:Value Pairs
Integrity Core
Dublin Core
corrigenda
Corrigenda
creating
Creating Checkable Components
credential
Location of Modules and Credentials
Verification of Modules and their Credentials
Integrity Credentials
Credential and Attribute Verification Services
Module Manager Credentials
Checking a Module's Credentials
cryptographic
Cryptographic Service Providers (CSPs)
Cryptographic Service Provider Modules
Cryptographic Service Provider Registration
Cryptographic Services API
Cryptographic Services API
Cryptographic Context Operations
Cryptographic Sessions and Logon
Cryptographic Operations
Extensions to the Cryptographic Module Manager
CSSM Cryptographic Service Provider Interface
Cryptographic Service Provider Overview
Cryptographic Operations
Cryptographic Sessions and Logon
Cryptographic Operations
Cryptographic Sessions and Logon
Cryptographic Service Providers (CSPs)
Cryptographic algorithm
cryptoki
Cryptoki
CSP
CSP Form Factor
Additional CSP Services
CSP_ChangeLoginPassword
CSP_ChangeLoginPassword
CSP_DecryptData
CSP_DecryptData
CSP_DecryptDataFinal
CSP_DecryptDataFinal
CSP_DecryptDataInit
CSP_DecryptDataInit
CSP_DecryptDataUpdate
CSP_DecryptDataUpdate
CSP_DeriveKey
CSP_DeriveKey
CSP_DigestData
CSP_DigestData
CSP_DigestDataClone
CSP_DigestDataClone
CSP_DigestDataFinal
CSP_DigestDataFinal
CSP_DigestDataInit
CSP_DigestDataInit
CSP_DigestDataUpdate
CSP_DigestDataUpdate
CSP_EncryptData
CSP_EncryptData
CSP_EncryptDataFinal
CSP_EncryptDataFinal
CSP_EncryptDataInit
CSP_EncryptDataInit
CSP_EncryptDataUpdate
CSP_EncryptDataUpdate
CSP_EventNotify
CSP_EventNotify
CSP_FreeKey
CSP_FreeKey
CSP_GenerateAlgorithmParams
CSP_GenerateAlgorithmParams
CSP_GenerateKey
CSP_GenerateKey
CSP_GenerateKeyPair
CSP_GenerateKeyPair
CSP_GenerateMac
CSP_GenerateMac
CSP_GenerateMacFinal
CSP_GenerateMacFinal
CSP_GenerateMacInit
CSP_GenerateMacInit
CSP_GenerateMacUpdate
CSP_GenerateMacUpdate
CSP_GenerateRandom
CSP_GenerateRandom
CSP_GetCapabilities
CSP_GetCapabilities
CSP_Login
CSP_Login
CSP_Logout
CSP_Logout
CSP_ObtainPrivateKeyFromPublicKey
CSP_ObtainPrivateKeyFromPublicKey
CSP_PassThrough
CSP_PassThrough
CSP_QueryKeySizeInBits
CSP_QueryKeySizeInBits
CSP_QuerySize
CSP_QuerySize
CSP_SignData
CSP_SignData
CSP_SignDataFinal
CSP_SignDataFinal
CSP_SignDataInit
CSP_SignDataInit
CSP_SignDataUpdate
CSP_SignDataUpdate
CSP_UnwrapKey
CSP_UnwrapKey
CSP_VerifyData
CSP_VerifyData
CSP_VerifyDataFinal
CSP_VerifyDataFinal
CSP_VerifyDataInit
CSP_VerifyDataInit
CSP_VerifyDataUpdate
CSP_VerifyDataUpdate
CSP_VerifyMac
CSP_VerifyMac
CSP_VerifyMacFinal
CSP_VerifyMacFinal
CSP_VerifyMacInit
CSP_VerifyMacInit
CSP_VerifyMacUpdate
CSP_VerifyMacUpdate
CSP_WrapKey
CSP_WrapKey
CSPs
Cryptographic Service Providers (CSPs)
Legacy CSPs
Cryptographic Service Providers (CSPs)
CSSM
Common Security Services Manager (CSSM)
Core Services for CSSM Management
Integrity of the CSSM Environment
CSSM Error-Handling
CSSM Key Recovery API
Key Recovery Enablement in CSSM
CSSM Elective Module Manager
CSSM Add-In Module Structure and Administration
CSSM Interaction
Authenticating to Multiple CSSM Vendors
Relevant CSSM API Functions
CSSM Integrity Services-The Foundation
CSSM Mechanisms Supporting Simple Policies
CSSM Cryptographic Service Provider Interface
CSSM Trust Policy Interface
CSSM Certificate Library Interface
CSSM Add-In Module Overview
CSSM Data Storage Library Interface
CSSM Key Recovery Interface
Common Security Services Manager (CSSM)
CSSM-Enforced
CSSM-Enforced Integrity Verification
CSSM_ALL_SUBSERVICES
CSSM_ALL_SUBSERVICES
CSSM_ALL_SUBSERVICES
CSSM_API_MEMORY_FUNCS
CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS
CSSM_API_MEMORY_FUNCS Data Structure
CSSM_APP_KEYS
CSSM_APP_KEYS
CSSM_APP_SERVICE_FLAGS
CSSM_APP_SERVICE_FLAGS
CSSM_APP_SERVICE_INFO
CSSM_APP_SERVICE_INFO
CSSM_ATTRIBUTE_TYPE
CSSM_ATTRIBUTE_TYPE Additions
CSSM_ATTRIBUTE_TYPE Additions
CSSM_BOOL
CSSM_BOOL
CSSM_BOOL
CSSM_BOOL
CSSM_CA_SERVICES
CSSM_CA_SERVICES
CSSM_CA_SERVICES
CSSM_CALLBACK
CSSM_CALLBACK
CSSM_CALLBACK
CSSM_CALLBACK
CSSM_CC_HANDLE
CSSM_CC_HANDLE
CSSM_CERT_BUNDLE
CSSM_CERT_BUNDLE
CSSM_CERT_BUNDLE
CSSM_CERT_BUNDLE_ENCODING
CSSM_CERT_BUNDLE_ENCODING
CSSM_CERT_BUNDLE_ENCODING
CSSM_CERT_BUNDLE_HEADER
CSSM_CERT_BUNDLE_HEADER
CSSM_CERT_BUNDLE_HEADER
CSSM_CERT_BUNDLE_TYPE
CSSM_CERT_BUNDLE_TYPE
CSSM_CERT_BUNDLE_TYPE
CSSM_CERT_ENCODING
CSSM_CERT_ENCODING
CSSM_CERT_ENCODING
CSSM_CERT_LIST
CSSM_CERT_LIST
CSSM_CERT_LIST
CSSM_CERT_TYPE
CSSM_CERT_TYPE
CSSM_CERT_TYPE
CSSM_CERTGROUP
CSSM_CERTGROUP
CSSM_CERTGROUP
CSSM_CL_CA_CERT_CLASSINFO
CSSM_CL_CA_CERT_CLASSINFO
CSSM_CL_CA_CERT_CLASSINFO
CSSM_CL_CA_PRODUCTINFO
CSSM_CL_CA_PRODUCTINFO
CSSM_CL_CA_PRODUCTINFO
CSSM_CL_CertAbortQuery
CSSM_CL_CertAbortQuery
CSSM_CL_CertAbortRecovery
CSSM_CL_CertAbortRecovery
CSSM_CL_CertDescribeFormat
CSSM_CL_CertDescribeFormat
CSSM_CL_CertExport
CSSM_CL_CertExport
CSSM_CL_CertGetAllFields
CSSM_CL_CertGetAllFields
CSSM_CL_CertGetFirstFieldValue
CSSM_CL_CertGetFirstFieldValue
CSSM_CL_CertGetKeyInfo
CSSM_CL_CertGetKeyInfo
CSSM_CL_CertGetNextFieldValue
CSSM_CL_CertGetNextFieldValue
CSSM_CL_CertGroupFromVerifiedBundle
CSSM_CL_CertGroupFromVerifiedBundle
CSSM_CL_CertGroupToSignedBundle
CSSM_CL_CertGroupToSignedBundle
CSSM_CL_CertImport
CSSM_CL_CertImport
CSSM_CL_CertKeyRecover
CSSM_CL_CertKeyRecover
CSSM_CL_CertMultiSignRequest
CSSM_CL_CertMultiSignRequest
CSSM_CL_CertMultiSignRetrieve
CSSM_CL_CertMultiSignRetrieve
CSSM_CL_CertRecover
CSSM_CL_CertRecover
CSSM_CL_CertRecoveryRequest
CSSM_CL_CertRecoveryRequest
CSSM_CL_CertRecoveryRetrieve
CSSM_CL_CertRecoveryRetrieve
CSSM_CL_CertRequest
CSSM_CL_CertRequest
CSSM_CL_CertRetrieve
CSSM_CL_CertRetrieve
CSSM_CL_CertVerify
CSSM_CL_CertVerify
CSSM_CL_CrlAbortQuery
CSSM_CL_CrlAbortQuery
CSSM_CL_CrlAddCert
CSSM_CL_CrlAddCert
CSSM_CL_CrlCreateTemplate
CSSM_CL_CrlCreateTemplate
CSSM_CL_CrlDescribeFormat
CSSM_CL_CrlDescribeFormat
CSSM_CL_CrlGetFirstFieldValue
CSSM_CL_CrlGetFirstFieldValue
CSSM_CL_CrlGetNextFieldValue
CSSM_CL_CrlGetNextFieldValue
CSSM_CL_CrlRemoveCert
CSSM_CL_CrlRemoveCert
CSSM_CL_CrlRequest
CSSM_CL_CrlRequest
CSSM_CL_CrlRetrieve
CSSM_CL_CrlRetrieve
CSSM_CL_CrlSetFields
CSSM_CL_CrlSetFields
CSSM_CL_CrlSign
CSSM_CL_CrlSign
CSSM_CL_CrlVerify
CSSM_CL_CrlVerify
CSSM_CL_ENCODER_PRODUCTINFO
CSSM_CL_ENCODER_PRODUCTINFO
CSSM_CL_ENCODER_PRODUCTINFO
CSSM_CL_HANDLE
CSSM_CL_HANDLE
CSSM_CL_HANDLE
CSSM_CL_IsCertInCrl
CSSM_CL_IsCertInCrl
CSSM_CL_PassThrough
CSSM_CL_PassThrough
CSSM_CL_RegistrationFormRequest
CSSM_CL_RegistrationFormRequest
CSSM_CL_RegistrationFormSubmit
CSSM_CL_RegistrationFormSubmit
CSSM_CL_WRAPPEDPRODUCTINFO
CSSM_CL_WRAPPEDPRODUCTINFO
CSSM_CL_WRAPPEDPRODUCTINFO
CSSM_ClearError
CSSM_ClearError
CSSM_ClearError
CSSM_CLSUBSERVICE
CSSM_CLSUBSERVICE
CSSM_CLSUBSERVICE
CSSM_CompareGuids
CSSM_CompareGuids
CSSM_CONTEXT
CSSM_CONTEXT
CSSM_CONTEXT
CSSM_CONTEXT_ATTRIBUTE
CSSM_CONTEXT_ATTRIBUTE
CSSM_CONTEXT_ATTRIBUTE Extensions
CSSM_CONTEXT_ATTRIBUTE
CSSM_CONTEXT_ATTRIBUTE Extensions
CSSM_CRL_ENCODING
CSSM_CRL_ENCODING
CSSM_CRL_ENCODING
CSSM_CRL_ENCODING
CSSM_CRL_TYPE
CSSM_CRL_TYPE
CSSM_CRL_TYPE
CSSM_CRL_TYPE
CSSM_CRYPTO_DATA
CSSM_CRYPTO_DATA
CSSM_CRYPTO_DATA
CSSM_CRYPTO_DATA
CSSM_CSP_CAPABILITY
CSSM_CSP_CAPABILITY
CSSM_CSP_CAPABILITY
CSSM_CSP_ChangeLoginPassword
CSSM_CSP_ChangeLoginPassword
CSSM_CSP_CreateAsymmetricContext
CSSM_CSP_CreateAsymmetricContext
CSSM_CSP_CreateDeriveKeyContext
CSSM_CSP_CreateDeriveKeyContext
CSSM_CSP_CreateDigestContext
CSSM_CSP_CreateDigestContext
CSSM_CSP_CreateKeyGenContext
CSSM_CSP_CreateKeyGenContext
CSSM_CSP_CreateMacContext
CSSM_CSP_CreateMacContext
CSSM_CSP_CreatePassThroughContext
CSSM_CSP_CreatePassThroughContext
CSSM_CSP_CreateRandomGenContext
CSSM_CSP_CreateRandomGenContext
CSSM_CSP_CreateSignatureContext
CSSM_CSP_CreateSignatureContext
CSSM_CSP_CreateSymmetricContext
CSSM_CSP_CreateSymmetricContext
CSSM_CSP_FLAGS
CSSM_CSP_FLAGS
CSSM_CSP_FLAGS
CSSM_CSP_HANDLE
CSSM_CSP_HANDLE
CSSM_CSP_HANDLE
CSSM_CSP_Login
CSSM_CSP_Login
CSSM_CSP_Logout
CSSM_CSP_Logout
CSSM_CSP_PassThrough
CSSM_CSP_PassThrough
CSSM_CSP_SESSION_TYPE
CSSM_CSP_SESSION_TYPE
CSSM_CSP_SESSION_TYPE
CSSM_CSP_TYPE
CSSM_CSP_TYPE
CSSM_CSP_TYPE
CSSM_CSP_WRAPPEDPRODUCTINFO
CSSM_CSP_WRAPPEDPRODUCTINFO
CSSM_CSP_WRAPPEDPRODUCTINFO
CSSM_CSPSUBSERVICE
CSSM_CSPSUBSERVICE
CSSM_CSPSUBSERVICE
CSSM_CSSMINFO
CSSM_CSSMINFO
CSSM_DATA
CSSM_DATA
CSSM_DATA
CSSM_DATA
CSSM_DATA
CSSM_DATA
CSSM_DATE
CSSM_DATE
CSSM_DATE
CSSM_DB_ACCESS_TYPE
CSSM_DB_ACCESS_TYPE
CSSM_DB_ACCESS_TYPE
CSSM_DB_ATTRIBUTE_DATA
CSSM_DB_ATTRIBUTE_DATA
CSSM_DB_ATTRIBUTE_DATA
CSSM_DB_ATTRIBUTE_FORMAT
CSSM_DB_ATTRIBUTE_FORMAT
CSSM_DB_ATTRIBUTE_INFO
CSSM_DB_ATTRIBUTE_INFO
CSSM_DB_ATTRIBUTE_INFO
CSSM_DB_ATTRIBUTE_NAME_FORMAT
CSSM_DB_ATTRIBUTE_NAME_FORMAT
CSSM_DB_ATTRIBUTE_NAME_FORMAT
CSSM_DB_CERTRECORD_SEMANTICS
CSSM_DB_CERTRECORD_SEMANTICS
CSSM_DB_CERTRECORD_SEMANTICS
CSSM_DB_CONJUNCTIVE
CSSM_DB_CONJUNCTIVE
CSSM_DB_CONJUNCTIVE
CSSM_DB_DATASTORES_UNKNOWN
CSSM_DB_DATASTORES_UNKNOWN
CSSM_DB_DATASTORES_UNKNOWN
CSSM_DB_HANDLE
CSSM_DB_HANDLE
CSSM_DB_HANDLE
CSSM_DB_INDEX_INFO
CSSM_DB_INDEX_INFO
CSSM_DB_INDEX_INFO
CSSM_DB_INDEX_TYPE
CSSM_DB_INDEX_TYPE
CSSM_DB_INDEX_TYPE
CSSM_DB_INDEXED_DATA_LOCATION
CSSM_DB_INDEXED_DATA_LOCATION
CSSM_DB_INDEXED_DATA_LOCATION
CSSM_DB_OPERATOR
CSSM_DB_OPERATOR
CSSM_DB_OPERATOR
CSSM_DB_PARSING_MODULE_INFO
CSSM_DB_PARSING_MODULE_INFO
CSSM_DB_PARSING_MODULE_INFO
CSSM_DB_RECORD_ATTRIBUTE_DATA
CSSM_DB_RECORD_ATTRIBUTE_DATA
CSSM_DB_RECORD_ATTRIBUTE_DATA
CSSM_DB_RECORD_ATTRIBUTE_INFO
CSSM_DB_RECORD_ATTRIBUTE_INFO
CSSM_DB_RECORD_ATTRIBUTE_INFO
CSSM_DB_RECORD_INDEX_INFO
CSSM_DB_RECORD_INDEX_INFO
CSSM_DB_RECORD_INDEX_INFO
CSSM_DB_RECORD_PARSING_FNTABLE
CSSM_DB_RECORD_PARSING_FNTABLE
CSSM_DB_RECORD_PARSING_FNTABLE
CSSM_DB_RECORDTYPE
CSSM_DB_RECORDTYPE
CSSM_DB_RECORDTYPE
CSSM_DB_UNIQUE_RECORD
CSSM_DB_UNIQUE_RECORD
CSSM_DB_UNIQUE_RECORD
CSSM_DBINFO
CSSM_DBINFO
CSSM_DBINFO
CSSM_DecryptData
CSSM_DecryptData
CSSM_DecryptDataFinal
CSSM_DecryptDataFinal
CSSM_DecryptDataInit
CSSM_DecryptDataInit
CSSM_DecryptDataUpdate
CSSM_DecryptDataUpdate
CSSM_DeleteContext
CSSM_DeleteContext
CSSM_DeleteContextAttributes
CSSM_DeleteContextAttributes
CSSM_DeliverModuleManagerEvent
CSSM_DeliverModuleManagerEvent
CSSM_DeregisterManagerServices
CSSM_DeregisterManagerServices
CSSM_DeregisterServices
CSSM_DeregisterServices
CSSM_DeriveKey
CSSM_DeriveKey
CSSM_DestroyError
CSSM_DestroyError
CSSM_DigestData
CSSM_DigestData
CSSM_DigestDataClone
CSSM_DigestDataClone
CSSM_DigestDataFinal
CSSM_DigestDataFinal
CSSM_DigestDataInit
CSSM_DigestDataInit
CSSM_DigestDataUpdate
CSSM_DigestDataUpdate
CSSM_DL_Authenticate
CSSM_DL_Authenticate
CSSM_DL_DataAbortQuery
CSSM_DL_DataAbortQuery
CSSM_DL_DataDelete
CSSM_DL_DataDelete
CSSM_DL_DataGetFirst
CSSM_DL_DataGetFirst
CSSM_DL_DataGetFromUniqueRecordId
CSSM_DL_DataGetFromUniqueRecordId
CSSM_DL_DataGetNext
CSSM_DL_DataGetNext
CSSM_DL_DataInsert
CSSM_DL_DataInsert
CSSM_DL_DataModify
CSSM_DL_DataModify
CSSM_DL_DB_HANDLE
CSSM_DL_DB_HANDLE
CSSM_DL_DB_HANDLE
CSSM_DL_DB_HANDLE
CSSM_DL_DB_LIST
CSSM_DL_DB_LIST
CSSM_DL_DB_LIST
CSSM_DL_DB_LIST
CSSM_DL_DbClose
CSSM_DL_DbClose
CSSM_DL_DbCreate
CSSM_DL_DbCreate
CSSM_DL_DbDelete
CSSM_DL_DbDelete
CSSM_DL_DbExport
CSSM_DL_DbExport
CSSM_DL_DbGetRecordParsingFunctions
CSSM_DL_DbGetRecordParsingFunctions
CSSM_DL_DbImport
CSSM_DL_DbImport
CSSM_DL_DbOpen
CSSM_DL_DbOpen
CSSM_DL_DbSetRecordParsingFunctions
CSSM_DL_DbSetRecordParsingFunctions
CSSM_DL_FreeNameList
CSSM_DL_FreeNameList
CSSM_DL_FreeUniqueRecord
CSSM_DL_FreeUniqueRecord
CSSM_DL_GetDbNameFromHandle
CSSM_DL_GetDbNameFromHandle
CSSM_DL_GetDbNames
CSSM_DL_GetDbNames
CSSM_DL_HANDLE
CSSM_DL_HANDLE
CSSM_DL_HANDLE
CSSM_DL_PassThrough
CSSM_DL_PassThrough
CSSM_DL_PKCS11_ATTRIBUTES
CSSM_DL_PKCS11_ATTRIBUTES
CSSM_DL_PKCS11_ATTRIBUTES
CSSM_DL_WRAPPEDPRODUCT_INFO
CSSM_DL_WRAPPEDPRODUCT_INFO
CSSM_DL_WRAPPEDPRODUCT_INFO
CSSM_DLSUBSERVICE
CSSM_DLSUBSERVICE
CSSM_DLSUBSERVICE
CSSM_DLTYPE
CSSM_DLTYPE
CSSM_DLTYPE
CSSM_EncryptData
CSSM_EncryptData
CSSM_EncryptDataFinal
CSSM_EncryptDataFinal
CSSM_EncryptDataInit
CSSM_EncryptDataInit
CSSM_EncryptDataUpdate
CSSM_EncryptDataUpdate
CSSM_ESTIMATED_TIME_UNKNOWN
CSSM_ESTIMATED_TIME_UNKNOWN
CSSM_ESTIMATED_TIME_UNKNOWN
CSSM_EVENT_TYPE
CSSM_EVENT_TYPE
CSSM_EVENT_TYPE
CSSM_EVIDENCE_FORM
CSSM_EVIDENCE_FORM
CSSM_EVIDENCE_FORM
CSSM_EXEMPTION_MASK
CSSM_EXEMPTION_MASK
CSSM_EXEMPTION_MASK
CSSM_EXEMPTION_MASK
CSSM_FIELD
CSSM_FIELD
CSSM_FIELD
CSSM_FIELD
CSSM_Free
CSSM_Free
CSSM_FreeContext
CSSM_FreeContext
CSSM_FreeInfo
CSSM_FreeInfo
CSSM_FreeKey
CSSM_FreeKey
CSSM_FreeList
CSSM_FreeList
CSSM_FreeModuleInfo
CSSM_FreeModuleInfo
CSSM_FreeModuleInfo
CSSM_GenerateAlgorithmParams
CSSM_GenerateAlgorithmParams
CSSM_GenerateKey
CSSM_GenerateKey
CSSM_GenerateKeyPair
CSSM_GenerateKeyPair
CSSM_GenerateMac
CSSM_GenerateMac
CSSM_GenerateMacFinal
CSSM_GenerateMacFinal
CSSM_GenerateMacInit
CSSM_GenerateMacInit
CSSM_GenerateMacUpdate
CSSM_GenerateMacUpdate
CSSM_GenerateRandom
CSSM_GenerateRandom
CSSM_GetAPIMemoryFunctions
CSSM_GetAPIMemoryFunctions
CSSM_GetContext
CSSM_GetContext
CSSM_GetContextAttribute
CSSM_GetContextAttribute
CSSM_GetError
CSSM_GetError
CSSM_GetError
CSSM_GetGUIDUsage
CSSM_GetGUIDUsage
CSSM_GetHandleInfo
CSSM_GetHandleInfo
CSSM_GetHandleUsage
CSSM_GetHandleUsage
CSSM_GetInfo
CSSM_GetInfo
CSSM_GetModuleGUIDFromHandle
CSSM_GetModuleGUIDFromHandle
CSSM_GetModuleInfo
CSSM_GetModuleInfo
CSSM_GetModuleInfo
CSSM_GetModuleManagerInfo
CSSM_GetModuleManagerInfo
CSSM_GetSubserviceUIDFromHandle
CSSM_GetSubserviceUIDFromHandle
CSSM_GUID
CSSM_GUID
CSSM_GUID
CSSM_GUID
CSSM_HANDLE
CSSM_HANDLE
CSSM_HANDLE
CSSM_HANDLEINFO
CSSM_HANDLEINFO
CSSM_HANDLEINFO
CSSM_HARDWARE_CSPSUBSERVICE_INFO
CSSM_HARDWARE_CSPSUBSERVICE_INFO
CSSM_HARDWARE_CSPSUBSERVICE_INFO
CSSM_HEADERVERSION
CSSM_HEADERVERSION
CSSM_HEADERVERSION
CSSM_HYBRID_CSPSUBSERVICE_INFO
CSSM_HYBRID_CSPSUBSERVICE_INFO
CSSM_HYBRID_CSPSUBSERVICE_INFO
CSSM_INFO_LEVEL
CSSM_INFO_LEVEL
CSSM_INFO_LEVEL
CSSM_Init
CSSM_Init
CSSM_InitError
CSSM_InitError
CSSM_IsCLError
CSSM_IsCLError
CSSM_IsCSPError
CSSM_IsCSPError
CSSM_IsCSSMError
CSSM_IsCSSMError
CSSM_IsDLError
CSSM_IsDLError
CSSM_IsTPError
CSSM_IsTPError
CSSM_KEY
CSSM_KEY
CSSM_KEY
CSSM_KEY_SIZE
CSSM_KEY_SIZE
CSSM_KEY_SIZE
CSSM_KEYHEADER
CSSM_KEYHEADER
CSSM_KEYHEADER
CSSM_KR_CreateRecoveryEnablementContext
CSSM_KR_CreateRecoveryEnablementContext
CSSM_KR_CreateRecoveryRegistrationContext
CSSM_KR_CreateRecoveryRegistrationContext
CSSM_KR_CreateRecoveryRequestContext
CSSM_KR_CreateRecoveryRequestContext
CSSM_KR_GenerateRecoveryFields
CSSM_KR_GenerateRecoveryFields
CSSM_KR_GetRecoveredObject
CSSM_KR_GetRecoveredObject
CSSM_KR_HANDLE
CSSM_KR_HANDLE
CSSM_KR_HANDLE
CSSM_KR_NAME
CSSM_KR_NAME
CSSM_KR_NAME
CSSM_KR_PassThrough
CSSM_KR_PassThrough
CSSM_KR_ProcessRecoveryFields
CSSM_KR_ProcessRecoveryFields
CSSM_KR_PROFILE
CSSM_KR_PROFILE
CSSM_KR_PROFILE
CSSM_KR_RecoveryRequest
CSSM_KR_RecoveryRequest
CSSM_KR_RecoveryRequestAbort
CSSM_KR_RecoveryRequestAbort
CSSM_KR_RecoveryRetrieve
CSSM_KR_RecoveryRetrieve
CSSM_KR_RegistrationRequest
CSSM_KR_RegistrationRequest
CSSM_KR_RegistrationRetrieve
CSSM_KR_RegistrationRetrieve
CSSM_KR_SetEnterpriseRecoveryPolicy
CSSM_KR_SetEnterpriseRecoveryPolicy
CSSM_KRINFO
CSSM_KRINFO
CSSM_KRINFO
CSSM_KRPolicyInfo
CSSM_KRPolicyInfo
CSSM_KRSUBSERVICE
CSSM_KRSUBSERVICE
CSSM_KRSUBSERVICE
CSSM_LIST
CSSM_LIST
CSSM_LIST_ITEM
CSSM_LIST_ITEM
CSSM_ListAttachedModuleManagers
CSSM_ListAttachedModuleManagers
CSSM_ListModules
CSSM_ListModules
CSSM_Load
CSSM_Load
CSSM_MANAGER_EVENT_TYPES
CSSM_MANAGER_EVENT_TYPES
CSSM_MANAGER_REGISTRATION_INFO
CSSM_MANAGER_REGISTRATION_INFO
CSSM_MANGER_EVENT_NOTIFICATION
CSSM_MANGER_EVENT_NOTIFICATION
CSSM_MEMORY_FUNCS
CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS
CSSM_MEMORY_FUNCS
CSSM_MEMORY_FUNCS/CSSM_API_MEMORY_FUNCS
CSSM_MEMORY_FUNCS/CSSM_API_MEMORY_FUNCS
CSSM_MODULE_FLAGS
CSSM_MODULE_FLAGS
CSSM_MODULE_FLAGS
CSSM_MODULE_FUNCS
CSSM_MODULE_FUNCS
CSSM_MODULE_FUNCS
CSSM_MODULE_HANDLE
CSSM_MODULE_HANDLE
CSSM_MODULE_HANDLE
CSSM_MODULE_HANDLE
CSSM_MODULE_INFO
CSSM_MODULE_INFO
CSSM_MODULE_INFO
CSSM_MODULE_INFO
CSSM_MODULE_MANAGER_INFO
CSSM_MODULE_MANAGER_INFO
CSSM_ModuleAttach
CSSM_ModuleAttach
CSSM_ModuleAttach
CSSM_ModuleDetach
CSSM_ModuleDetach
CSSM_ModuleDetach
CSSM_ModuleInstall
CSSM_ModuleInstall
CSSM_ModuleInstall
CSSM_ModuleManagerInstall
CSSM_ModuleManagerInstall
CSSM_ModuleManagerUninstall
CSSM_ModuleManagerUninstall
CSSM_ModuleUninstall
CSSM_ModuleUninstall
CSSM_ModuleUninstall
CSSM_NAME_LIST
CSSM_NAME_LIST
CSSM_NAME_LIST
CSSM_NET_ADDRESS
CSSM_NET_ADDRESS
CSSM_NET_ADDRESS
CSSM_NET_ADDRESS_TYPE
CSSM_NET_ADDRESS_TYPE
CSSM_NET_ADDRESS_TYPE
CSSM_NET_PROTOCOL
CSSM_NET_PROTOCOL
CSSM_NET_PROTOCOL
CSSM_NOTIFY_CALLBACK
CSSM_NOTIFY_CALLBACK
CSSM_NOTIFY_CALLBACK
CSSM_NOTIFY_CALLBACK
CSSM_ObtainPrivateKeyFromPublicKey
CSSM_ObtainPrivateKeyFromPublicKey
CSSM_OID
CSSM_OID
CSSM_OID
CSSM_OID
CSSM_PADDING
CSSM_PADDING
CSSM_PADDING
CSSM_PRIV_FUNC_PTR
CSSM_PRIV_FUNC_PTR
CSSM_QUERY
CSSM_QUERY
CSSM_QUERY
CSSM_QUERY_FLAGS
CSSM_QUERY_FLAGS
CSSM_QUERY_FLAGS
CSSM_QUERY_LIMITS
CSSM_QUERY_LIMITS
CSSM_QUERY_LIMITS
CSSM_QUERY_SIZE_DATA
CSSM_QUERY_SIZE_DATA
CSSM_QUERY_SIZE_DATA
CSSM_QueryKeySizeInBits
CSSM_QueryKeySizeInBits
CSSM_QuerySize
CSSM_QuerySize
CSSM_RANGE
CSSM_RANGE
CSSM_RANGE
CSSM_RegisterManagerServices
CSSM_RegisterManagerServices
CSSM_RegisterServices
CSSM_RegisterServices
CSSM_REGISTRATION_INFO
CSSM_REGISTRATION_INFO
CSSM_RequestCssmExemption
CSSM_RequestCssmExemption
CSSM_RetrieveCounter
CSSM_RetrieveCounter
CSSM_RetrieveUniqueId
CSSM_RetrieveUniqueId
CSSM_RETURN
CSSM_RETURN
CSSM_RETURN
CSSM_RETURN
CSSM_REVOKE_REASON
CSSM_REVOKE_REASON
CSSM_REVOKE_REASON
CSSM_SELECTION_PREDICATE
CSSM_SELECTION_PREDICATE
CSSM_SELECTION_PREDICATE
CSSM_SERVICE_FLAGS
CSSM_SERVICE_FLAGS
CSSM_SERVICE_FLAGS
CSSM_SERVICE_INFO
CSSM_SERVICE_INFO
CSSM_SERVICE_INFO
CSSM_SERVICE_INFO
CSSM_SERVICE_MASK
CSSM_SERVICE_MASK
CSSM_SERVICE_MASK
CSSM_SERVICE_MASK
CSSM_SERVICE_TYPE
CSSM_SERVICE_TYPE
CSSM_SERVICE_TYPE
CSSM_SetContext
CSSM_SetContext
CSSM_SetError
CSSM_SetError
CSSM_SetError
CSSM_SetModuleInfo
CSSM_SetModuleInfo
CSSM_SetModuleInfo
CSSM_SignData
CSSM_SignData
CSSM_SignDataFinal
CSSM_SignDataFinal
CSSM_SignDataInit
CSSM_SignDataInit
CSSM_SignDataUpdate
CSSM_SignDataUpdate
CSSM_SOFTWARE_CSPSUBSERVICE_INFO
CSSM_SOFTWARE_CSPSUBSERVICE_INFO
CSSM_SOFTWARE_CSPSUBSERVICE_INFO
CSSM_SPI_MEMORY_FUNCS
CSSM_SPI_MEMORY_FUNCS
CSSM_SPI_TP_FUNCS
CSSM_SPI_TP_FUNCS
CSSM_STRING
CSSM_STRING
CSSM_STRING
CSSM_SUBSERVICE_UID
CSSM_SUBSERVICE_UID
CSSM_SUBSERVICE_UID
CSSM_TP_ACTION
CSSM_TP_ACTION
CSSM_TP_ApplyCrlToDb
CSSM_TP_ApplyCrlToDb
CSSM_TP_CertGroupConstruct
CSSM_TP_CertGroupConstruct
CSSM_TP_CertGroupPrune
CSSM_TP_CertGroupPrune
CSSM_TP_CertGroupVerify
CSSM_TP_CertGroupVerify
CSSM_TP_CertRequest
CSSM_TP_CertRequest
CSSM_TP_CertRetrieve
CSSM_TP_CertRetrieve
CSSM_TP_CertRevoke
CSSM_TP_CertRevoke
CSSM_TP_CertSign
CSSM_TP_CertSign
CSSM_TP_CrlSign
CSSM_TP_CrlSign
CSSM_TP_CrlVerify
CSSM_TP_CrlVerify
CSSM_TP_HANDLE
CSSM_TP_HANDLE
CSSM_TP_PassThrough
CSSM_TP_PassThrough
CSSM_TP_STOP_ON
CSSM_TP_STOP_ON
CSSM_TP_WRAPPEDPRODUCTINFO
CSSM_TP_WRAPPEDPRODUCTINFO
CSSM_TP_WRAPPEDPRODUCTINFO
CSSM_TPSUBSERVICE
CSSM_TPSUBSERVICE
CSSM_TPSUBSERVICE
CSSM_UnwrapKey
CSSM_UnwrapKey
CSSM_UpdateContextAttributes
CSSM_UpdateContextAttributes
CSSM_USER_AUTHENTICATION
CSSM_USER_AUTHENTICATION
CSSM_USER_AUTHENTICATION
CSSM_USER_AUTHENTICATION_MECHANISM
CSSM_USER_AUTHENTICATION_MECHANISM
CSSM_USER_AUTHENTICATION_MECHANISM
CSSM_VerifyComponents
CSSM_VerifyComponents
CSSM_VERIFYCONTEXT
CSSM_VERIFYCONTEXT
CSSM_VERIFYCONTEXT
CSSM_VerifyData
CSSM_VerifyData
CSSM_VerifyDataFinal
CSSM_VerifyDataFinal
CSSM_VerifyDataInit
CSSM_VerifyDataInit
CSSM_VerifyDataUpdate
CSSM_VerifyDataUpdate
CSSM_VerifyDevice
CSSM_VerifyDevice
CSSM_VerifyMac
CSSM_VerifyMac
CSSM_VerifyMacFinal
CSSM_VerifyMacFinal
CSSM_VerifyMacInit
CSSM_VerifyMacInit
CSSM_VerifyMacUpdate
CSSM_VerifyMacUpdate
CSSM_VERSION
CSSM_VERSION
CSSM_VERSION
CSSM_WRAP_KEY
CSSM_WRAP_KEY
CSSM_WRAP_KEY
CSSM_WrapKey
CSSM_WrapKey
cycle
Certificate Life Cycle
EISL Object Relationships and Life Cycle
Certificate Life Cycle
data
Common Data Security Architecture (CDSA)
Common Data Security Architecture
Data Storage Library Modules (DLs)
Data Storage Library Modules
Data Storage Library Registration
Data Storage Library API
Common Data Security Architecture
Data Structures for Core Services
Data Structures
Data Structures
Data Structures
Data Storage Library Services API
Data Storage Data Structures
Data Storage Functions
Data Record Operations
Data Structures
CSSM_API_MEMORY_FUNCS Data Structure
Key Recovery in the Common Data Security Architecture
Data Structures
Data Structures
Low-Level Data Structures Used in API Functions
Overview of the Common Data Security Architecture
Dynamic Sources with no Associated Data
Data Structures
Common Data Security Architecture
Data Structures
Data Structures
Data Structures
Data Structures
CSSM Data Storage Library Interface
Data Storage Library Overview
Data Storage Library Interface
Data Storage Library Operations
Data Store Operations
Data Record Operations
Data Storage Data Structures
Data Storage Library Operations
Data Store Operations
Data Record Operations
Key Recovery in the Common Data Security Architecture
Data Structures
Common Data Security Architecture (CDSA)
date
Certificate validity date
defining
Defining the Local, System-Wide Policy
definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Functionality Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Function Definitions
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
Definition
DeregisterDispatchTable
DeregisterDispatchTable
developer's
Application Developer's View of a Multi-Service Add-in Module
development
The Development of Product Standards
digest
Message digest
digital
Digital certificate
Digital signature
Directory-First
The META-INF Directory-First File-Based Signed Manifest Representation
dispatching
Dispatching Application Calls for Security Services
DL_Authenticate
DL_Authenticate
DL_DataAbortQuery
DL_DataAbortQuery
DL_DataDelete
DL_DataDelete
DL_DataGetFirst
DL_DataGetFirst
DL_DataGetFromUniqueRecordId
DL_DataGetFromUniqueRecordId
DL_DataGetNext
DL_DataGetNext
DL_DataInsert
DL_DataInsert
DL_DataModify
DL_DataModify
DL_DbClose
DL_DbClose
DL_DbCreate
DL_DbCreate
DL_DbDelete
DL_DbDelete
DL_DbExport
DL_DbExport
DL_DbGetRecordParsingFunctions
DL_DbGetRecordParsingFunctions
DL_DbImport
DL_DbImport
DL_DbOpen
DL_DbOpen
DL_DbSetRecordParsingFunctions
DL_DbSetRecordParsingFunctions
DL_FreeNameList
DL_FreeNameList
DL_FreeUniqueRecord
DL_FreeUniqueRecord
DL_GetDbNameFromHandle
DL_GetDbNameFromHandle
DL_GetDbNames
DL_GetDbNames
DL_PassThrough
DL_PassThrough
DLLMain
DLLMain
DLs
Data Storage Library Modules (DLs)
document
This Document
Referenced Documents
dublin
Dublin Core
dynamic
Transparent, Dynamic Attach
Dynamic Referent Objects with Verified Source
Dynamic Sources with no Associated Data
Transparent, Dynamic Attach
EISL
EISL Uses Other Standards or Specifications
EISL Object Relationships and Life Cycle
EISL Functions
elective
Elective Module Managers
CSSM Elective Module Manager
Overview of Elective Module Managers
Administration of Elective Module Managers
Installing an Elective Module Manager
Loading an Elective Module Manager
Elective Module Manager Entry Point
Elective Module Manager Operations
Elective Module Manager Functions
Managing Elective Module Managers
electronic
Secure Electronic Transaction (SET)
embedded
CDSA Embedded Integrity Services Library API
Why an Embedded Library?
Embedded or Nested Referent Objects
Signed Objects Whose Signature Blocks are Embedded
enablement
Key Recovery Enablement in CSSM
Key Recovery Enablement Operations
Key Recovery Enablement Operations
Key Recovery Enablement Operations
Key Recovery Enablement Operations
Key Recovery Enablement Operations
entry
Elective Module Manager Entry Point
Module Entry Point
environment
Integrity of the CSSM Environment
error
Error Handling Functions
Error Handling
Error Handling
Error-Handling
CSSM Error-Handling
establish
Services that Establish Pre-Conditions
establishing
Phase I. Establishing a Foothold: Self-Check
ESW
The ESW File-Archive-Based Signed Manifest Representation
evaluation
Evaluation of a Sequence of Events
event
Security-relevant event
EventNotify
EventNotify
EventNotifyManager
EventNotifyManager
events
Evaluation of a Sequence of Events
example
An Example Application Using Key Recovery APIs
Manifest Examples
Signing Information Examples
Install Example
Attach/Detach and AddInAuthenticate Example
exemptions
Application Exemptions
Built-In Policies and Application Exemptions
extending
Extending Trust
extensibility
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
extensions
Extensions to the Cryptographic Module Manager
CSSM_CONTEXT_ATTRIBUTE Extensions
Extensions to the JavaSoft/Netscape Specification
CSSM_CONTEXT_ATTRIBUTE Extensions
factor
CSP Form Factor
fields
Lifetime of Key Recovery Fields
Lifetime of Key Recovery Fields
file
PKWARE Archive File Format Specification
File-Archive-Based
The ESW File-Archive-Based Signed Manifest Representation
File-Based
File-Based Representation of Signed Manifests
The META-INF Directory-First File-Based Signed Manifest Representation
finding
Phase II. Finding our Friends: Bilateral Authentication
flagging
MAGIC-A Flagging Mechanism
foothold
Phase I. Establishing a Foothold: Self-Check
foreign
Foreign Language Support/Multiple Hash Values for a Referent
form
CSP Form Factor
format
Key Formats for Public Key-Based Algorithms
Format Specification
Format Specification
PKWARE Archive File Format Specification
Key Formats for Public Key-Based Algorithms
foundation
CSSM Integrity Services-The Foundation
friends
Phase II. Finding our Friends: Bilateral Authentication
frontmatter
Frontmatter
function
Module Manager Function Table Registration
Module Function Table Registration
Function Definitions
functionality
Functionality Definition
functions
Core Functions
Module Management Functions
Utility Functions
Miscellaneous Functions
Extensibility Functions
Group Functions
Extensibility Functions
Extensibility Functions
Data Storage Functions
Extensibility Functions
Error Handling Functions
Application Memory Functions
Extensibility Functions
Extensibility Functions
Low-Level Data Structures Used in API Functions
EISL Functions
Elective Module Manager Functions
Installation Functions
Information Functions
Registration Functions
Notification Functions
Add-In Module Interface Functions
Relevant CSSM API Functions
Extensibility Functions
Extensibility Functions
Module Management Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Extensibility Functions
Privileged Context Functions
Extensibility Functions
Extensibility Functions
general
General Module Management Services
Goals and General Approach
generators
Random number generators
global
Global Unique Identifiers (GUIDs)
Global Unique Identifiers (GUIDs)
glossary
Glossary
goals
Interoperability Goals
Goals and General Approach
Goals
good
Pretty Good Privacy (PGP)
group
The Open Group
Open Group Publications
Group Functions
GUIDs
Global Unique Identifiers (GUIDs)
Global Unique Identifiers (GUIDs)
handling
Error Handling Functions
Error Handling
Error Handling
hash
Foreign Language Support/Multiple Hash Values for a Referent
Hash algorithm
header
Manifest Header Specification
Signing Information Header
HTML
Signed Portion of an HTML Page
HTTP
Hypertext Transfer Protocol (HTTP)
hypertext
Hypertext Transfer Protocol (HTTP)
i
Phase I. Establishing a Foothold: Self-Check
identifiers
Global Unique Identifiers (GUIDs)
Global Unique Identifiers (GUIDs)
II
Phase II. Finding our Friends: Bilateral Authentication
III
Phase III. Secure Linkage Check
in
Key Recovery in the Common Data Security Architecture
Key Recovery Enablement in CSSM
Low-Level Data Structures Used in API Functions
Verifying Referents in the Manifest
Key Recovery in the Common Data Security Architecture
information
Ordering Information
Signer's Information
Signing Information Header
Signer's Information Sections
Signing Information Examples
Information Functions
initialization
Initialization and Cleanup
initialize
Initialize
Initialize
install
Install Example
CL Module Install
installation
Installation Functions
installing
Installing an Elective Module Manager
Installing an Add-In Module
integrity
Integrity Services
CSSM-Enforced Integrity Verification
Integrity of the CSSM Environment
CDSA Embedded Integrity Services Library API
Integrity Credentials
Integrity Core
Integrity Verification
Integrity Verification
CSSM Integrity Services-The Foundation
intended
Intended Audience
interaction
Application and Certificate Library Interaction
Application Interaction
CSSM Interaction
Module to Module Interaction
interface
Add-In Module Interface Functions
CSSM Cryptographic Service Provider Interface
Service Provider Interface
CSSM Trust Policy Interface
Trust Policy Interface
CSSM Certificate Library Interface
Certificate Library Interface
CSSM Data Storage Library Interface
Data Storage Library Interface
CSSM Key Recovery Interface
Key Recovery Service Provider Interface
interoperability
Interoperability Goals
ISL_CheckAddressWithinModule
ISL_CheckAddressWithinModule
ISL_CONST_DATA
ISL_CONST_DATA
ISL_ContinueVerification
ISL_ContinueVerification
ISL_CopyCertificateChain
ISL_CopyCertificateChain
ISL_CreateCertificateAttributeEnumerator
ISL_CreateCertificateAttributeEnumerator
ISL_CreateCertificateChain
ISL_CreateCertificateChain
ISL_CreateManifestSectionAttributeEnumerator
ISL_CreateManifestSectionAttributeEnumerator
ISL_CreateManifestSectionEnumerator
ISL_CreateManifestSectionEnumerator
ISL_CreateSignatureAttributeEnumerator
ISL_CreateSignatureAttributeEnumerator
ISL_CreateVerifiedSignatureRoot
ISL_CreateVerifiedSignatureRoot
ISL_CreateVerifiedSignatureRootWithCertificate
ISL_CreateVerifiedSignatureRootWithCertificate
ISL_DATA
ISL_DATA
ISL_FindCertificateAttribute
ISL_FindCertificateAttribute
ISL_FindManifestSection
ISL_FindManifestSection
ISL_FindManifestSectionAttribute
ISL_FindManifestSectionAttribute
ISL_FindRegistryAttribute
ISL_FindRegistryAttribute
ISL_FindSignatureAttribute
ISL_FindSignatureAttribute
ISL_GetCertficateChain
ISL_GetCertficateChain
ISL_GetLibHandle
ISL_GetLibHandle
ISL_GetManifestSignatureRoot
ISL_GetManifestSignatureRoot
ISL_GetModuleManifestSection
ISL_GetModuleManifestSection
ISL_GetNextCertificateAttribute
ISL_GetNextCertificateAttribute
ISL_GetNextManifestSection
ISL_GetNextManifestSection
ISL_GetNextManifestSectionAttribute
ISL_GetNextManifestSectionAttribute
ISL_GetNextSignatureAttribute
ISL_GetNextSignatureAttribute
ISL_GetReturnAddress
ISL_GetReturnAddress
ISL_LocateProcedureAddress
ISL_LocateProcedureAddress
ISL_RecycleCertificateAttributeEnumerator
ISL_RecycleCertificateAttributeEnumerator
ISL_RecycleCertificateChain
ISL_RecycleCertificateChain
ISL_RecycleManifestSectionAttributeEnumerator
ISL_RecycleManifestSectionAttributeEnumerator
ISL_RecycleManifestSectionEnumerator
ISL_RecycleManifestSectionEnumerator
ISL_RecycleSignatureAttributeEnumerator
ISL_RecycleSignatureAttributeEnumerator
ISL_RecycleVerifiedModuleCredentials
ISL_RecycleVerifiedModuleCredentials
ISL_RecycleVerifiedSignatureRoot
ISL_RecycleVerifiedSignatureRoot
ISL_SelfCheck
ISL_SelfCheck
ISL_VerifyAndLoadModule
ISL_VerifyAndLoadModule
ISL_VerifyAndLoadModuleAndCredentials
ISL_VerifyAndLoadModuleAndCredentials
ISL_VerifyData
ISL_VerifyData
ISL_VerifyLoadedModule
ISL_VerifyLoadedModule
ISL_VerifyLoadedModuleAndCredentials
ISL_VerifyLoadedModuleAndCredentials
issues
Versions and Issues of Specifications
issuing
Issuing an Add-In Module Product Certificate
iterator
Iterator Objects
JAVA
JAVA
JavaSoft/Netscape
Extensions to the JavaSoft/Netscape Specification
key
Key Formats for Public Key-Based Algorithms
CSSM Key Recovery API
Key Recovery Nomenclature
Key Recovery Types
Key Recovery Phases
Lifetime of Key Recovery Fields
Key Recovery Policy
Operational Scenarios for Key Recovery
Key Recovery in the Common Data Security Architecture
Key Recovery Enablement in CSSM
Key Recovery Module Manager
Key Recovery Profiles
Key Recovery Context
Key Recovery Policy
Key Recovery Enablement Operations
Key Recovery Registration and Request Operations
Key Recovery APIs
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
An Example Application Using Key Recovery APIs
Key Recovery Module Management Operations
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Key Formats for Public Key-Based Algorithms
CSSM Key Recovery Interface
Key Recovery Overview
Key Recovery Nomenclature
Key Recovery Types
Lifetime of Key Recovery Fields
Key Recovery Policy
Operational Scenarios for Key Recovery
Key Recovery in the Common Data Security Architecture
Key Recovery Service Provider Interface
Key Recovery Phases
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Private key
Public key
Secret key
Session key
Key-Based
Key Formats for Public Key-Based Algorithms
Key Formats for Public Key-Based Algorithms
KRSP_GenerateRecoveryFields
KRSP_GenerateRecoveryFields
KRSP_GetRecoveredObject
KRSP_GetRecoveredObject
KRSP_PassPrivFunc
KRSP_PassPrivFunc
KRSP_PassThrough
KRSP_PassThrough
KRSP_ProcessRecoveryFields
KRSP_ProcessRecoveryFields
KRSP_RecoveryRequest
KRSP_RecoveryRequest
KRSP_RecoveryRequestAbort
KRSP_RecoveryRequestAbort
KRSP_RecoveryRetrieve
KRSP_RecoveryRetrieve
KRSP_RegistrationRequest
KRSP_RegistrationRequest
KRSP_RegistrationRetrieve
KRSP_RegistrationRetrieve
language
Foreign Language Support/Multiple Hash Values for a Referent
layer
Common Security Services Manager Layer
Security Add-In Modules Layer
Secure Sockets Layer (SSL)
layered
Layered Security Services
leaf
Leaf Certificate
legacy
Legacy CSPs
library
Certificate Library Modules (CLs)
Data Storage Library Modules (DLs)
Multi-Service Library Module
Certificate Library Modules
Certificate Library API
Data Storage Library Modules
Data Storage Library Registration
Data Storage Library API
Certificate Library Services API
Application and Certificate Library Interaction
Data Storage Library Services API
CDSA Embedded Integrity Services Library API
Why an Embedded Library?
Using Library Services
CSSM Certificate Library Interface
Certificate Library Overview
Certificate Library Interface
CSSM Data Storage Library Interface
Data Storage Library Overview
Data Storage Library Interface
Data Storage Library Operations
Data Storage Library Operations
license
License Agreement
life
Certificate Life Cycle
EISL Object Relationships and Life Cycle
Certificate Life Cycle
lifetime
Lifetime of Key Recovery Fields
Lifetime of Key Recovery Fields
linkage
Phase III. Secure Linkage Check
Secure Linkage
Secure Linkage Services
list
Certificate Revocation List Operations
Certificate Revocation List Operations
Certificate Revocation List Operations
loading
Loading an Elective Module Manager
local
Defining the Local, System-Wide Policy
location
Location of Modules and Credentials
Resources that Transform Locations
locator
Locator Services
logon
Cryptographic Sessions and Logon
Cryptographic Sessions and Logon
Cryptographic Sessions and Logon
Low-Level
Low-Level Data Structures Used in API Functions
MAGIC-A
MAGIC-A Flagging Mechanism
management
General Module Management Services
Core Services for CSSM Management
Module Management Services
Memory Management Support
Module Management Functions
Module Management Operations
Key Recovery Module Management Operations
Memory Management Upcalls
Module Management Functions
manager
Common Security Services Manager Layer
Common Security Services Manager
Elective Module Managers
Registering Module Managers
State Sharing Among Module Managers
Basic Module Managers
Common Security Services Manager (CSSM)
Extensions to the Cryptographic Module Manager
Key Recovery Module Manager
CSSM Elective Module Manager
Overview of Elective Module Managers
Registering Module Managers
State Sharing Among Module Managers
Administration of Elective Module Managers
Module Manager Credentials
Installing an Elective Module Manager
Loading an Elective Module Manager
Elective Module Manager Entry Point
Module Manager Function Table Registration
Elective Module Manager Operations
Elective Module Manager Functions
Managing Elective Module Managers
Common Security Services Manager (CSSM)
managing
Managing Elective Module Managers
manifest
Manifest Section Object
Manifest Section Object Methods
CDSA Signed Manifest
The Manifest
Manifest Header Specification
Manifest Sections
Manifest Examples
Verifying the Manifest
Verifying Referents in the Manifest
File-Based Representation of Signed Manifests
The META-INF Directory-First File-Based Signed Manifest Representation
The ESW File-Archive-Based Signed Manifest Representation
Nested Manifests
Signed Manifests
Manifests-An
Signed Manifests-An Overview
Manifests-Examples
Signed Manifests-Examples
Manifests-Requirements
Signed Manifests-Requirements
Manifests-The
Signed Manifests-The Architecture
Manifests-Verifying
Signed Manifests-Verifying Signatures
manufacturing
Manufacturing an Add-In Module
Obtaining an Add-In Module Manufacturing Certificate
Manufacturing Add-In Modules
mechanism
MAGIC-A Flagging Mechanism
CDSA Mechanisms for Policy Compliance
CSSM Mechanisms Supporting Simple Policies
memory
Memory Management Support
Application Memory Functions
Memory Management Upcalls
message
Message digest
META-INF
The META-INF Directory-First File-Based Signed Manifest Representation
meta-information
Meta-information
metadata
Metadata
Ordering Metadata Values
Metadata
methods
Signature Root Methods
Certificate Chain Methods
Certificate Attribute Methods
Manifest Section Object Methods
MIME
Secure MIME (S/MIME)
miscellaneous
Miscellaneous Functions
model
The Threat Model
module
Multi-Service Library Module
General Module Management Services
Elective Module Managers
Registering Module Managers
State Sharing Among Module Managers
Basic Module Managers
Application Developer's View of a Multi-Service Add-in Module
Service Provider's View of a Multi-Service Add-in Module
Module Management Services
Module Management Functions
Extensions to the Cryptographic Module Manager
Key Recovery Module Manager
Module Management Operations
Key Recovery Module Management Operations
Verified Module Object
CSSM Elective Module Manager
Overview of Elective Module Managers
Registering Module Managers
State Sharing Among Module Managers
Administration of Elective Module Managers
Module Manager Credentials
Installing an Elective Module Manager
Loading an Elective Module Manager
Elective Module Manager Entry Point
Module Manager Function Table Registration
Elective Module Manager Operations
Elective Module Manager Functions
Managing Elective Module Managers
CSSM Add-In Module Structure and Administration
Add-In Module Structure
Add-In Module Usage
Module to Module Interaction
Add-In Module Structure
Module Administration Components
Add-In Module Administration
Manufacturing an Add-In Module
Obtaining an Add-In Module Manufacturing Certificate
Issuing an Add-In Module Product Certificate
Installing an Add-In Module
The Module Description
Attaching an Add-In Module
Module Entry Point
Module Function Table Registration
CL Module Install
Add-In Module Interface Functions
CDSA Add-In Module Overview
Module Management Functions
CDSA Add-In Module Overview
Trust Policy Module Operations
CSSM Add-In Module Overview
CDSA Add-In Module Overview
CDSA Add-In Module Overview
module's
A Module's Certificate Chain
Checking a Module's Credentials
Module-Defined
Module-Defined Usage Policies
Module-Defined Usage Policies
ModuleManagerAuthenticate
ModuleManagerAuthenticate
modules
Security Add-In Modules Layer
Trust Policy Modules (TPs)
Certificate Library Modules (CLs)
Data Storage Library Modules (DLs)
Cryptographic Service Provider Modules
Trust Policy Modules
Certificate Library Modules
Data Storage Library Modules
Multi-Service Modules
Companion Modules
Application-Authenticated Add-In Modules
Location of Modules and Credentials
Verification of Modules and their Credentials
Manufacturing Add-In Modules
Using Trust Policy Modules
Multi-Service
Multi-Service Library Module
Multi-Service Modules
Application Developer's View of a Multi-Service Add-in Module
Service Provider's View of a Multi-Service Add-in Module
multiple
Authenticating to Multiple CSSM Vendors
Name:Value
Core Set of Name:Value Pairs
nested
Embedded or Nested Referent Objects
Nested Manifests
no
Dynamic Sources with no Associated Data
nomenclature
Key Recovery Nomenclature
Key Recovery Nomenclature
nonce
Nonce
notification
Notification Functions
number
Random number generators
object
Object Pointers
Iterator Objects
Verified Signature Root Object
Verified Certificate Chain Object
Verified Certificate Object
Manifest Section Object
Verified Module Object
EISL Object Relationships and Life Cycle
Manifest Section Object Methods
Static Referent Objects
Dynamic Referent Objects with Verified Source
Embedded or Nested Referent Objects
Signed Objects Whose Signatures Serve to Carry the Object
Signed Objects Whose Signature Blocks are Embedded
obtaining
Obtaining an Add-In Module Manufacturing Certificate
open
The Open Group
Open Group Publications
operational
Operational Scenarios for Key Recovery
Operational Scenarios
Operational Scenarios for Key Recovery
operations
Cryptographic Context Operations
Cryptographic Operations
Trust Policy Operations
Operations on Certificates
Certificate Operations
Certificate Revocation List Operations
Data Record Operations
Key Recovery Enablement Operations
Key Recovery Registration and Request Operations
Module Management Operations
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Key Recovery Module Management Operations
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Elective Module Manager Operations
Cryptographic Operations
Cryptographic Operations
Trust Policy Module Operations
Trust Policy Operations
Certificate Operations
Certificate Revocation List Operations
Certificate Operations
Certificate Revocation List Operations
Categories of Operations
Data Storage Library Operations
Data Store Operations
Data Record Operations
Data Storage Library Operations
Data Store Operations
Data Record Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Privileged Context Operations
ordering
Ordering Information
Ordering Metadata Values
our
Phase II. Finding our Friends: Bilateral Authentication
overview
Architectural Overview
Overview
Overview
Overview
Overview
Overview
Overview
Overview
Signed Manifests-An Overview
Overview of the Common Data Security Architecture
Overview of Elective Module Managers
Overview
Overview of CDSA
CDSA Add-In Module Overview
Cryptographic Service Provider Overview
Overview
CDSA Add-In Module Overview
Trust Policy Overview
Overview
CSSM Add-In Module Overview
Certificate Library Overview
Overview
CDSA Add-In Module Overview
Data Storage Library Overview
Overview
CDSA Add-In Module Overview
Key Recovery Overview
Overview
owned
Owned certificate
page
Signed Portion of an HTML Page
pairs
Core Set of Name:Value Pairs
part
Part 1
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
PGP
Pretty Good Privacy (PGP)
phase
Phase I. Establishing a Foothold: Self-Check
Phase II. Finding our Friends: Bilateral Authentication
Phase III. Secure Linkage Check
phased
A Phased Approach
phases
Key Recovery Phases
Key Recovery Phases
PKWARE
PKWARE Archive File Format Specification
point
Elective Module Manager Entry Point
Module Entry Point
pointers
Object Pointers
policies
Module-Defined Usage Policies
Built-In Policies and Application Exemptions
Module-Defined Usage Policies
Screening Requests Based on Simple Policies
Simple Policies
CSSM Mechanisms Supporting Simple Policies
Screening Requests Based on Complex Policies
Complex Policies
policy
Trust Policy Modules (TPs)
Trust Policy Modules
Trust Policy Services API
Trust Policy Services API
Trust Policy Operations
Key Recovery Policy
Key Recovery Policy
CDSA Mechanisms for Policy Compliance
Specifying a System-Wide Policy
Defining the Local, System-Wide Policy
CSSM Trust Policy Interface
Trust Policy Overview
Using Trust Policy Modules
Trust Policy Interface
Trust Policy Services API
Trust Policy Module Operations
Trust Policy Operations
Key Recovery Policy
PolicyMaker
PolicyMaker
portion
Signed Portion of an HTML Page
Pre-Conditions
Services that Establish Pre-Conditions
preface
Preface
pretty
Pretty Good Privacy (PGP)
privacy
Pretty Good Privacy (PGP)
private
Private key
privileged
Privileged Context Functions
Privileged Context Operations
problem
Problem Statement
product
The Development of Product Standards
Issuing an Add-In Module Product Certificate
profiles
Key Recovery Profiles
protocol
Hypertext Transfer Protocol (HTTP)
provider
Cryptographic Service Provider Modules
Cryptographic Service Provider Registration
CSSM Cryptographic Service Provider Interface
Cryptographic Service Provider Overview
Service Provider Interface
Key Recovery Service Provider Interface
provider's
Service Provider's View of a Multi-Service Add-in Module
providers
Cryptographic Service Providers (CSPs)
Cryptographic Service Providers (CSPs)
public
Key Formats for Public Key-Based Algorithms
Key Formats for Public Key-Based Algorithms
Public key
publications
Open Group Publications
quote
Stock Quote Service
random
Random number generators
record
Data Record Operations
Data Record Operations
Data Record Operations
recovery
CSSM Key Recovery API
Key Recovery Nomenclature
Key Recovery Types
Key Recovery Phases
Lifetime of Key Recovery Fields
Key Recovery Policy
Operational Scenarios for Key Recovery
Key Recovery in the Common Data Security Architecture
Key Recovery Enablement in CSSM
Key Recovery Module Manager
Key Recovery Profiles
Key Recovery Context
Key Recovery Policy
Key Recovery Enablement Operations
Key Recovery Registration and Request Operations
Key Recovery APIs
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
An Example Application Using Key Recovery APIs
Key Recovery Module Management Operations
Key Recovery Context Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
CSSM Key Recovery Interface
Key Recovery Overview
Key Recovery Nomenclature
Key Recovery Types
Lifetime of Key Recovery Fields
Key Recovery Policy
Operational Scenarios for Key Recovery
Key Recovery in the Common Data Security Architecture
Key Recovery Service Provider Interface
Key Recovery Phases
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
Key Recovery Registration Operations
Key Recovery Enablement Operations
Key Recovery Request Operations
referenced
Referenced Documents
referent
Verifying Referents in the Manifest
Static Referent Objects
Dynamic Referent Objects with Verified Source
Embedded or Nested Referent Objects
Foreign Language Support/Multiple Hash Values for a Referent
RegisterDispatchTable
RegisterDispatchTable
registering
Registering Module Managers
Registering Module Managers
registration
Cryptographic Service Provider Registration
Data Storage Library Registration
Key Recovery Registration and Request Operations
Key Recovery Registration Operations
Key Recovery Registration Operations
Module Manager Function Table Registration
Registration Functions
Module Function Table Registration
Key Recovery Registration Operations
Key Recovery Registration Operations
relationships
EISL Object Relationships and Life Cycle
relevant
Relevant CSSM API Functions
representation
File-Based Representation of Signed Manifests
The META-INF Directory-First File-Based Signed Manifest Representation
The ESW File-Archive-Based Signed Manifest Representation
Representation Constraints
request
Key Recovery Registration and Request Operations
Key Recovery Request Operations
Key Recovery Request Operations
Screening Requests Based on Simple Policies
Screening Requests Based on Complex Policies
Key Recovery Request Operations
Key Recovery Request Operations
requirements
Requirements
Requirements
resources
Resources that Transform Locations
revocation
Certificate Revocation List Operations
Certificate Revocation List Operations
Certificate Revocation List Operations
root
Verified Signature Root Object
Signature Root Methods
Root certificate
S/MIME
Secure MIME (S/MIME)
scenarios
Operational Scenarios for Key Recovery
Operational Scenarios
Operational Scenarios for Key Recovery
screening
Screening Requests Based on Simple Policies
Screening Requests Based on Complex Policies
secret
Secret key
section
Manifest Section Object
Manifest Section Object Methods
Manifest Sections
Signer's Information Sections
secure
Phase III. Secure Linkage Check
Secure Linkage
Secure Linkage Services
Secure Electronic Transaction (SET)
Secure MIME (S/MIME)
Secure Sockets Layer (SSL)
security
Common Data Security Architecture (CDSA)
Common Data Security Architecture
Layered Security Services
Common Security Services Manager Layer
Security Add-In Modules Layer
Common Security Services Manager
Dispatching Application Calls for Security Services
Security Context Services
System Security Services
Common Security Services Manager (CSSM)
Common Data Security Architecture
Key Recovery in the Common Data Security Architecture
Overview of the Common Data Security Architecture
Common Data Security Architecture
Security Services
Key Recovery in the Common Data Security Architecture
Common Data Security Architecture (CDSA)
Common Security Services Manager (CSSM)
Security Context
security-relevant
Security-relevant event
Self-Check
Phase I. Establishing a Foothold: Self-Check
sequence
Evaluation of a Sequence of Events
serve
Signed Objects Whose Signatures Serve to Carry the Object
service
Layered Security Services
Common Security Services Manager Layer
Cryptographic Service Providers (CSPs)
Common Security Services Manager
General Module Management Services
Dispatching Application Calls for Security Services
Integrity Services
Security Context Services
Cryptographic Service Provider Modules
Cryptographic Service Provider Registration
Cryptographic Services API
Additional CSP Services
Trust Policy Services API
Service Provider's View of a Multi-Service Add-in Module
System Security Services
Common Security Services Manager (CSSM)
Core Services API
Core Services for CSSM Management
Module Management Services
Data Structures for Core Services
Cryptographic Services API
Trust Policy Services API
Certificate Library Services API
Data Storage Library Services API
CDSA Embedded Integrity Services Library API
Using Library Services
Locator Services
Credential and Attribute Verification Services
Secure Linkage Services
Stock Quote Service
Security Services
Services that Establish Pre-Conditions
CSSM Cryptographic Service Provider Interface
Cryptographic Service Provider Overview
Service Provider Interface
Trust Policy Services API
Key Recovery Service Provider Interface
Cryptographic Service Providers (CSPs)
Common Security Services Manager (CSSM)
Services-The
CSSM Integrity Services-The Foundation
session
Cryptographic Sessions and Logon
Cryptographic Sessions and Logon
Cryptographic Sessions and Logon
Session key
set
Core Set of Name:Value Pairs
Secure Electronic Transaction (SET)
sharing
State Sharing Among Module Managers
State Sharing Among Module Managers
signature
Verified Signature Root Object
Signature Root Methods
Signature Blocks
Signed Manifests-Verifying Signatures
Signed Objects Whose Signatures Serve to Carry the Object
Signed Objects Whose Signature Blocks are Embedded
Digital signature
Signature
Signature chain
signed
CDSA Signed Manifest
Signed Manifests-An Overview
Signed Manifests-Requirements
Signed Manifests-The Architecture
Signed Manifests-Verifying Signatures
File-Based Representation of Signed Manifests
The META-INF Directory-First File-Based Signed Manifest Representation
The ESW File-Archive-Based Signed Manifest Representation
Signed Manifests-Examples
Signed Objects Whose Signatures Serve to Carry the Object
Signed Objects Whose Signature Blocks are Embedded
Signed Portion of an HTML Page
Signed Manifests
signer's
Signer's Information
Signer's Information Sections
signing
Signing Information Header
Signing Information Examples
Certificate signing
simple
Screening Requests Based on Simple Policies
Simple Policies
CSSM Mechanisms Supporting Simple Policies
sockets
Secure Sockets Layer (SSL)
source
Dynamic Referent Objects with Verified Source
Dynamic Sources with no Associated Data
specification
Versions and Issues of Specifications
EISL Uses Other Standards or Specifications
Format Specification
Manifest Header Specification
Format Specification
Extensions to the JavaSoft/Netscape Specification
PKWARE Archive File Format Specification
specifying
Specifying a System-Wide Policy
SSL
Secure Sockets Layer (SSL)
standards
The Development of Product Standards
EISL Uses Other Standards or Specifications
state
State Sharing Among Module Managers
State Sharing Among Module Managers
statement
Problem Statement
static
Static Referent Objects
stock
Stock Quote Service
storage
Data Storage Library Modules (DLs)
Data Storage Library Modules
Data Storage Library Registration
Data Storage Library API
Data Storage Library Services API
Data Storage Data Structures
Data Storage Functions
CSSM Data Storage Library Interface
Data Storage Library Overview
Data Storage Library Interface
Data Storage Library Operations
Data Storage Data Structures
Data Storage Library Operations
store
Data Store Operations
Data Store Operations
structure
Data Structures for Core Services
Data Structures
Data Structures
Data Structures
Data Storage Data Structures
Data Structures
CSSM_API_MEMORY_FUNCS Data Structure
Data Structures
Data Structures
Low-Level Data Structures Used in API Functions
Data Structures
CSSM Add-In Module Structure and Administration
Add-In Module Structure
Add-In Module Structure
Data Structures
Data Structures
Data Structures
Data Structures
Data Storage Data Structures
Data Structures
support
Memory Management Support
Support/Multiple
Foreign Language Support/Multiple Hash Values for a Referent
supporting
CSSM Mechanisms Supporting Simple Policies
symmetric
Symmetric algorithms
system
System Security Services
System-Wide
Specifying a System-Wide Policy
Defining the Local, System-Wide Policy
table
Module Manager Function Table Registration
Module Function Table Registration
terminate
Terminate
Terminate
that
Resources that Transform Locations
Services that Establish Pre-Conditions
their
Verification of Modules and their Credentials
this
This Document
threat
The Threat Model
token
Token
TP_ApplyCrlToDb
TP_ApplyCrlToDb
TP_CertGroupConstruct
TP_CertGroupConstruct
TP_CertGroupPrune
TP_CertGroupPrune
TP_CertGroupVerify
TP_CertGroupVerify
TP_CertRequest
TP_CertRequest
TP_CertRetrieve
TP_CertRetrieve
TP_CertRevoke
TP_CertRevoke
TP_CertSign
TP_CertSign
TP_CrlSign
TP_CrlSign
TP_CrlVerify
TP_CrlVerify
TP_PassThrough
TP_PassThrough
TPs
Trust Policy Modules (TPs)
trademarks
Trademarks
transaction
Secure Electronic Transaction (SET)
transfer
Hypertext Transfer Protocol (HTTP)
transform
Resources that Transform Locations
transparent
Transparent, Dynamic Attach
Transparent, Dynamic Attach
trust
Trust Policy Modules (TPs)
Trust Policy Modules
Trust Policy Services API
Trust Policy Services API
Trust Policy Operations
Extending Trust
CSSM Trust Policy Interface
Trust Policy Overview
Using Trust Policy Modules
Trust Policy Interface
Trust Policy Services API
Trust Policy Module Operations
Trust Policy Operations
Web of trust
types
Key Recovery Types
Key Recovery Types
unique
Global Unique Identifiers (GUIDs)
Global Unique Identifiers (GUIDs)
upcalls
Memory Management Upcalls
usage
Module-Defined Usage Policies
Add-In Module Usage
Module-Defined Usage Policies
used
Low-Level Data Structures Used in API Functions
uses
EISL Uses Other Standards or Specifications
using
An Example Application Using Key Recovery APIs
Using Library Services
Using Trust Policy Modules
utility
Utility Functions
validity
Certificate validity date
values
Ordering Metadata Values
Foreign Language Support/Multiple Hash Values for a Referent
vendors
Authenticating to Multiple CSSM Vendors
verification
CSSM-Enforced Integrity Verification
Verification of Modules and their Credentials
Credential and Attribute Verification Services
Integrity Verification
Integrity Verification
Verification
verified
Verified Signature Root Object
Verified Certificate Chain Object
Verified Certificate Object
Verified Module Object
Dynamic Referent Objects with Verified Source
verifying
Verifying Components
Verifying the Manifest
Verifying Referents in the Manifest
versions
Versions and Issues of Specifications
view
Application Developer's View of a Multi-Service Add-in Module
Service Provider's View of a Multi-Service Add-in Module
web
Web of trust
whose
Signed Objects Whose Signatures Serve to Carry the Object
Signed Objects Whose Signature Blocks are Embedded
why
Why an Embedded Library?