Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group




    const CSSM_DL_DB_LIST_PTR DBList,
    CSSM_DATA_PTR CertToBeSigned,
    const CSSM_CERTGROUP_PTR SignerCertGroup,
    const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext,
    const CSSM_FIELD_PTR SignScope,
    uint32 ScopeSize);


This functions co-signs or notorizes the certificate if the signer is authorized to perform the signing operation. The verification context provides the input parameters required to verify the signer's certificate. Once verified, the signer's private key is used to perform the operation, hence the passphrase associated with the signer's key must be provided. The SignScope is used to control the signing process.


TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module that can be used to manipulate the subject certificate and anchor certificates. If no certificate library module is specified, the TP module uses an assumed CL module, if required.

CCHandle (input/optional)

The handle that describes the cryptographic context for signing the certificate. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP, but the trust policy module may be unable to unlock the caller's private key without the caller's passphrase. If the trust policy module does not assume defaults or the default CSP, is not available on the local system an error occurs.

DBList (input/optional)

The structure is a list of data storage library handles and data store handles. These handles can be used to store or retrieve objects (such as certificate and CRLs) related to the signer's certificate and anchor certificates. If no data store is specified, the TP module uses an assumed data storage library module and one or more assumed data stores, if required.

CertToBeSigned (input)

A pointer to the CSSM_DATA structure containing the certificate to be co-signed.

SignerCertGroup (input)

A pointer to the CSSM_CERTGROUP containing a set of certificates of or related to the signer.

SignerVerifyContext (input)

A pointer to the CSSM_VERIFYCONTEXT structure containing a set of input and output parameters for the signature process. The input parameters describe how the verification process should be performed. Most of the input parameters are optional. If not specified, the TP module can use default values for unspecified inputs.

SignScope (input/optional)

A pointer to the CSSM_FIELD structures specifying OIDs for the certificate fields to be included in the signature. If no signing scope is specified, a default scope is assumed.

ScopeSize (input)

A count of the number of OIDs specified in the SignScope. If no scope is specified, this value must be zero.


A pointer to the CSSM_DATA containing the signed certificate. When NULL is returned, either the certificate template cannot be signed or an error has occurred. Use CSSM_GetError to obtain the error code.



Invalid handle.


Invalid handle.


Invalid handle.


Invalid handle.


Invalid certificate group structure.


Signer certificate can't sign subject.


Error in allocating memory.


Unable to verify signer's certificate.


CSSM_TP_CertVerify, CSSM_CL_CertRequest,

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index