CL_CrlSign, CSSM_CL_CrlSign, CL_CrlSign - Sign a CRL
(CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CrlSign (CSSM_CL_HANDLE
CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_DATA
*UnsignedCrl, const CSSM_FIELD *SignScope, uint32 ScopeSize,
CSSM_DATA_PTR SignedCrl) SPI: CSSM_RETURN CSSMCLI
CL_CrlSign (CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *UnsignedCrl, const CSSM_FIELD *SignScope,
uint32 ScopeSize, CSSM_DATA_PTR SignedCrl)
Common Security Services Manager library (libcssm.so)
The handle that describes the add-in Certificate Library
module used to perform this function. The handle that
describes the context of this cryptographic operation. A
pointer to the CSSM_DATA structure containing the CRL to
be signed. A pointer to the CSSM_FIELD array containing
the tag/value pairs of the fields to be signed. If the
signing scope is null, the Certificate Library module
includes a default set of CRL fields in the signing process.
The number of entries in the sign scope list. If
the signing scope is not specified, the input scope size
must be zero. A pointer to the CSSM_DATA structure containing
the signed CRL. The SignedCrl->Data is allocated
by the service provider and must be deallocated by the
application.
This function signs a CRL using the private key and signing
algorithm specified in the CCHandle parameter. The
result is a signed, encoded certificate revocation list in
SignedCrl. The unsigned CRL is specified in the input
UnsignedCrl. The UnsignedCrl is constructed using the
CSSM_CL_CrlCreateTemplate(), CSSM_CL_CrlSetFields(),
CSSM_CL_CrlAddCert(), and CSSM_CL_CrlRemoveCert() functions
(for the CSSM API), or their CL SPI equivalents.
The CCHandle must be context created using the function
CSSM_CSP_CreateSignatureContext() (CSSM API), or CSP_CreateSignatureContext()
(SPI). The context must specify the
Cryptographic Services Provider module, the signing algorithm,
and the signing key that must be used to perform
this operation. The context must also provide the
passphrase or a callback function to obtain the passphrase
required to access and use the private key.
The fields included in the signing operation are identified
by the OIDs in the optional SignScope array.
Once the CRL has been signed it cannot be modified. This
means that entries cannot be added or removed from the CRL
through application of the CSSM_CL_CrlAddCert() or
CSSM_CL_CrlRemoveCertCSSM_CL_CrlRemoveCert() (or their CL
SPI equivalent operations. A signed CRL can be verified,
applied to a data store, and searched for values.
The memory for the SignedCrl->Data output is allocated by
the service provider using the calling application's memory
management routines. The application must deallocate
the memory.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSSMERR_CL_INVALID_CRL_POINTER
CSSMERR_CL_UNKNOWN_FORMAT CSSMERR_CL_INVALID_FIELD_POINTER
CSSMERR_CL_UNKNOWN_TAG CSSMERR_CL_INVALID_SCOPE
CSSMERR_CL_SCOPE_NOT_SUPPORTED CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
CSSMERR_CL_CRL_ALREADY_SIGNED
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
Functions: CSSM_CL_CrlVerify(3), CSSM_CL_CrlVerifyWithKey(3)
Functions for the CLI SPI:
CL_CrlVerify(3), CL_CrlVerifyWithKey(3)
CL_CrlSign(3)
[ Back ] | 