CL_CertSign, CSSM_CL_CertSign - Sign a certificate (CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CertSign (CSSM_CL_HANDLE
CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_DATA *CertTemplate,
const CSSM_FIELD *SignScope, uint32 ScopeSize,
CSSM_DATA_PTR SignedCert) SPI: CSSM_RETURN CSSMCLI
CL_CertSign (CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *CertTemplate, const CSSM_FIELD
*SignScope, uint32 ScopeSize, CSSM_DATA_PTR SignedCert)
Common Security Services Manager library (libcssm.so)
The handle that describes the add-in certificate library
module used to perform this function. A signature context
defining the CSP, signing algorithm, and private key that
must be used to perform the operation. The passphrase for
the private key is also provided. A pointer to a
CSSM_DATA structure containing a certificate template in
the default format supported by this CL. The template contains
values that are currently contained in or will be
contained in a signed certificate. A pointer to the
CSSM_FIELD array containing the OID/value pairs of the
fields to be signed. A null input signs all the fields
provided by CertTemplate. The number of entries in the
SignScope list. If the sign scope is not specified, the
input value for scope size must be zero. A pointer to the
CSSM_DATA structure containing the signed certificate.
This function signs a certificate using the private key
and signing algorithm specified in the CCHandle. The
result is a signed, encoded certificate in SignedCert. The
certificate field values are specified in the input certificate
template. The template is constructed using
CSSM_CL_CertCreateTemplate() (CSSM API), or CL_CertCreateTemplate()
(CL SPI). The template is in the default
format for this CL.
The CCHandle must be a signature context created using the
function CSSM_CSP_CreateSignatureContext() (CSSM API), or
CSP_CreateSignatureContext() (SPI). The context must specify
the Cryptographic Services Provider (CSP) module, the
signing algorithm, and the signing key that must be used
to perform this operation. The context must also provide
the passphrase or a callback function to obtain the
passphrase required to access and use the private key.
The fields included in the signing operation are identified
by the OIDs in the optional SignScope array.
The memory for the SignedCert->Data output is allocated by
the service provider using the calling application's memory
management routines. The application must deallocate
the memory.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSSMERR_CL_UNKNOWN_FORMAT
CSSMERR_CL_INVALID_FIELD_POINTER
CSSMERR_CL_UNKNOWN_TAG CSSMERR_CL_INVALID_SCOPE CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
CSSMERR_CL_SCOPE_NOT_SUPPORTED
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_CL_CertVerify(3), CSSM_CL_CertCreateTemplate(3)
Functions for the CLI SPI:
CL_CertVerify(3), CL_CertCreateTemplate(3)
CL_CertSign(3)
[ Back ] | 