INDEX

INDEX

[??]

License Agreement

acknowledgements

Acknowledgements

Add-In

Security Add-In Modules Layer

Application Developer's View of a Multi-Service Add-in Module

Service Provider's View of a Multi-Service Add-in Module

Application-Authenticated Add-In Modules

CSSM Add-In Module Structure and Administration

Add-In Module Structure

Add-In Module Usage

Add-In Module Structure

Add-In Module Administration

Manufacturing an Add-In Module

Obtaining an Add-In Module Manufacturing Certificate

Issuing an Add-In Module Product Certificate

Manufacturing Add-In Modules

Installing an Add-In Module

Attaching an Add-In Module

Add-In Module Interface Functions

CDSA Add-In Module Overview

CDSA Add-In Module Overview

CSSM Add-In Module Overview

CDSA Add-In Module Overview

CDSA Add-In Module Overview

AddInAuthenticate

Attach/Detach and AddInAuthenticate Example

AddInAuthenticate

additional

Additional CSP Services

additions

CSSM_ATTRIBUTE_TYPE Additions

CSSM_ATTRIBUTE_TYPE Additions

administration

Administration of Elective Module Managers

CSSM Add-In Module Structure and Administration

Module Administration Components

Add-In Module Administration

agreement

License Agreement

algorithm

Key Formats for Public Key-Based Algorithms

Key Formats for Public Key-Based Algorithms

Asymmetric algorithms

Cryptographic algorithm

Hash algorithm

Symmetric algorithms

among

State Sharing Among Module Managers

State Sharing Among Module Managers

API

Cryptographic Services API

Trust Policy Services API

Certificate Library API

Data Storage Library API

Core Services API

Cryptographic Services API

Trust Policy Services API

Certificate Library Services API

Data Storage Library Services API

CSSM Key Recovery API

Key Recovery APIs

An Example Application Using Key Recovery APIs

CDSA Embedded Integrity Services Library API

Low-Level Data Structures Used in API Functions

Relevant CSSM API Functions

Trust Policy Services API

application

Dispatching Application Calls for Security Services

Application Developer's View of a Multi-Service Add-in Module

Application Exemptions

Application and Certificate Library Interaction

Application Memory Functions

An Example Application Using Key Recovery APIs

Built-In Policies and Application Exemptions

Application Interaction

Application-Authenticated

Application-Authenticated Add-In Modules

approach

A Phased Approach

Goals and General Approach

Assumptions and Architectural Approach

architectural

Architectural Assumptions

Architectural Overview

Assumptions and Architectural Approach

architecture

Common Data Security Architecture (CDSA)

Common Data Security Architecture

Common Data Security Architecture

Key Recovery in the Common Data Security Architecture

Overview of the Common Data Security Architecture

Signed Manifests-The Architecture

Common Data Security Architecture

Key Recovery in the Common Data Security Architecture

Common Data Security Architecture (CDSA)

archive

PKWARE Archive File Format Specification

are

Signed Objects Whose Signature Blocks are Embedded

associated

Dynamic Sources with no Associated Data

assumptions

Architectural Assumptions

Assumptions and Architectural Approach

asymmetric

Asymmetric algorithms

attach

Transparent, Dynamic Attach

Transparent, Dynamic Attach

Attach/Detach

Attach/Detach and AddInAuthenticate Example

attaching

Attaching an Add-In Module

attribute

Credential and Attribute Verification Services

Certificate Attribute Methods

audience

Intended Audience

authenticating

Authenticating to Multiple CSSM Vendors

authentication

Phase II. Finding our Friends: Bilateral Authentication

Bilateral Authentication

Bilateral Authentication

authority

Certification Authority (CA)

based

Screening Requests Based on Simple Policies

Screening Requests Based on Complex Policies

basic

Basic Module Managers

bilateral

Phase II. Finding our Friends: Bilateral Authentication

Bilateral Authentication

Bilateral Authentication

blocks

Signature Blocks

Signed Objects Whose Signature Blocks are Embedded

Built-In

Built-In Policies and Application Exemptions

CA

Certification Authority (CA)

calls

Dispatching Application Calls for Security Services

carry

Signed Objects Whose Signatures Serve to Carry the Object

categories

Categories of Operations

CDSA

Common Data Security Architecture (CDSA)

CDSA Embedded Integrity Services Library API

CDSA Signed Manifest

CDSA Mechanisms for Policy Compliance

Overview of CDSA

CDSA Add-In Module Overview

CDSA Add-In Module Overview

CDSA Add-In Module Overview

CDSA Add-In Module Overview

Common Data Security Architecture (CDSA)

certificate

Certificate Library Modules (CLs)

Certificate Library Modules

Certificate Library API

Certificate Library Services API

Certificate Life Cycle

Application and Certificate Library Interaction

Operations on Certificates

Certificate Operations

Certificate Revocation List Operations

Verified Certificate Chain Object

Verified Certificate Object

Certificate Chain Methods

Certificate Attribute Methods

Obtaining an Add-In Module Manufacturing Certificate

Issuing an Add-In Module Product Certificate

A Module's Certificate Chain

CSSM Certificate Library Interface

Certificate Library Overview

Certificate Life Cycle

Certificate Library Interface

Certificate Operations

Certificate Revocation List Operations

Certificate Operations

Certificate Revocation List Operations

Certificate

Certificate chain

Certificate signing

Certificate validity date

Digital certificate

Leaf Certificate

Owned certificate

Root certificate

certification

Certification Authority (CA)

chain

Verified Certificate Chain Object

Certificate Chain Methods

A Module's Certificate Chain

Certificate chain

Signature chain

check

Phase III. Secure Linkage Check

checkable

Creating Checkable Components

checking

Checking a Module's Credentials

CL

CL Module Install

CL_CertAbortQuery

CL_CertAbortQuery

CL_CertAbortRecovery

CL_CertAbortRecovery

CL_CertDescribeFormat

CL_CertDescribeFormat

CL_CertExport

CL_CertExport

CL_CertGetAllFields

CL_CertGetAllFields

CL_CertGetFirstFieldValue

CL_CertGetFirstFieldValue

CL_CertGetKeyInfo

CL_CertGetKeyInfo

CL_CertGetNextFieldValue

CL_CertGetNextFieldValue

CL_CertGroupFromVerifiedBundle

CL_CertGroupFromVerifiedBundle

CL_CertGroupToSignedBundle

CL_CertGroupToSignedBundle

CL_CertImport

CL_CertImport

CL_CertKeyRecover

CL_CertKeyRecover

CL_CertMultiSignRequest

CL_CertMultiSignRequest

CL_CertMultiSignRetrieve

CL_CertMultiSignRetrieve

CL_CertRecover

CL_CertRecover

CL_CertRecoveryRequest

CL_CertRecoveryRequest

CL_CertRecoveryRetrieve

CL_CertRecoveryRetrieve

CL_CertRequest

CL_CertRequest

CL_CertRetrieve

CL_CertRetrieve

CL_CertVerify

CL_CertVerify

CL_CrlAbortQuery

CL_CrlAbortQuery

CL_CrlAddCert

CL_CrlAddCert

CL_CrlCreateTemplate

CL_CrlCreateTemplate

CL_CrlDescribeFormat

CL_CrlDescribeFormat

CL_CrlGetFirstFieldValue

CL_CrlGetFirstFieldValue

CL_CrlGetNextFieldValue

CL_CrlGetNextFieldValue

CL_CrlRemoveCert

CL_CrlRemoveCert

CL_CrlRequest

CL_CrlRequest

CL_CrlRetrieve

CL_CrlRetrieve

CL_CrlSetFields

CL_CrlSetFields

CL_CrlSign

CL_CrlSign

CL_CrlVerify

CL_CrlVerify

CL_IsCertInCrl

CL_IsCertInCrl

CL_PassThrough

CL_PassThrough

CL_RegistrationFormRequest

CL_RegistrationFormRequest

CL_RegistrationFormSubmit

CL_RegistrationFormSubmit

cleanup

Initialization and Cleanup

CLs

Certificate Library Modules (CLs)

comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

common

Common Data Security Architecture (CDSA)

Common Data Security Architecture

Common Security Services Manager Layer

Common Security Services Manager

Common Security Services Manager (CSSM)

Common Data Security Architecture

Key Recovery in the Common Data Security Architecture

Overview of the Common Data Security Architecture

Common Data Security Architecture

Key Recovery in the Common Data Security Architecture

Common Data Security Architecture (CDSA)

Common Security Services Manager (CSSM)

companion

Companion Modules

complex

Screening Requests Based on Complex Policies

Complex Policies

compliance

CDSA Mechanisms for Policy Compliance

components

Creating Checkable Components

Verifying Components

Module Administration Components

constraints

Representation Constraints

context

Security Context Services

Cryptographic Context Operations

Key Recovery Context

Key Recovery Context Operations

Key Recovery Context Operations

Privileged Context Functions

Privileged Context Operations

Security Context

core

Core Services API

Core Services for CSSM Management

Data Structures for Core Services

Core Functions

Core Set of Name:Value Pairs

Integrity Core

Dublin Core

corrigenda

Corrigenda

creating

Creating Checkable Components

credential

Location of Modules and Credentials

Verification of Modules and their Credentials

Integrity Credentials

Credential and Attribute Verification Services

Module Manager Credentials

Checking a Module's Credentials

cryptographic

Cryptographic Service Providers (CSPs)

Cryptographic Service Provider Modules

Cryptographic Service Provider Registration

Cryptographic Services API

Cryptographic Services API

Cryptographic Context Operations

Cryptographic Sessions and Logon

Cryptographic Operations

Extensions to the Cryptographic Module Manager

CSSM Cryptographic Service Provider Interface

Cryptographic Service Provider Overview

Cryptographic Operations

Cryptographic Sessions and Logon

Cryptographic Operations

Cryptographic Sessions and Logon

Cryptographic Service Providers (CSPs)

Cryptographic algorithm

cryptoki

Cryptoki

CSP

CSP Form Factor

Additional CSP Services

CSP_ChangeLoginPassword

CSP_ChangeLoginPassword

CSP_DecryptData

CSP_DecryptData

CSP_DecryptDataFinal

CSP_DecryptDataFinal

CSP_DecryptDataInit

CSP_DecryptDataInit

CSP_DecryptDataUpdate

CSP_DecryptDataUpdate

CSP_DeriveKey

CSP_DeriveKey

CSP_DigestData

CSP_DigestData

CSP_DigestDataClone

CSP_DigestDataClone

CSP_DigestDataFinal

CSP_DigestDataFinal

CSP_DigestDataInit

CSP_DigestDataInit

CSP_DigestDataUpdate

CSP_DigestDataUpdate

CSP_EncryptData

CSP_EncryptData

CSP_EncryptDataFinal

CSP_EncryptDataFinal

CSP_EncryptDataInit

CSP_EncryptDataInit

CSP_EncryptDataUpdate

CSP_EncryptDataUpdate

CSP_EventNotify

CSP_EventNotify

CSP_FreeKey

CSP_FreeKey

CSP_GenerateAlgorithmParams

CSP_GenerateAlgorithmParams

CSP_GenerateKey

CSP_GenerateKey

CSP_GenerateKeyPair

CSP_GenerateKeyPair

CSP_GenerateMac

CSP_GenerateMac

CSP_GenerateMacFinal

CSP_GenerateMacFinal

CSP_GenerateMacInit

CSP_GenerateMacInit

CSP_GenerateMacUpdate

CSP_GenerateMacUpdate

CSP_GenerateRandom

CSP_GenerateRandom

CSP_GetCapabilities

CSP_GetCapabilities

CSP_Login

CSP_Login

CSP_Logout

CSP_Logout

CSP_ObtainPrivateKeyFromPublicKey

CSP_ObtainPrivateKeyFromPublicKey

CSP_PassThrough

CSP_PassThrough

CSP_QueryKeySizeInBits

CSP_QueryKeySizeInBits

CSP_QuerySize

CSP_QuerySize

CSP_SignData

CSP_SignData

CSP_SignDataFinal

CSP_SignDataFinal

CSP_SignDataInit

CSP_SignDataInit

CSP_SignDataUpdate

CSP_SignDataUpdate

CSP_UnwrapKey

CSP_UnwrapKey

CSP_VerifyData

CSP_VerifyData

CSP_VerifyDataFinal

CSP_VerifyDataFinal

CSP_VerifyDataInit

CSP_VerifyDataInit

CSP_VerifyDataUpdate

CSP_VerifyDataUpdate

CSP_VerifyMac

CSP_VerifyMac

CSP_VerifyMacFinal

CSP_VerifyMacFinal

CSP_VerifyMacInit

CSP_VerifyMacInit

CSP_VerifyMacUpdate

CSP_VerifyMacUpdate

CSP_WrapKey

CSP_WrapKey

CSPs

Cryptographic Service Providers (CSPs)

Legacy CSPs

Cryptographic Service Providers (CSPs)

CSSM

Common Security Services Manager (CSSM)

Core Services for CSSM Management

Integrity of the CSSM Environment

CSSM Error-Handling

CSSM Key Recovery API

Key Recovery Enablement in CSSM

CSSM Elective Module Manager

CSSM Add-In Module Structure and Administration

CSSM Interaction

Authenticating to Multiple CSSM Vendors

Relevant CSSM API Functions

CSSM Integrity Services-The Foundation

CSSM Mechanisms Supporting Simple Policies

CSSM Cryptographic Service Provider Interface

CSSM Trust Policy Interface

CSSM Certificate Library Interface

CSSM Add-In Module Overview

CSSM Data Storage Library Interface

CSSM Key Recovery Interface

Common Security Services Manager (CSSM)

CSSM-Enforced

CSSM-Enforced Integrity Verification

CSSM_ALL_SUBSERVICES

CSSM_ALL_SUBSERVICES

CSSM_ALL_SUBSERVICES

CSSM_API_MEMORY_FUNCS

CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS

CSSM_API_MEMORY_FUNCS Data Structure

CSSM_APP_KEYS

CSSM_APP_KEYS

CSSM_APP_SERVICE_FLAGS

CSSM_APP_SERVICE_FLAGS

CSSM_APP_SERVICE_INFO

CSSM_APP_SERVICE_INFO

CSSM_ATTRIBUTE_TYPE

CSSM_ATTRIBUTE_TYPE Additions

CSSM_ATTRIBUTE_TYPE Additions

CSSM_BOOL

CSSM_BOOL

CSSM_BOOL

CSSM_BOOL

CSSM_CA_SERVICES

CSSM_CA_SERVICES

CSSM_CA_SERVICES

CSSM_CALLBACK

CSSM_CALLBACK

CSSM_CALLBACK

CSSM_CALLBACK

CSSM_CC_HANDLE

CSSM_CC_HANDLE

CSSM_CERT_BUNDLE

CSSM_CERT_BUNDLE

CSSM_CERT_BUNDLE

CSSM_CERT_BUNDLE_ENCODING

CSSM_CERT_BUNDLE_ENCODING

CSSM_CERT_BUNDLE_ENCODING

CSSM_CERT_BUNDLE_HEADER

CSSM_CERT_BUNDLE_HEADER

CSSM_CERT_BUNDLE_HEADER

CSSM_CERT_BUNDLE_TYPE

CSSM_CERT_BUNDLE_TYPE

CSSM_CERT_BUNDLE_TYPE

CSSM_CERT_ENCODING

CSSM_CERT_ENCODING

CSSM_CERT_ENCODING

CSSM_CERT_LIST

CSSM_CERT_LIST

CSSM_CERT_LIST

CSSM_CERT_TYPE

CSSM_CERT_TYPE

CSSM_CERT_TYPE

CSSM_CERTGROUP

CSSM_CERTGROUP

CSSM_CERTGROUP

CSSM_CL_CA_CERT_CLASSINFO

CSSM_CL_CA_CERT_CLASSINFO

CSSM_CL_CA_CERT_CLASSINFO

CSSM_CL_CA_PRODUCTINFO

CSSM_CL_CA_PRODUCTINFO

CSSM_CL_CA_PRODUCTINFO

CSSM_CL_CertAbortQuery

CSSM_CL_CertAbortQuery

CSSM_CL_CertAbortRecovery

CSSM_CL_CertAbortRecovery

CSSM_CL_CertDescribeFormat

CSSM_CL_CertDescribeFormat

CSSM_CL_CertExport

CSSM_CL_CertExport

CSSM_CL_CertGetAllFields

CSSM_CL_CertGetAllFields

CSSM_CL_CertGetFirstFieldValue

CSSM_CL_CertGetFirstFieldValue

CSSM_CL_CertGetKeyInfo

CSSM_CL_CertGetKeyInfo

CSSM_CL_CertGetNextFieldValue

CSSM_CL_CertGetNextFieldValue

CSSM_CL_CertGroupFromVerifiedBundle

CSSM_CL_CertGroupFromVerifiedBundle

CSSM_CL_CertGroupToSignedBundle

CSSM_CL_CertGroupToSignedBundle

CSSM_CL_CertImport

CSSM_CL_CertImport

CSSM_CL_CertKeyRecover

CSSM_CL_CertKeyRecover

CSSM_CL_CertMultiSignRequest

CSSM_CL_CertMultiSignRequest

CSSM_CL_CertMultiSignRetrieve

CSSM_CL_CertMultiSignRetrieve

CSSM_CL_CertRecover

CSSM_CL_CertRecover

CSSM_CL_CertRecoveryRequest

CSSM_CL_CertRecoveryRequest

CSSM_CL_CertRecoveryRetrieve

CSSM_CL_CertRecoveryRetrieve

CSSM_CL_CertRequest

CSSM_CL_CertRequest

CSSM_CL_CertRetrieve

CSSM_CL_CertRetrieve

CSSM_CL_CertVerify

CSSM_CL_CertVerify

CSSM_CL_CrlAbortQuery

CSSM_CL_CrlAbortQuery

CSSM_CL_CrlAddCert

CSSM_CL_CrlAddCert

CSSM_CL_CrlCreateTemplate

CSSM_CL_CrlCreateTemplate

CSSM_CL_CrlDescribeFormat

CSSM_CL_CrlDescribeFormat

CSSM_CL_CrlGetFirstFieldValue

CSSM_CL_CrlGetFirstFieldValue

CSSM_CL_CrlGetNextFieldValue

CSSM_CL_CrlGetNextFieldValue

CSSM_CL_CrlRemoveCert

CSSM_CL_CrlRemoveCert

CSSM_CL_CrlRequest

CSSM_CL_CrlRequest

CSSM_CL_CrlRetrieve

CSSM_CL_CrlRetrieve

CSSM_CL_CrlSetFields

CSSM_CL_CrlSetFields

CSSM_CL_CrlSign

CSSM_CL_CrlSign

CSSM_CL_CrlVerify

CSSM_CL_CrlVerify

CSSM_CL_ENCODER_PRODUCTINFO

CSSM_CL_ENCODER_PRODUCTINFO

CSSM_CL_ENCODER_PRODUCTINFO

CSSM_CL_HANDLE

CSSM_CL_HANDLE

CSSM_CL_HANDLE

CSSM_CL_IsCertInCrl

CSSM_CL_IsCertInCrl

CSSM_CL_PassThrough

CSSM_CL_PassThrough

CSSM_CL_RegistrationFormRequest

CSSM_CL_RegistrationFormRequest

CSSM_CL_RegistrationFormSubmit

CSSM_CL_RegistrationFormSubmit

CSSM_CL_WRAPPEDPRODUCTINFO

CSSM_CL_WRAPPEDPRODUCTINFO

CSSM_CL_WRAPPEDPRODUCTINFO

CSSM_ClearError

CSSM_ClearError

CSSM_ClearError

CSSM_CLSUBSERVICE

CSSM_CLSUBSERVICE

CSSM_CLSUBSERVICE

CSSM_CompareGuids

CSSM_CompareGuids

CSSM_CONTEXT

CSSM_CONTEXT

CSSM_CONTEXT

CSSM_CONTEXT_ATTRIBUTE

CSSM_CONTEXT_ATTRIBUTE

CSSM_CONTEXT_ATTRIBUTE Extensions

CSSM_CONTEXT_ATTRIBUTE

CSSM_CONTEXT_ATTRIBUTE Extensions

CSSM_CRL_ENCODING

CSSM_CRL_ENCODING

CSSM_CRL_ENCODING

CSSM_CRL_ENCODING

CSSM_CRL_TYPE

CSSM_CRL_TYPE

CSSM_CRL_TYPE

CSSM_CRL_TYPE

CSSM_CRYPTO_DATA

CSSM_CRYPTO_DATA

CSSM_CRYPTO_DATA

CSSM_CRYPTO_DATA

CSSM_CSP_CAPABILITY

CSSM_CSP_CAPABILITY

CSSM_CSP_CAPABILITY

CSSM_CSP_ChangeLoginPassword

CSSM_CSP_ChangeLoginPassword

CSSM_CSP_CreateAsymmetricContext

CSSM_CSP_CreateAsymmetricContext

CSSM_CSP_CreateDeriveKeyContext

CSSM_CSP_CreateDeriveKeyContext

CSSM_CSP_CreateDigestContext

CSSM_CSP_CreateDigestContext

CSSM_CSP_CreateKeyGenContext

CSSM_CSP_CreateKeyGenContext

CSSM_CSP_CreateMacContext

CSSM_CSP_CreateMacContext

CSSM_CSP_CreatePassThroughContext

CSSM_CSP_CreatePassThroughContext

CSSM_CSP_CreateRandomGenContext

CSSM_CSP_CreateRandomGenContext

CSSM_CSP_CreateSignatureContext

CSSM_CSP_CreateSignatureContext

CSSM_CSP_CreateSymmetricContext

CSSM_CSP_CreateSymmetricContext

CSSM_CSP_FLAGS

CSSM_CSP_FLAGS

CSSM_CSP_FLAGS

CSSM_CSP_HANDLE

CSSM_CSP_HANDLE

CSSM_CSP_HANDLE

CSSM_CSP_Login

CSSM_CSP_Login

CSSM_CSP_Logout

CSSM_CSP_Logout

CSSM_CSP_PassThrough

CSSM_CSP_PassThrough

CSSM_CSP_SESSION_TYPE

CSSM_CSP_SESSION_TYPE

CSSM_CSP_SESSION_TYPE

CSSM_CSP_TYPE

CSSM_CSP_TYPE

CSSM_CSP_TYPE

CSSM_CSP_WRAPPEDPRODUCTINFO

CSSM_CSP_WRAPPEDPRODUCTINFO

CSSM_CSP_WRAPPEDPRODUCTINFO

CSSM_CSPSUBSERVICE

CSSM_CSPSUBSERVICE

CSSM_CSPSUBSERVICE

CSSM_CSSMINFO

CSSM_CSSMINFO

CSSM_DATA

CSSM_DATA

CSSM_DATA

CSSM_DATA

CSSM_DATA

CSSM_DATA

CSSM_DATE

CSSM_DATE

CSSM_DATE

CSSM_DB_ACCESS_TYPE

CSSM_DB_ACCESS_TYPE

CSSM_DB_ACCESS_TYPE

CSSM_DB_ATTRIBUTE_DATA

CSSM_DB_ATTRIBUTE_DATA

CSSM_DB_ATTRIBUTE_DATA

CSSM_DB_ATTRIBUTE_FORMAT

CSSM_DB_ATTRIBUTE_FORMAT

CSSM_DB_ATTRIBUTE_INFO

CSSM_DB_ATTRIBUTE_INFO

CSSM_DB_ATTRIBUTE_INFO

CSSM_DB_ATTRIBUTE_NAME_FORMAT

CSSM_DB_ATTRIBUTE_NAME_FORMAT

CSSM_DB_ATTRIBUTE_NAME_FORMAT

CSSM_DB_CERTRECORD_SEMANTICS

CSSM_DB_CERTRECORD_SEMANTICS

CSSM_DB_CERTRECORD_SEMANTICS

CSSM_DB_CONJUNCTIVE

CSSM_DB_CONJUNCTIVE

CSSM_DB_CONJUNCTIVE

CSSM_DB_DATASTORES_UNKNOWN

CSSM_DB_DATASTORES_UNKNOWN

CSSM_DB_DATASTORES_UNKNOWN

CSSM_DB_HANDLE

CSSM_DB_HANDLE

CSSM_DB_HANDLE

CSSM_DB_INDEX_INFO

CSSM_DB_INDEX_INFO

CSSM_DB_INDEX_INFO

CSSM_DB_INDEX_TYPE

CSSM_DB_INDEX_TYPE

CSSM_DB_INDEX_TYPE

CSSM_DB_INDEXED_DATA_LOCATION

CSSM_DB_INDEXED_DATA_LOCATION

CSSM_DB_INDEXED_DATA_LOCATION

CSSM_DB_OPERATOR

CSSM_DB_OPERATOR

CSSM_DB_OPERATOR

CSSM_DB_PARSING_MODULE_INFO

CSSM_DB_PARSING_MODULE_INFO

CSSM_DB_PARSING_MODULE_INFO

CSSM_DB_RECORD_ATTRIBUTE_DATA

CSSM_DB_RECORD_ATTRIBUTE_DATA

CSSM_DB_RECORD_ATTRIBUTE_DATA

CSSM_DB_RECORD_ATTRIBUTE_INFO

CSSM_DB_RECORD_ATTRIBUTE_INFO

CSSM_DB_RECORD_ATTRIBUTE_INFO

CSSM_DB_RECORD_INDEX_INFO

CSSM_DB_RECORD_INDEX_INFO

CSSM_DB_RECORD_INDEX_INFO

CSSM_DB_RECORD_PARSING_FNTABLE

CSSM_DB_RECORD_PARSING_FNTABLE

CSSM_DB_RECORD_PARSING_FNTABLE

CSSM_DB_RECORDTYPE

CSSM_DB_RECORDTYPE

CSSM_DB_RECORDTYPE

CSSM_DB_UNIQUE_RECORD

CSSM_DB_UNIQUE_RECORD

CSSM_DB_UNIQUE_RECORD

CSSM_DBINFO

CSSM_DBINFO

CSSM_DBINFO

CSSM_DecryptData

CSSM_DecryptData

CSSM_DecryptDataFinal

CSSM_DecryptDataFinal

CSSM_DecryptDataInit

CSSM_DecryptDataInit

CSSM_DecryptDataUpdate

CSSM_DecryptDataUpdate

CSSM_DeleteContext

CSSM_DeleteContext

CSSM_DeleteContextAttributes

CSSM_DeleteContextAttributes

CSSM_DeliverModuleManagerEvent

CSSM_DeliverModuleManagerEvent

CSSM_DeregisterManagerServices

CSSM_DeregisterManagerServices

CSSM_DeregisterServices

CSSM_DeregisterServices

CSSM_DeriveKey

CSSM_DeriveKey

CSSM_DestroyError

CSSM_DestroyError

CSSM_DigestData

CSSM_DigestData

CSSM_DigestDataClone

CSSM_DigestDataClone

CSSM_DigestDataFinal

CSSM_DigestDataFinal

CSSM_DigestDataInit

CSSM_DigestDataInit

CSSM_DigestDataUpdate

CSSM_DigestDataUpdate

CSSM_DL_Authenticate

CSSM_DL_Authenticate

CSSM_DL_DataAbortQuery

CSSM_DL_DataAbortQuery

CSSM_DL_DataDelete

CSSM_DL_DataDelete

CSSM_DL_DataGetFirst

CSSM_DL_DataGetFirst

CSSM_DL_DataGetFromUniqueRecordId

CSSM_DL_DataGetFromUniqueRecordId

CSSM_DL_DataGetNext

CSSM_DL_DataGetNext

CSSM_DL_DataInsert

CSSM_DL_DataInsert

CSSM_DL_DataModify

CSSM_DL_DataModify

CSSM_DL_DB_HANDLE

CSSM_DL_DB_HANDLE

CSSM_DL_DB_HANDLE

CSSM_DL_DB_HANDLE

CSSM_DL_DB_LIST

CSSM_DL_DB_LIST

CSSM_DL_DB_LIST

CSSM_DL_DB_LIST

CSSM_DL_DbClose

CSSM_DL_DbClose

CSSM_DL_DbCreate

CSSM_DL_DbCreate

CSSM_DL_DbDelete

CSSM_DL_DbDelete

CSSM_DL_DbExport

CSSM_DL_DbExport

CSSM_DL_DbGetRecordParsingFunctions

CSSM_DL_DbGetRecordParsingFunctions

CSSM_DL_DbImport

CSSM_DL_DbImport

CSSM_DL_DbOpen

CSSM_DL_DbOpen

CSSM_DL_DbSetRecordParsingFunctions

CSSM_DL_DbSetRecordParsingFunctions

CSSM_DL_FreeNameList

CSSM_DL_FreeNameList

CSSM_DL_FreeUniqueRecord

CSSM_DL_FreeUniqueRecord

CSSM_DL_GetDbNameFromHandle

CSSM_DL_GetDbNameFromHandle

CSSM_DL_GetDbNames

CSSM_DL_GetDbNames

CSSM_DL_HANDLE

CSSM_DL_HANDLE

CSSM_DL_HANDLE

CSSM_DL_PassThrough

CSSM_DL_PassThrough

CSSM_DL_PKCS11_ATTRIBUTES

CSSM_DL_PKCS11_ATTRIBUTES

CSSM_DL_PKCS11_ATTRIBUTES

CSSM_DL_WRAPPEDPRODUCT_INFO

CSSM_DL_WRAPPEDPRODUCT_INFO

CSSM_DL_WRAPPEDPRODUCT_INFO

CSSM_DLSUBSERVICE

CSSM_DLSUBSERVICE

CSSM_DLSUBSERVICE

CSSM_DLTYPE

CSSM_DLTYPE

CSSM_DLTYPE

CSSM_EncryptData

CSSM_EncryptData

CSSM_EncryptDataFinal

CSSM_EncryptDataFinal

CSSM_EncryptDataInit

CSSM_EncryptDataInit

CSSM_EncryptDataUpdate

CSSM_EncryptDataUpdate

CSSM_ESTIMATED_TIME_UNKNOWN

CSSM_ESTIMATED_TIME_UNKNOWN

CSSM_ESTIMATED_TIME_UNKNOWN

CSSM_EVENT_TYPE

CSSM_EVENT_TYPE

CSSM_EVENT_TYPE

CSSM_EVIDENCE_FORM

CSSM_EVIDENCE_FORM

CSSM_EVIDENCE_FORM

CSSM_EXEMPTION_MASK

CSSM_EXEMPTION_MASK

CSSM_EXEMPTION_MASK

CSSM_EXEMPTION_MASK

CSSM_FIELD

CSSM_FIELD

CSSM_FIELD

CSSM_FIELD

CSSM_Free

CSSM_Free

CSSM_FreeContext

CSSM_FreeContext

CSSM_FreeInfo

CSSM_FreeInfo

CSSM_FreeKey

CSSM_FreeKey

CSSM_FreeList

CSSM_FreeList

CSSM_FreeModuleInfo

CSSM_FreeModuleInfo

CSSM_FreeModuleInfo

CSSM_GenerateAlgorithmParams

CSSM_GenerateAlgorithmParams

CSSM_GenerateKey

CSSM_GenerateKey

CSSM_GenerateKeyPair

CSSM_GenerateKeyPair

CSSM_GenerateMac

CSSM_GenerateMac

CSSM_GenerateMacFinal

CSSM_GenerateMacFinal

CSSM_GenerateMacInit

CSSM_GenerateMacInit

CSSM_GenerateMacUpdate

CSSM_GenerateMacUpdate

CSSM_GenerateRandom

CSSM_GenerateRandom

CSSM_GetAPIMemoryFunctions

CSSM_GetAPIMemoryFunctions

CSSM_GetContext

CSSM_GetContext

CSSM_GetContextAttribute

CSSM_GetContextAttribute

CSSM_GetError

CSSM_GetError

CSSM_GetError

CSSM_GetGUIDUsage

CSSM_GetGUIDUsage

CSSM_GetHandleInfo

CSSM_GetHandleInfo

CSSM_GetHandleUsage

CSSM_GetHandleUsage

CSSM_GetInfo

CSSM_GetInfo

CSSM_GetModuleGUIDFromHandle

CSSM_GetModuleGUIDFromHandle

CSSM_GetModuleInfo

CSSM_GetModuleInfo

CSSM_GetModuleInfo

CSSM_GetModuleManagerInfo

CSSM_GetModuleManagerInfo

CSSM_GetSubserviceUIDFromHandle

CSSM_GetSubserviceUIDFromHandle

CSSM_GUID

CSSM_GUID

CSSM_GUID

CSSM_GUID

CSSM_HANDLE

CSSM_HANDLE

CSSM_HANDLE

CSSM_HANDLEINFO

CSSM_HANDLEINFO

CSSM_HANDLEINFO

CSSM_HARDWARE_CSPSUBSERVICE_INFO

CSSM_HARDWARE_CSPSUBSERVICE_INFO

CSSM_HARDWARE_CSPSUBSERVICE_INFO

CSSM_HEADERVERSION

CSSM_HEADERVERSION

CSSM_HEADERVERSION

CSSM_HYBRID_CSPSUBSERVICE_INFO

CSSM_HYBRID_CSPSUBSERVICE_INFO

CSSM_HYBRID_CSPSUBSERVICE_INFO

CSSM_INFO_LEVEL

CSSM_INFO_LEVEL

CSSM_INFO_LEVEL

CSSM_Init

CSSM_Init

CSSM_InitError

CSSM_InitError

CSSM_IsCLError

CSSM_IsCLError

CSSM_IsCSPError

CSSM_IsCSPError

CSSM_IsCSSMError

CSSM_IsCSSMError

CSSM_IsDLError

CSSM_IsDLError

CSSM_IsTPError

CSSM_IsTPError

CSSM_KEY

CSSM_KEY

CSSM_KEY

CSSM_KEY_SIZE

CSSM_KEY_SIZE

CSSM_KEY_SIZE

CSSM_KEYHEADER

CSSM_KEYHEADER

CSSM_KEYHEADER

CSSM_KR_CreateRecoveryEnablementContext

CSSM_KR_CreateRecoveryEnablementContext

CSSM_KR_CreateRecoveryRegistrationContext

CSSM_KR_CreateRecoveryRegistrationContext

CSSM_KR_CreateRecoveryRequestContext

CSSM_KR_CreateRecoveryRequestContext

CSSM_KR_GenerateRecoveryFields

CSSM_KR_GenerateRecoveryFields

CSSM_KR_GetRecoveredObject

CSSM_KR_GetRecoveredObject

CSSM_KR_HANDLE

CSSM_KR_HANDLE

CSSM_KR_HANDLE

CSSM_KR_NAME

CSSM_KR_NAME

CSSM_KR_NAME

CSSM_KR_PassThrough

CSSM_KR_PassThrough

CSSM_KR_ProcessRecoveryFields

CSSM_KR_ProcessRecoveryFields

CSSM_KR_PROFILE

CSSM_KR_PROFILE

CSSM_KR_PROFILE

CSSM_KR_RecoveryRequest

CSSM_KR_RecoveryRequest

CSSM_KR_RecoveryRequestAbort

CSSM_KR_RecoveryRequestAbort

CSSM_KR_RecoveryRetrieve

CSSM_KR_RecoveryRetrieve

CSSM_KR_RegistrationRequest

CSSM_KR_RegistrationRequest

CSSM_KR_RegistrationRetrieve

CSSM_KR_RegistrationRetrieve

CSSM_KR_SetEnterpriseRecoveryPolicy

CSSM_KR_SetEnterpriseRecoveryPolicy

CSSM_KRINFO

CSSM_KRINFO

CSSM_KRINFO

CSSM_KRPolicyInfo

CSSM_KRPolicyInfo

CSSM_KRSUBSERVICE

CSSM_KRSUBSERVICE

CSSM_KRSUBSERVICE

CSSM_LIST

CSSM_LIST

CSSM_LIST_ITEM

CSSM_LIST_ITEM

CSSM_ListAttachedModuleManagers

CSSM_ListAttachedModuleManagers

CSSM_ListModules

CSSM_ListModules

CSSM_Load

CSSM_Load

CSSM_MANAGER_EVENT_TYPES

CSSM_MANAGER_EVENT_TYPES

CSSM_MANAGER_REGISTRATION_INFO

CSSM_MANAGER_REGISTRATION_INFO

CSSM_MANGER_EVENT_NOTIFICATION

CSSM_MANGER_EVENT_NOTIFICATION

CSSM_MEMORY_FUNCS

CSSM_MEMORY_FUNCS and CSSM_API_MEMORY_FUNCS

CSSM_MEMORY_FUNCS

CSSM_MEMORY_FUNCS/CSSM_API_MEMORY_FUNCS

CSSM_MEMORY_FUNCS/CSSM_API_MEMORY_FUNCS

CSSM_MODULE_FLAGS

CSSM_MODULE_FLAGS

CSSM_MODULE_FLAGS

CSSM_MODULE_FUNCS

CSSM_MODULE_FUNCS

CSSM_MODULE_FUNCS

CSSM_MODULE_HANDLE

CSSM_MODULE_HANDLE

CSSM_MODULE_HANDLE

CSSM_MODULE_HANDLE

CSSM_MODULE_INFO

CSSM_MODULE_INFO

CSSM_MODULE_INFO

CSSM_MODULE_INFO

CSSM_MODULE_MANAGER_INFO

CSSM_MODULE_MANAGER_INFO

CSSM_ModuleAttach

CSSM_ModuleAttach

CSSM_ModuleAttach

CSSM_ModuleDetach

CSSM_ModuleDetach

CSSM_ModuleDetach

CSSM_ModuleInstall

CSSM_ModuleInstall

CSSM_ModuleInstall

CSSM_ModuleManagerInstall

CSSM_ModuleManagerInstall

CSSM_ModuleManagerUninstall

CSSM_ModuleManagerUninstall

CSSM_ModuleUninstall

CSSM_ModuleUninstall

CSSM_ModuleUninstall

CSSM_NAME_LIST

CSSM_NAME_LIST

CSSM_NAME_LIST

CSSM_NET_ADDRESS

CSSM_NET_ADDRESS

CSSM_NET_ADDRESS

CSSM_NET_ADDRESS_TYPE

CSSM_NET_ADDRESS_TYPE

CSSM_NET_ADDRESS_TYPE

CSSM_NET_PROTOCOL

CSSM_NET_PROTOCOL

CSSM_NET_PROTOCOL

CSSM_NOTIFY_CALLBACK

CSSM_NOTIFY_CALLBACK

CSSM_NOTIFY_CALLBACK

CSSM_NOTIFY_CALLBACK

CSSM_ObtainPrivateKeyFromPublicKey

CSSM_ObtainPrivateKeyFromPublicKey

CSSM_OID

CSSM_OID

CSSM_OID

CSSM_OID

CSSM_PADDING

CSSM_PADDING

CSSM_PADDING

CSSM_PRIV_FUNC_PTR

CSSM_PRIV_FUNC_PTR

CSSM_QUERY

CSSM_QUERY

CSSM_QUERY

CSSM_QUERY_FLAGS

CSSM_QUERY_FLAGS

CSSM_QUERY_FLAGS

CSSM_QUERY_LIMITS

CSSM_QUERY_LIMITS

CSSM_QUERY_LIMITS

CSSM_QUERY_SIZE_DATA

CSSM_QUERY_SIZE_DATA

CSSM_QUERY_SIZE_DATA

CSSM_QueryKeySizeInBits

CSSM_QueryKeySizeInBits

CSSM_QuerySize

CSSM_QuerySize

CSSM_RANGE

CSSM_RANGE

CSSM_RANGE

CSSM_RegisterManagerServices

CSSM_RegisterManagerServices

CSSM_RegisterServices

CSSM_RegisterServices

CSSM_REGISTRATION_INFO

CSSM_REGISTRATION_INFO

CSSM_RequestCssmExemption

CSSM_RequestCssmExemption

CSSM_RetrieveCounter

CSSM_RetrieveCounter

CSSM_RetrieveUniqueId

CSSM_RetrieveUniqueId

CSSM_RETURN

CSSM_RETURN

CSSM_RETURN

CSSM_RETURN

CSSM_REVOKE_REASON

CSSM_REVOKE_REASON

CSSM_REVOKE_REASON

CSSM_SELECTION_PREDICATE

CSSM_SELECTION_PREDICATE

CSSM_SELECTION_PREDICATE

CSSM_SERVICE_FLAGS

CSSM_SERVICE_FLAGS

CSSM_SERVICE_FLAGS

CSSM_SERVICE_INFO

CSSM_SERVICE_INFO

CSSM_SERVICE_INFO

CSSM_SERVICE_INFO

CSSM_SERVICE_MASK

CSSM_SERVICE_MASK

CSSM_SERVICE_MASK

CSSM_SERVICE_MASK

CSSM_SERVICE_TYPE

CSSM_SERVICE_TYPE

CSSM_SERVICE_TYPE

CSSM_SetContext

CSSM_SetContext

CSSM_SetError

CSSM_SetError

CSSM_SetError

CSSM_SetModuleInfo

CSSM_SetModuleInfo

CSSM_SetModuleInfo

CSSM_SignData

CSSM_SignData

CSSM_SignDataFinal

CSSM_SignDataFinal

CSSM_SignDataInit

CSSM_SignDataInit

CSSM_SignDataUpdate

CSSM_SignDataUpdate

CSSM_SOFTWARE_CSPSUBSERVICE_INFO

CSSM_SOFTWARE_CSPSUBSERVICE_INFO

CSSM_SOFTWARE_CSPSUBSERVICE_INFO

CSSM_SPI_MEMORY_FUNCS

CSSM_SPI_MEMORY_FUNCS

CSSM_SPI_TP_FUNCS

CSSM_SPI_TP_FUNCS

CSSM_STRING

CSSM_STRING

CSSM_STRING

CSSM_SUBSERVICE_UID

CSSM_SUBSERVICE_UID

CSSM_SUBSERVICE_UID

CSSM_TP_ACTION

CSSM_TP_ACTION

CSSM_TP_ApplyCrlToDb

CSSM_TP_ApplyCrlToDb

CSSM_TP_CertGroupConstruct

CSSM_TP_CertGroupConstruct

CSSM_TP_CertGroupPrune

CSSM_TP_CertGroupPrune

CSSM_TP_CertGroupVerify

CSSM_TP_CertGroupVerify

CSSM_TP_CertRequest

CSSM_TP_CertRequest

CSSM_TP_CertRetrieve

CSSM_TP_CertRetrieve

CSSM_TP_CertRevoke

CSSM_TP_CertRevoke

CSSM_TP_CertSign

CSSM_TP_CertSign

CSSM_TP_CrlSign

CSSM_TP_CrlSign

CSSM_TP_CrlVerify

CSSM_TP_CrlVerify

CSSM_TP_HANDLE

CSSM_TP_HANDLE

CSSM_TP_PassThrough

CSSM_TP_PassThrough

CSSM_TP_STOP_ON

CSSM_TP_STOP_ON

CSSM_TP_WRAPPEDPRODUCTINFO

CSSM_TP_WRAPPEDPRODUCTINFO

CSSM_TP_WRAPPEDPRODUCTINFO

CSSM_TPSUBSERVICE

CSSM_TPSUBSERVICE

CSSM_TPSUBSERVICE

CSSM_UnwrapKey

CSSM_UnwrapKey

CSSM_UpdateContextAttributes

CSSM_UpdateContextAttributes

CSSM_USER_AUTHENTICATION

CSSM_USER_AUTHENTICATION

CSSM_USER_AUTHENTICATION

CSSM_USER_AUTHENTICATION_MECHANISM

CSSM_USER_AUTHENTICATION_MECHANISM

CSSM_USER_AUTHENTICATION_MECHANISM

CSSM_VerifyComponents

CSSM_VerifyComponents

CSSM_VERIFYCONTEXT

CSSM_VERIFYCONTEXT

CSSM_VERIFYCONTEXT

CSSM_VerifyData

CSSM_VerifyData

CSSM_VerifyDataFinal

CSSM_VerifyDataFinal

CSSM_VerifyDataInit

CSSM_VerifyDataInit

CSSM_VerifyDataUpdate

CSSM_VerifyDataUpdate

CSSM_VerifyDevice

CSSM_VerifyDevice

CSSM_VerifyMac

CSSM_VerifyMac

CSSM_VerifyMacFinal

CSSM_VerifyMacFinal

CSSM_VerifyMacInit

CSSM_VerifyMacInit

CSSM_VerifyMacUpdate

CSSM_VerifyMacUpdate

CSSM_VERSION

CSSM_VERSION

CSSM_VERSION

CSSM_WRAP_KEY

CSSM_WRAP_KEY

CSSM_WRAP_KEY

CSSM_WrapKey

CSSM_WrapKey

cycle

Certificate Life Cycle

EISL Object Relationships and Life Cycle

Certificate Life Cycle

data

Common Data Security Architecture (CDSA)

Common Data Security Architecture

Data Storage Library Modules (DLs)

Data Storage Library Modules

Data Storage Library Registration

Data Storage Library API

Common Data Security Architecture

Data Structures for Core Services

Data Structures

Data Structures

Data Structures

Data Storage Library Services API

Data Storage Data Structures

Data Storage Functions

Data Record Operations

Data Structures

CSSM_API_MEMORY_FUNCS Data Structure

Key Recovery in the Common Data Security Architecture

Data Structures

Data Structures

Low-Level Data Structures Used in API Functions

Overview of the Common Data Security Architecture

Dynamic Sources with no Associated Data

Data Structures

Common Data Security Architecture

Data Structures

Data Structures

Data Structures

Data Structures

CSSM Data Storage Library Interface

Data Storage Library Overview

Data Storage Library Interface

Data Storage Library Operations

Data Store Operations

Data Record Operations

Data Storage Data Structures

Data Storage Library Operations

Data Store Operations

Data Record Operations

Key Recovery in the Common Data Security Architecture

Data Structures

Common Data Security Architecture (CDSA)

date

Certificate validity date

defining

Defining the Local, System-Wide Policy

definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Functionality Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Function Definitions

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

Definition

DeregisterDispatchTable

DeregisterDispatchTable

developer's

Application Developer's View of a Multi-Service Add-in Module

development

The Development of Product Standards

digest

Message digest

digital

Digital certificate

Digital signature

Directory-First

The META-INF Directory-First File-Based Signed Manifest Representation

dispatching

Dispatching Application Calls for Security Services

DL_Authenticate

DL_Authenticate

DL_DataAbortQuery

DL_DataAbortQuery

DL_DataDelete

DL_DataDelete

DL_DataGetFirst

DL_DataGetFirst

DL_DataGetFromUniqueRecordId

DL_DataGetFromUniqueRecordId

DL_DataGetNext

DL_DataGetNext

DL_DataInsert

DL_DataInsert

DL_DataModify

DL_DataModify

DL_DbClose

DL_DbClose

DL_DbCreate

DL_DbCreate

DL_DbDelete

DL_DbDelete

DL_DbExport

DL_DbExport

DL_DbGetRecordParsingFunctions

DL_DbGetRecordParsingFunctions

DL_DbImport

DL_DbImport

DL_DbOpen

DL_DbOpen

DL_DbSetRecordParsingFunctions

DL_DbSetRecordParsingFunctions

DL_FreeNameList

DL_FreeNameList

DL_FreeUniqueRecord

DL_FreeUniqueRecord

DL_GetDbNameFromHandle

DL_GetDbNameFromHandle

DL_GetDbNames

DL_GetDbNames

DL_PassThrough

DL_PassThrough

DLLMain

DLLMain

DLs

Data Storage Library Modules (DLs)

document

This Document

Referenced Documents

dublin

Dublin Core

dynamic

Transparent, Dynamic Attach

Dynamic Referent Objects with Verified Source

Dynamic Sources with no Associated Data

Transparent, Dynamic Attach

EISL

EISL Uses Other Standards or Specifications

EISL Object Relationships and Life Cycle

EISL Functions

elective

Elective Module Managers

CSSM Elective Module Manager

Overview of Elective Module Managers

Administration of Elective Module Managers

Installing an Elective Module Manager

Loading an Elective Module Manager

Elective Module Manager Entry Point

Elective Module Manager Operations

Elective Module Manager Functions

Managing Elective Module Managers

electronic

Secure Electronic Transaction (SET)

embedded

CDSA Embedded Integrity Services Library API

Why an Embedded Library?

Embedded or Nested Referent Objects

Signed Objects Whose Signature Blocks are Embedded

enablement

Key Recovery Enablement in CSSM

Key Recovery Enablement Operations

Key Recovery Enablement Operations

Key Recovery Enablement Operations

Key Recovery Enablement Operations

Key Recovery Enablement Operations

entry

Elective Module Manager Entry Point

Module Entry Point

environment

Integrity of the CSSM Environment

error

Error Handling Functions

Error Handling

Error Handling

Error-Handling

CSSM Error-Handling

establish

Services that Establish Pre-Conditions

establishing

Phase I. Establishing a Foothold: Self-Check

ESW

The ESW File-Archive-Based Signed Manifest Representation

evaluation

Evaluation of a Sequence of Events

event

Security-relevant event

EventNotify

EventNotify

EventNotifyManager

EventNotifyManager

events

Evaluation of a Sequence of Events

example

An Example Application Using Key Recovery APIs

Manifest Examples

Signing Information Examples

Install Example

Attach/Detach and AddInAuthenticate Example

exemptions

Application Exemptions

Built-In Policies and Application Exemptions

extending

Extending Trust

extensibility

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

extensions

Extensions to the Cryptographic Module Manager

CSSM_CONTEXT_ATTRIBUTE Extensions

Extensions to the JavaSoft/Netscape Specification

CSSM_CONTEXT_ATTRIBUTE Extensions

factor

CSP Form Factor

fields

Lifetime of Key Recovery Fields

Lifetime of Key Recovery Fields

file

PKWARE Archive File Format Specification

File-Archive-Based

The ESW File-Archive-Based Signed Manifest Representation

File-Based

File-Based Representation of Signed Manifests

The META-INF Directory-First File-Based Signed Manifest Representation

finding

Phase II. Finding our Friends: Bilateral Authentication

flagging

MAGIC-A Flagging Mechanism

foothold

Phase I. Establishing a Foothold: Self-Check

foreign

Foreign Language Support/Multiple Hash Values for a Referent

form

CSP Form Factor

format

Key Formats for Public Key-Based Algorithms

Format Specification

Format Specification

PKWARE Archive File Format Specification

Key Formats for Public Key-Based Algorithms

foundation

CSSM Integrity Services-The Foundation

friends

Phase II. Finding our Friends: Bilateral Authentication

frontmatter

Frontmatter

function

Module Manager Function Table Registration

Module Function Table Registration

Function Definitions

functionality

Functionality Definition

functions

Core Functions

Module Management Functions

Utility Functions

Miscellaneous Functions

Extensibility Functions

Group Functions

Extensibility Functions

Extensibility Functions

Data Storage Functions

Extensibility Functions

Error Handling Functions

Application Memory Functions

Extensibility Functions

Extensibility Functions

Low-Level Data Structures Used in API Functions

EISL Functions

Elective Module Manager Functions

Installation Functions

Information Functions

Registration Functions

Notification Functions

Add-In Module Interface Functions

Relevant CSSM API Functions

Extensibility Functions

Extensibility Functions

Module Management Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Extensibility Functions

Privileged Context Functions

Extensibility Functions

Extensibility Functions

general

General Module Management Services

Goals and General Approach

generators

Random number generators

global

Global Unique Identifiers (GUIDs)

Global Unique Identifiers (GUIDs)

glossary

Glossary

goals

Interoperability Goals

Goals and General Approach

Goals

good

Pretty Good Privacy (PGP)

group

The Open Group

Open Group Publications

Group Functions

GUIDs

Global Unique Identifiers (GUIDs)

Global Unique Identifiers (GUIDs)

handling

Error Handling Functions

Error Handling

Error Handling

hash

Foreign Language Support/Multiple Hash Values for a Referent

Hash algorithm

header

Manifest Header Specification

Signing Information Header

HTML

Signed Portion of an HTML Page

HTTP

Hypertext Transfer Protocol (HTTP)

hypertext

Hypertext Transfer Protocol (HTTP)

i

Phase I. Establishing a Foothold: Self-Check

identifiers

Global Unique Identifiers (GUIDs)

Global Unique Identifiers (GUIDs)

II

Phase II. Finding our Friends: Bilateral Authentication

III

Phase III. Secure Linkage Check

in

Key Recovery in the Common Data Security Architecture

Key Recovery Enablement in CSSM

Low-Level Data Structures Used in API Functions

Verifying Referents in the Manifest

Key Recovery in the Common Data Security Architecture

information

Ordering Information

Signer's Information

Signing Information Header

Signer's Information Sections

Signing Information Examples

Information Functions

initialization

Initialization and Cleanup

initialize

Initialize

Initialize

install

Install Example

CL Module Install

installation

Installation Functions

installing

Installing an Elective Module Manager

Installing an Add-In Module

integrity

Integrity Services

CSSM-Enforced Integrity Verification

Integrity of the CSSM Environment

CDSA Embedded Integrity Services Library API

Integrity Credentials

Integrity Core

Integrity Verification

Integrity Verification

CSSM Integrity Services-The Foundation

intended

Intended Audience

interaction

Application and Certificate Library Interaction

Application Interaction

CSSM Interaction

Module to Module Interaction

interface

Add-In Module Interface Functions

CSSM Cryptographic Service Provider Interface

Service Provider Interface

CSSM Trust Policy Interface

Trust Policy Interface

CSSM Certificate Library Interface

Certificate Library Interface

CSSM Data Storage Library Interface

Data Storage Library Interface

CSSM Key Recovery Interface

Key Recovery Service Provider Interface

interoperability

Interoperability Goals

ISL_CheckAddressWithinModule

ISL_CheckAddressWithinModule

ISL_CONST_DATA

ISL_CONST_DATA

ISL_ContinueVerification

ISL_ContinueVerification

ISL_CopyCertificateChain

ISL_CopyCertificateChain

ISL_CreateCertificateAttributeEnumerator

ISL_CreateCertificateAttributeEnumerator

ISL_CreateCertificateChain

ISL_CreateCertificateChain

ISL_CreateManifestSectionAttributeEnumerator

ISL_CreateManifestSectionAttributeEnumerator

ISL_CreateManifestSectionEnumerator

ISL_CreateManifestSectionEnumerator

ISL_CreateSignatureAttributeEnumerator

ISL_CreateSignatureAttributeEnumerator

ISL_CreateVerifiedSignatureRoot

ISL_CreateVerifiedSignatureRoot

ISL_CreateVerifiedSignatureRootWithCertificate

ISL_CreateVerifiedSignatureRootWithCertificate

ISL_DATA

ISL_DATA

ISL_FindCertificateAttribute

ISL_FindCertificateAttribute

ISL_FindManifestSection

ISL_FindManifestSection

ISL_FindManifestSectionAttribute

ISL_FindManifestSectionAttribute

ISL_FindRegistryAttribute

ISL_FindRegistryAttribute

ISL_FindSignatureAttribute

ISL_FindSignatureAttribute

ISL_GetCertficateChain

ISL_GetCertficateChain

ISL_GetLibHandle

ISL_GetLibHandle

ISL_GetManifestSignatureRoot

ISL_GetManifestSignatureRoot

ISL_GetModuleManifestSection

ISL_GetModuleManifestSection

ISL_GetNextCertificateAttribute

ISL_GetNextCertificateAttribute

ISL_GetNextManifestSection

ISL_GetNextManifestSection

ISL_GetNextManifestSectionAttribute

ISL_GetNextManifestSectionAttribute

ISL_GetNextSignatureAttribute

ISL_GetNextSignatureAttribute

ISL_GetReturnAddress

ISL_GetReturnAddress

ISL_LocateProcedureAddress

ISL_LocateProcedureAddress

ISL_RecycleCertificateAttributeEnumerator

ISL_RecycleCertificateAttributeEnumerator

ISL_RecycleCertificateChain

ISL_RecycleCertificateChain

ISL_RecycleManifestSectionAttributeEnumerator

ISL_RecycleManifestSectionAttributeEnumerator

ISL_RecycleManifestSectionEnumerator

ISL_RecycleManifestSectionEnumerator

ISL_RecycleSignatureAttributeEnumerator

ISL_RecycleSignatureAttributeEnumerator

ISL_RecycleVerifiedModuleCredentials

ISL_RecycleVerifiedModuleCredentials

ISL_RecycleVerifiedSignatureRoot

ISL_RecycleVerifiedSignatureRoot

ISL_SelfCheck

ISL_SelfCheck

ISL_VerifyAndLoadModule

ISL_VerifyAndLoadModule

ISL_VerifyAndLoadModuleAndCredentials

ISL_VerifyAndLoadModuleAndCredentials

ISL_VerifyData

ISL_VerifyData

ISL_VerifyLoadedModule

ISL_VerifyLoadedModule

ISL_VerifyLoadedModuleAndCredentials

ISL_VerifyLoadedModuleAndCredentials

issues

Versions and Issues of Specifications

issuing

Issuing an Add-In Module Product Certificate

iterator

Iterator Objects

JAVA

JAVA

JavaSoft/Netscape

Extensions to the JavaSoft/Netscape Specification

key

Key Formats for Public Key-Based Algorithms

CSSM Key Recovery API

Key Recovery Nomenclature

Key Recovery Types

Key Recovery Phases

Lifetime of Key Recovery Fields

Key Recovery Policy

Operational Scenarios for Key Recovery

Key Recovery in the Common Data Security Architecture

Key Recovery Enablement in CSSM

Key Recovery Module Manager

Key Recovery Profiles

Key Recovery Context

Key Recovery Policy

Key Recovery Enablement Operations

Key Recovery Registration and Request Operations

Key Recovery APIs

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

An Example Application Using Key Recovery APIs

Key Recovery Module Management Operations

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Key Formats for Public Key-Based Algorithms

CSSM Key Recovery Interface

Key Recovery Overview

Key Recovery Nomenclature

Key Recovery Types

Lifetime of Key Recovery Fields

Key Recovery Policy

Operational Scenarios for Key Recovery

Key Recovery in the Common Data Security Architecture

Key Recovery Service Provider Interface

Key Recovery Phases

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Private key

Public key

Secret key

Session key

Key-Based

Key Formats for Public Key-Based Algorithms

Key Formats for Public Key-Based Algorithms

KRSP_GenerateRecoveryFields

KRSP_GenerateRecoveryFields

KRSP_GetRecoveredObject

KRSP_GetRecoveredObject

KRSP_PassPrivFunc

KRSP_PassPrivFunc

KRSP_PassThrough

KRSP_PassThrough

KRSP_ProcessRecoveryFields

KRSP_ProcessRecoveryFields

KRSP_RecoveryRequest

KRSP_RecoveryRequest

KRSP_RecoveryRequestAbort

KRSP_RecoveryRequestAbort

KRSP_RecoveryRetrieve

KRSP_RecoveryRetrieve

KRSP_RegistrationRequest

KRSP_RegistrationRequest

KRSP_RegistrationRetrieve

KRSP_RegistrationRetrieve

language

Foreign Language Support/Multiple Hash Values for a Referent

layer

Common Security Services Manager Layer

Security Add-In Modules Layer

Secure Sockets Layer (SSL)

layered

Layered Security Services

leaf

Leaf Certificate

legacy

Legacy CSPs

library

Certificate Library Modules (CLs)

Data Storage Library Modules (DLs)

Multi-Service Library Module

Certificate Library Modules

Certificate Library API

Data Storage Library Modules

Data Storage Library Registration

Data Storage Library API

Certificate Library Services API

Application and Certificate Library Interaction

Data Storage Library Services API

CDSA Embedded Integrity Services Library API

Why an Embedded Library?

Using Library Services

CSSM Certificate Library Interface

Certificate Library Overview

Certificate Library Interface

CSSM Data Storage Library Interface

Data Storage Library Overview

Data Storage Library Interface

Data Storage Library Operations

Data Storage Library Operations

license

License Agreement

life

Certificate Life Cycle

EISL Object Relationships and Life Cycle

Certificate Life Cycle

lifetime

Lifetime of Key Recovery Fields

Lifetime of Key Recovery Fields

linkage

Phase III. Secure Linkage Check

Secure Linkage

Secure Linkage Services

list

Certificate Revocation List Operations

Certificate Revocation List Operations

Certificate Revocation List Operations

loading

Loading an Elective Module Manager

local

Defining the Local, System-Wide Policy

location

Location of Modules and Credentials

Resources that Transform Locations

locator

Locator Services

logon

Cryptographic Sessions and Logon

Cryptographic Sessions and Logon

Cryptographic Sessions and Logon

Low-Level

Low-Level Data Structures Used in API Functions

MAGIC-A

MAGIC-A Flagging Mechanism

management

General Module Management Services

Core Services for CSSM Management

Module Management Services

Memory Management Support

Module Management Functions

Module Management Operations

Key Recovery Module Management Operations

Memory Management Upcalls

Module Management Functions

manager

Common Security Services Manager Layer

Common Security Services Manager

Elective Module Managers

Registering Module Managers

State Sharing Among Module Managers

Basic Module Managers

Common Security Services Manager (CSSM)

Extensions to the Cryptographic Module Manager

Key Recovery Module Manager

CSSM Elective Module Manager

Overview of Elective Module Managers

Registering Module Managers

State Sharing Among Module Managers

Administration of Elective Module Managers

Module Manager Credentials

Installing an Elective Module Manager

Loading an Elective Module Manager

Elective Module Manager Entry Point

Module Manager Function Table Registration

Elective Module Manager Operations

Elective Module Manager Functions

Managing Elective Module Managers

Common Security Services Manager (CSSM)

managing

Managing Elective Module Managers

manifest

Manifest Section Object

Manifest Section Object Methods

CDSA Signed Manifest

The Manifest

Manifest Header Specification

Manifest Sections

Manifest Examples

Verifying the Manifest

Verifying Referents in the Manifest

File-Based Representation of Signed Manifests

The META-INF Directory-First File-Based Signed Manifest Representation

The ESW File-Archive-Based Signed Manifest Representation

Nested Manifests

Signed Manifests

Manifests-An

Signed Manifests-An Overview

Manifests-Examples

Signed Manifests-Examples

Manifests-Requirements

Signed Manifests-Requirements

Manifests-The

Signed Manifests-The Architecture

Manifests-Verifying

Signed Manifests-Verifying Signatures

manufacturing

Manufacturing an Add-In Module

Obtaining an Add-In Module Manufacturing Certificate

Manufacturing Add-In Modules

mechanism

MAGIC-A Flagging Mechanism

CDSA Mechanisms for Policy Compliance

CSSM Mechanisms Supporting Simple Policies

memory

Memory Management Support

Application Memory Functions

Memory Management Upcalls

message

Message digest

META-INF

The META-INF Directory-First File-Based Signed Manifest Representation

meta-information

Meta-information

metadata

Metadata

Ordering Metadata Values

Metadata

methods

Signature Root Methods

Certificate Chain Methods

Certificate Attribute Methods

Manifest Section Object Methods

MIME

Secure MIME (S/MIME)

miscellaneous

Miscellaneous Functions

model

The Threat Model

module

Multi-Service Library Module

General Module Management Services

Elective Module Managers

Registering Module Managers

State Sharing Among Module Managers

Basic Module Managers

Application Developer's View of a Multi-Service Add-in Module

Service Provider's View of a Multi-Service Add-in Module

Module Management Services

Module Management Functions

Extensions to the Cryptographic Module Manager

Key Recovery Module Manager

Module Management Operations

Key Recovery Module Management Operations

Verified Module Object

CSSM Elective Module Manager

Overview of Elective Module Managers

Registering Module Managers

State Sharing Among Module Managers

Administration of Elective Module Managers

Module Manager Credentials

Installing an Elective Module Manager

Loading an Elective Module Manager

Elective Module Manager Entry Point

Module Manager Function Table Registration

Elective Module Manager Operations

Elective Module Manager Functions

Managing Elective Module Managers

CSSM Add-In Module Structure and Administration

Add-In Module Structure

Add-In Module Usage

Module to Module Interaction

Add-In Module Structure

Module Administration Components

Add-In Module Administration

Manufacturing an Add-In Module

Obtaining an Add-In Module Manufacturing Certificate

Issuing an Add-In Module Product Certificate

Installing an Add-In Module

The Module Description

Attaching an Add-In Module

Module Entry Point

Module Function Table Registration

CL Module Install

Add-In Module Interface Functions

CDSA Add-In Module Overview

Module Management Functions

CDSA Add-In Module Overview

Trust Policy Module Operations

CSSM Add-In Module Overview

CDSA Add-In Module Overview

CDSA Add-In Module Overview

module's

A Module's Certificate Chain

Checking a Module's Credentials

Module-Defined

Module-Defined Usage Policies

Module-Defined Usage Policies

ModuleManagerAuthenticate

ModuleManagerAuthenticate

modules

Security Add-In Modules Layer

Trust Policy Modules (TPs)

Certificate Library Modules (CLs)

Data Storage Library Modules (DLs)

Cryptographic Service Provider Modules

Trust Policy Modules

Certificate Library Modules

Data Storage Library Modules

Multi-Service Modules

Companion Modules

Application-Authenticated Add-In Modules

Location of Modules and Credentials

Verification of Modules and their Credentials

Manufacturing Add-In Modules

Using Trust Policy Modules

Multi-Service

Multi-Service Library Module

Multi-Service Modules

Application Developer's View of a Multi-Service Add-in Module

Service Provider's View of a Multi-Service Add-in Module

multiple

Authenticating to Multiple CSSM Vendors

Name:Value

Core Set of Name:Value Pairs

nested

Embedded or Nested Referent Objects

Nested Manifests

no

Dynamic Sources with no Associated Data

nomenclature

Key Recovery Nomenclature

Key Recovery Nomenclature

nonce

Nonce

notification

Notification Functions

number

Random number generators

object

Object Pointers

Iterator Objects

Verified Signature Root Object

Verified Certificate Chain Object

Verified Certificate Object

Manifest Section Object

Verified Module Object

EISL Object Relationships and Life Cycle

Manifest Section Object Methods

Static Referent Objects

Dynamic Referent Objects with Verified Source

Embedded or Nested Referent Objects

Signed Objects Whose Signatures Serve to Carry the Object

Signed Objects Whose Signature Blocks are Embedded

obtaining

Obtaining an Add-In Module Manufacturing Certificate

open

The Open Group

Open Group Publications

operational

Operational Scenarios for Key Recovery

Operational Scenarios

Operational Scenarios for Key Recovery

operations

Cryptographic Context Operations

Cryptographic Operations

Trust Policy Operations

Operations on Certificates

Certificate Operations

Certificate Revocation List Operations

Data Record Operations

Key Recovery Enablement Operations

Key Recovery Registration and Request Operations

Module Management Operations

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Key Recovery Module Management Operations

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Elective Module Manager Operations

Cryptographic Operations

Cryptographic Operations

Trust Policy Module Operations

Trust Policy Operations

Certificate Operations

Certificate Revocation List Operations

Certificate Operations

Certificate Revocation List Operations

Categories of Operations

Data Storage Library Operations

Data Store Operations

Data Record Operations

Data Storage Library Operations

Data Store Operations

Data Record Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Privileged Context Operations

ordering

Ordering Information

Ordering Metadata Values

our

Phase II. Finding our Friends: Bilateral Authentication

overview

Architectural Overview

Overview

Overview

Overview

Overview

Overview

Overview

Overview

Signed Manifests-An Overview

Overview of the Common Data Security Architecture

Overview of Elective Module Managers

Overview

Overview of CDSA

CDSA Add-In Module Overview

Cryptographic Service Provider Overview

Overview

CDSA Add-In Module Overview

Trust Policy Overview

Overview

CSSM Add-In Module Overview

Certificate Library Overview

Overview

CDSA Add-In Module Overview

Data Storage Library Overview

Overview

CDSA Add-In Module Overview

Key Recovery Overview

Overview

owned

Owned certificate

page

Signed Portion of an HTML Page

pairs

Core Set of Name:Value Pairs

part

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

PGP

Pretty Good Privacy (PGP)

phase

Phase I. Establishing a Foothold: Self-Check

Phase II. Finding our Friends: Bilateral Authentication

Phase III. Secure Linkage Check

phased

A Phased Approach

phases

Key Recovery Phases

Key Recovery Phases

PKWARE

PKWARE Archive File Format Specification

point

Elective Module Manager Entry Point

Module Entry Point

pointers

Object Pointers

policies

Module-Defined Usage Policies

Built-In Policies and Application Exemptions

Module-Defined Usage Policies

Screening Requests Based on Simple Policies

Simple Policies

CSSM Mechanisms Supporting Simple Policies

Screening Requests Based on Complex Policies

Complex Policies

policy

Trust Policy Modules (TPs)

Trust Policy Modules

Trust Policy Services API

Trust Policy Services API

Trust Policy Operations

Key Recovery Policy

Key Recovery Policy

CDSA Mechanisms for Policy Compliance

Specifying a System-Wide Policy

Defining the Local, System-Wide Policy

CSSM Trust Policy Interface

Trust Policy Overview

Using Trust Policy Modules

Trust Policy Interface

Trust Policy Services API

Trust Policy Module Operations

Trust Policy Operations

Key Recovery Policy

PolicyMaker

PolicyMaker

portion

Signed Portion of an HTML Page

Pre-Conditions

Services that Establish Pre-Conditions

preface

Preface

pretty

Pretty Good Privacy (PGP)

privacy

Pretty Good Privacy (PGP)

private

Private key

privileged

Privileged Context Functions

Privileged Context Operations

problem

Problem Statement

product

The Development of Product Standards

Issuing an Add-In Module Product Certificate

profiles

Key Recovery Profiles

protocol

Hypertext Transfer Protocol (HTTP)

provider

Cryptographic Service Provider Modules

Cryptographic Service Provider Registration

CSSM Cryptographic Service Provider Interface

Cryptographic Service Provider Overview

Service Provider Interface

Key Recovery Service Provider Interface

provider's

Service Provider's View of a Multi-Service Add-in Module

providers

Cryptographic Service Providers (CSPs)

Cryptographic Service Providers (CSPs)

public

Key Formats for Public Key-Based Algorithms

Key Formats for Public Key-Based Algorithms

Public key

publications

Open Group Publications

quote

Stock Quote Service

random

Random number generators

record

Data Record Operations

Data Record Operations

Data Record Operations

recovery

CSSM Key Recovery API

Key Recovery Nomenclature

Key Recovery Types

Key Recovery Phases

Lifetime of Key Recovery Fields

Key Recovery Policy

Operational Scenarios for Key Recovery

Key Recovery in the Common Data Security Architecture

Key Recovery Enablement in CSSM

Key Recovery Module Manager

Key Recovery Profiles

Key Recovery Context

Key Recovery Policy

Key Recovery Enablement Operations

Key Recovery Registration and Request Operations

Key Recovery APIs

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

An Example Application Using Key Recovery APIs

Key Recovery Module Management Operations

Key Recovery Context Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

CSSM Key Recovery Interface

Key Recovery Overview

Key Recovery Nomenclature

Key Recovery Types

Lifetime of Key Recovery Fields

Key Recovery Policy

Operational Scenarios for Key Recovery

Key Recovery in the Common Data Security Architecture

Key Recovery Service Provider Interface

Key Recovery Phases

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

Key Recovery Registration Operations

Key Recovery Enablement Operations

Key Recovery Request Operations

referenced

Referenced Documents

referent

Verifying Referents in the Manifest

Static Referent Objects

Dynamic Referent Objects with Verified Source

Embedded or Nested Referent Objects

Foreign Language Support/Multiple Hash Values for a Referent

RegisterDispatchTable

RegisterDispatchTable

registering

Registering Module Managers

Registering Module Managers

registration

Cryptographic Service Provider Registration

Data Storage Library Registration

Key Recovery Registration and Request Operations

Key Recovery Registration Operations

Key Recovery Registration Operations

Module Manager Function Table Registration

Registration Functions

Module Function Table Registration

Key Recovery Registration Operations

Key Recovery Registration Operations

relationships

EISL Object Relationships and Life Cycle

relevant

Relevant CSSM API Functions

representation

File-Based Representation of Signed Manifests

The META-INF Directory-First File-Based Signed Manifest Representation

The ESW File-Archive-Based Signed Manifest Representation

Representation Constraints

request

Key Recovery Registration and Request Operations

Key Recovery Request Operations

Key Recovery Request Operations

Screening Requests Based on Simple Policies

Screening Requests Based on Complex Policies

Key Recovery Request Operations

Key Recovery Request Operations

requirements

Requirements

Requirements

resources

Resources that Transform Locations

revocation

Certificate Revocation List Operations

Certificate Revocation List Operations

Certificate Revocation List Operations

root

Verified Signature Root Object

Signature Root Methods

Root certificate

S/MIME

Secure MIME (S/MIME)

scenarios

Operational Scenarios for Key Recovery

Operational Scenarios

Operational Scenarios for Key Recovery

screening

Screening Requests Based on Simple Policies

Screening Requests Based on Complex Policies

secret

Secret key

section

Manifest Section Object

Manifest Section Object Methods

Manifest Sections

Signer's Information Sections

secure

Phase III. Secure Linkage Check

Secure Linkage

Secure Linkage Services

Secure Electronic Transaction (SET)

Secure MIME (S/MIME)

Secure Sockets Layer (SSL)

security

Common Data Security Architecture (CDSA)

Common Data Security Architecture

Layered Security Services

Common Security Services Manager Layer

Security Add-In Modules Layer

Common Security Services Manager

Dispatching Application Calls for Security Services

Security Context Services

System Security Services

Common Security Services Manager (CSSM)

Common Data Security Architecture

Key Recovery in the Common Data Security Architecture

Overview of the Common Data Security Architecture

Common Data Security Architecture

Security Services

Key Recovery in the Common Data Security Architecture

Common Data Security Architecture (CDSA)

Common Security Services Manager (CSSM)

Security Context

security-relevant

Security-relevant event

Self-Check

Phase I. Establishing a Foothold: Self-Check

sequence

Evaluation of a Sequence of Events

serve

Signed Objects Whose Signatures Serve to Carry the Object

service

Layered Security Services

Common Security Services Manager Layer

Cryptographic Service Providers (CSPs)

Common Security Services Manager

General Module Management Services

Dispatching Application Calls for Security Services

Integrity Services

Security Context Services

Cryptographic Service Provider Modules

Cryptographic Service Provider Registration

Cryptographic Services API

Additional CSP Services

Trust Policy Services API

Service Provider's View of a Multi-Service Add-in Module

System Security Services

Common Security Services Manager (CSSM)

Core Services API

Core Services for CSSM Management

Module Management Services

Data Structures for Core Services

Cryptographic Services API

Trust Policy Services API

Certificate Library Services API

Data Storage Library Services API

CDSA Embedded Integrity Services Library API

Using Library Services

Locator Services

Credential and Attribute Verification Services

Secure Linkage Services

Stock Quote Service

Security Services

Services that Establish Pre-Conditions

CSSM Cryptographic Service Provider Interface

Cryptographic Service Provider Overview

Service Provider Interface

Trust Policy Services API

Key Recovery Service Provider Interface

Cryptographic Service Providers (CSPs)

Common Security Services Manager (CSSM)

Services-The

CSSM Integrity Services-The Foundation

session

Cryptographic Sessions and Logon

Cryptographic Sessions and Logon

Cryptographic Sessions and Logon

Session key

set

Core Set of Name:Value Pairs

Secure Electronic Transaction (SET)

sharing

State Sharing Among Module Managers

State Sharing Among Module Managers

signature

Verified Signature Root Object

Signature Root Methods

Signature Blocks

Signed Manifests-Verifying Signatures

Signed Objects Whose Signatures Serve to Carry the Object

Signed Objects Whose Signature Blocks are Embedded

Digital signature

Signature

Signature chain

signed

CDSA Signed Manifest

Signed Manifests-An Overview

Signed Manifests-Requirements

Signed Manifests-The Architecture

Signed Manifests-Verifying Signatures

File-Based Representation of Signed Manifests

The META-INF Directory-First File-Based Signed Manifest Representation

The ESW File-Archive-Based Signed Manifest Representation

Signed Manifests-Examples

Signed Objects Whose Signatures Serve to Carry the Object

Signed Objects Whose Signature Blocks are Embedded

Signed Portion of an HTML Page

Signed Manifests

signer's

Signer's Information

Signer's Information Sections

signing

Signing Information Header

Signing Information Examples

Certificate signing

simple

Screening Requests Based on Simple Policies

Simple Policies

CSSM Mechanisms Supporting Simple Policies

sockets

Secure Sockets Layer (SSL)

source

Dynamic Referent Objects with Verified Source

Dynamic Sources with no Associated Data

specification

Versions and Issues of Specifications

EISL Uses Other Standards or Specifications

Format Specification

Manifest Header Specification

Format Specification

Extensions to the JavaSoft/Netscape Specification

PKWARE Archive File Format Specification

specifying

Specifying a System-Wide Policy

SSL

Secure Sockets Layer (SSL)

standards

The Development of Product Standards

EISL Uses Other Standards or Specifications

state

State Sharing Among Module Managers

State Sharing Among Module Managers

statement

Problem Statement

static

Static Referent Objects

stock

Stock Quote Service

storage

Data Storage Library Modules (DLs)

Data Storage Library Modules

Data Storage Library Registration

Data Storage Library API

Data Storage Library Services API

Data Storage Data Structures

Data Storage Functions

CSSM Data Storage Library Interface

Data Storage Library Overview

Data Storage Library Interface

Data Storage Library Operations

Data Storage Data Structures

Data Storage Library Operations

store

Data Store Operations

Data Store Operations

structure

Data Structures for Core Services

Data Structures

Data Structures

Data Structures

Data Storage Data Structures

Data Structures

CSSM_API_MEMORY_FUNCS Data Structure

Data Structures

Data Structures

Low-Level Data Structures Used in API Functions

Data Structures

CSSM Add-In Module Structure and Administration

Add-In Module Structure

Add-In Module Structure

Data Structures

Data Structures

Data Structures

Data Structures

Data Storage Data Structures

Data Structures

support

Memory Management Support

Support/Multiple

Foreign Language Support/Multiple Hash Values for a Referent

supporting

CSSM Mechanisms Supporting Simple Policies

symmetric

Symmetric algorithms

system

System Security Services

System-Wide

Specifying a System-Wide Policy

Defining the Local, System-Wide Policy

table

Module Manager Function Table Registration

Module Function Table Registration

terminate

Terminate

Terminate

that

Resources that Transform Locations

Services that Establish Pre-Conditions

their

Verification of Modules and their Credentials

this

This Document

threat

The Threat Model

token

Token

TP_ApplyCrlToDb

TP_ApplyCrlToDb

TP_CertGroupConstruct

TP_CertGroupConstruct

TP_CertGroupPrune

TP_CertGroupPrune

TP_CertGroupVerify

TP_CertGroupVerify

TP_CertRequest

TP_CertRequest

TP_CertRetrieve

TP_CertRetrieve

TP_CertRevoke

TP_CertRevoke

TP_CertSign

TP_CertSign

TP_CrlSign

TP_CrlSign

TP_CrlVerify

TP_CrlVerify

TP_PassThrough

TP_PassThrough

TPs

Trust Policy Modules (TPs)

trademarks

Trademarks

transaction

Secure Electronic Transaction (SET)

transfer

Hypertext Transfer Protocol (HTTP)

transform

Resources that Transform Locations

transparent

Transparent, Dynamic Attach

Transparent, Dynamic Attach

trust

Trust Policy Modules (TPs)

Trust Policy Modules

Trust Policy Services API

Trust Policy Services API

Trust Policy Operations

Extending Trust

CSSM Trust Policy Interface

Trust Policy Overview

Using Trust Policy Modules

Trust Policy Interface

Trust Policy Services API

Trust Policy Module Operations

Trust Policy Operations

Web of trust

types

Key Recovery Types

Key Recovery Types

unique

Global Unique Identifiers (GUIDs)

Global Unique Identifiers (GUIDs)

upcalls

Memory Management Upcalls

usage

Module-Defined Usage Policies

Add-In Module Usage

Module-Defined Usage Policies

used

Low-Level Data Structures Used in API Functions

uses

EISL Uses Other Standards or Specifications

using

An Example Application Using Key Recovery APIs

Using Library Services

Using Trust Policy Modules

utility

Utility Functions

validity

Certificate validity date

values

Ordering Metadata Values

Foreign Language Support/Multiple Hash Values for a Referent

vendors

Authenticating to Multiple CSSM Vendors

verification

CSSM-Enforced Integrity Verification

Verification of Modules and their Credentials

Credential and Attribute Verification Services

Integrity Verification

Integrity Verification

Verification

verified

Verified Signature Root Object

Verified Certificate Chain Object

Verified Certificate Object

Verified Module Object

Dynamic Referent Objects with Verified Source

verifying

Verifying Components

Verifying the Manifest

Verifying Referents in the Manifest

versions

Versions and Issues of Specifications

view

Application Developer's View of a Multi-Service Add-in Module

Service Provider's View of a Multi-Service Add-in Module

web

Web of trust

whose

Signed Objects Whose Signatures Serve to Carry the Object

Signed Objects Whose Signature Blocks are Embedded

why

Why an Embedded Library?