CSSM_GenerateKey man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

GenerateKey(3)							GenerateKey(3)

       GenerateKey,  CSSM_GenerateKey,	CSP_GenerateKey - Generate a symmetric
       key (CDSA)

       # include <cdsa/cssm.h>

       uint32  KeyUsage,  uint32  KeyAttr,  const  CSSM_DATA  *KeyLabel, const
       CSSM_CC_HANDLE CCHandle, const CSSM_CONTEXT *Context, uint32  KeyUsage,
       uint32  KeyAttr,	 const	CSSM_DATA  *KeyLabel, const CSSM_RESOURCE_CON‐
       TROL_CONTEXT *CredAndAclEntry, CSSM_KEY_PTR Key)

       Common Security Services Manager library (libcssm.so)

       The handle that describes the context of this  cryptographic  operation
       used to link to the CSP-managed information.  A bit mask indicating all
       permitted uses for the new key.	A bit mask defining  attribute	values
       for  the	 new  key.   Pointer to a byte string that will be used as the
       label for the key.  A structure	containing  one	 or  more  credentials
       authorized  for	creating  a  key and the prototype ACL entry that will
       control future use of the newly created key. The	 credentials  and  ACL
       entry  prototype can be presented as immediate values or callback func‐
       tions can be provided for use by the CSP	 to  acquire  the  credentials
       and/or  the  ACL entry interactively. If the CSP provides public access
       for creating a key, then the  credentials  can  be  NULL.  If  the  CSP
       defines a default initial ACL entry for the new key, then the ACL entry
       prototype can be an empty list.	Pointer to CSSM_KEY structure used  to
       hold  the new key. The CSSM_KEY structure should be empty upon input to
       this function. The CSP will ignore any values residing in  this	struc‐
       ture  at	 function  invocation.	Input values should be supplied in the
       cryptographic context, KeyUsage, KeyAttr, and  KeyLabel	input  parame‐

       The  handle  that  describes  the add-in cryptographic service provider
       module used to perform up-calls to CSSM for the memory  functions  man‐
       aged  by	 CSSM.	 Pointer  to CSSM_CONTEXT structure that describes the
       attributes with this context.  Pointer to CSSM_KEY  structure  used  to
       obtain  the  key.  Upon function invocation, any values in the CSSM_Key
       structure should be ignored. All input values should be supplied in the
       cryptographic  Context,	KeyUsage,  KeyAttr, and KeyLabel input parame‐

       This function generates a symmetric key. The KeyUsage, and KeyAttr  are
       used  to initialize the keyheader for the newly created key. These val‐
       ues are not retained in the cryptographic Context, which contains addi‐
       tional parameters for this operation. The CSP may cache keying material
       associated with the new symmetric key. When the	symmetric  key	is  no
       longer  in  active  use,	 the application can invoke the CSSM_FreeKey()
       interface to allow cached keying material associated with the symmetric
       key to be removed.

       Authorization  policy  can restrict the set of callers who can create a
       new resource. In this case, the caller must present  a  set  of	access
       credentials  for	 authorization.	 Upon  successfully authenticating the
       credentials, the template that verified the presented  samples  identi‐
       fies  the ACL entry that will be used in the authorization computation.
       If the caller is authorized, the new resource is created.

       The caller must provide an initial ACL entry to be associated with  the
       newly  created resource. This entry is used to control future access to
       the new resource and (since the subject is deemed to  be	 the  "Owner")
       exercise	 control  over	its associated ACL. The caller can specify the
       following items for initializing an ACL entry: Subject  -  A  CSSM_LIST
       structure, containing the type of the subject and a template value that
       can be used to verify samples that are presented	 in  credentials  when
       resource	 access	 is  requested.	  Delegation flag - A value indicating
       whether the Subject can delegate the permissions recorded in the Autho‐
       rizationTag.   (This item only applies to public key subjects).	Autho‐
       rization tag - The set of permissions that are granted to the  Subject.
       Validity	 period	 -  The start time and the stop time for which the ACL
       entry is valid.	ACL entry tag - A user-defined string value associated
       with the ACL entry.

	      The  service provider can modify the caller-provided initial ACL
	      entry to conform to any innate resource-access policy  that  the
	      service  provider may be required to enforce. If the initial ACL
	      entry provided by the caller contains values or permissions that
	      are  not	supported  by  the  service provider, then the service
	      provider can modify the initial ACL appropriately	 or  can  fail
	      the  request  to create the new resource. Service providers list
	      their supported AuthorizationTag values in their	Module	Direc‐
	      tory Services primary record.

       The  KeyData  field  of the CSSM_KEY structure is allocated by the CSP.
       The  application	 is  required  to   free   this	  memory   using   the
       CSSM_FreeKey() (CSSM API), or CSP_FreeKey() (CSP SPI), function or with
       the memory functions registered for the CSPHandle.

       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

       Errors  are  described	in   the   CDSA	  technical   standard.	   See


       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_GenerateRandom(3), CSSM_GenerateKeyPair(3)

       Functions for the CSP SPI:

       CSP_GenerateRandom(3), CSP_GenerateKeyPair(3)


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net