*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> CL_CrlSign (3)              
Title
Content
Arch
Section
 

CL_CrlSign(3)

Contents


NAME    [Toc]    [Back]

       CL_CrlSign,  CSSM_CL_CrlSign,  CL_CrlSign  -  Sign  a  CRL
       (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI  CSSM_CL_CrlSign  (CSSM_CL_HANDLE
       CLHandle,   CSSM_CC_HANDLE   CCHandle,   const   CSSM_DATA
       *UnsignedCrl, const CSSM_FIELD *SignScope,  uint32  ScopeSize,
  CSSM_DATA_PTR  SignedCrl)  SPI: CSSM_RETURN CSSMCLI
       CL_CrlSign (CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle,
 const CSSM_DATA *UnsignedCrl, const CSSM_FIELD *SignScope,
 uint32 ScopeSize, CSSM_DATA_PTR SignedCrl)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The handle that describes the add-in  Certificate  Library
       module  used  to  perform  this function.  The handle that
       describes the context of this cryptographic operation.   A
       pointer  to  the CSSM_DATA structure containing the CRL to
       be signed.  A pointer to the CSSM_FIELD  array  containing
       the  tag/value  pairs  of  the fields to be signed. If the
       signing scope is  null,  the  Certificate  Library  module
       includes  a  default set of CRL fields in the signing process.
  The number of entries in the sign  scope  list.  If
       the  signing  scope is not specified, the input scope size
       must be zero.  A pointer to the CSSM_DATA  structure  containing
  the  signed CRL. The SignedCrl->Data is allocated
       by the service provider and must  be  deallocated  by  the
       application.

DESCRIPTION    [Toc]    [Back]

       This  function signs a CRL using the private key and signing
 algorithm specified in  the  CCHandle  parameter.  The
       result is a signed, encoded certificate revocation list in
       SignedCrl. The unsigned CRL  is  specified  in  the  input
       UnsignedCrl.  The  UnsignedCrl  is  constructed  using the
       CSSM_CL_CrlCreateTemplate(),       CSSM_CL_CrlSetFields(),
       CSSM_CL_CrlAddCert(),  and  CSSM_CL_CrlRemoveCert()  functions
 (for the CSSM API), or their CL SPI equivalents.

       The CCHandle must be context created  using  the  function
       CSSM_CSP_CreateSignatureContext()  (CSSM API), or CSP_CreateSignatureContext()
 (SPI). The context must specify  the
       Cryptographic  Services Provider module, the signing algorithm,
 and the signing key that must be  used  to  perform
       this   operation.   The  context  must  also  provide  the
       passphrase or a callback function to obtain the passphrase
       required to access and use the private key.

       The  fields  included in the signing operation are identified
 by the OIDs in the optional SignScope array.

       Once the CRL has been signed it cannot be  modified.  This
       means that entries cannot be added or removed from the CRL
       through  application  of   the   CSSM_CL_CrlAddCert()   or
       CSSM_CL_CrlRemoveCertCSSM_CL_CrlRemoveCert()  (or their CL
       SPI equivalent operations. A signed CRL can  be  verified,
       applied to a data store, and searched for values.

       The  memory for the SignedCrl->Data output is allocated by
       the service provider using the calling application's  memory
  management  routines. The application must deallocate
       the memory.

RETURN VALUE    [Toc]    [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors are described in the CDSA technical standard.   See
       CDSA_intro(3).    CSSMERR_CL_INVALID_CONTEXT_HANDLE   CSSMERR_CL_INVALID_CRL_POINTER
 CSSMERR_CL_UNKNOWN_FORMAT CSSMERR_CL_INVALID_FIELD_POINTER
  CSSMERR_CL_UNKNOWN_TAG CSSMERR_CL_INVALID_SCOPE
 CSSMERR_CL_SCOPE_NOT_SUPPORTED  CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
                      CSSMERR_CL_CRL_ALREADY_SIGNED


SEE ALSO    [Toc]    [Back]

      
      
       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       Functions:   CSSM_CL_CrlVerify(3),  CSSM_CL_CrlVerifyWithKey(3)

       Functions for the CLI SPI:

       CL_CrlVerify(3), CL_CrlVerifyWithKey(3)



                                                    CL_CrlSign(3)
[ Back ]
 Similar pages
Name OS Title
CL_CertSign Tru64 Sign a certificate (CDSA)
CSSM_CL_CertSign Tru64 Sign a certificate (CDSA)
CSSM_SignData Tru64 Sign all buffer data (CDSA)
CSP_SignData Tru64 Sign all buffer data (CDSA)
SignData Tru64 Sign all buffer data (CDSA)
CSSM_SignDataInit Tru64 Initialize the staged sign data (CDSA)
SignDataInit Tru64 Initialize the staged sign data (CDSA)
CSP_SignDataInit Tru64 Initialize the staged sign data (CDSA)
CSP_SignDataFinal Tru64 Complete the final stage of the sign data (CDSA)
CSSM_SignDataFinal Tru64 Complete the final stage of the sign data (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service