CSSM_GenerateKeyPair man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

GenerateKeyPair(3)					    GenerateKeyPair(3)

       GenerateKeyPair,	 CSSM_GenerateKeyPair,	CSP_GenerateKeyPair - Generate
       an asymmetric key pair (CDSA)

       # include <cdsa/cssm.h>

       uint32  PublicKeyUsage, uint32 PublicKeyAttr, const CSSM_DATA *PublicK‐
       eyLabel, CSSM_KEY_PTR PublicKey, uint32	PrivateKeyUsage,  uint32  Pri‐
       vateKeyAttr, const CSSM_DATA *PrivateKeyLabel, const CSSM_RESOURCE_CON‐
       TROL_CONTEXT   *CredAndAclEntry,	   CSSM_KEY_PTR	   PrivateKey)	  SPI:
       CSSM_CC_HANDLE CCHandle, const CSSM_CONTEXT *Context,  uint32  PublicK‐
       eyUsage,	  uint32   PublicKeyAttr,   const  CSSM_DATA  *PublicKeyLabel,
       CSSM_KEY_PTR PublicKey, uint32 PrivateKeyUsage,	uint32	PrivateKeyAttr
       const  CSSM_DATA	 *PrivateKeyLabel, const CSSM_RESOURCE_CONTROL_CONTEXT
       *CredAndAclEntry, CSSM_KEY_PTR PrivateKey, CSSM_PRIVILEGE Privilege)

       Common Security Services Manager library (libcssm.so)

       The handle that describes the context of this  cryptographic  operation
       used to link to the CSP-managed information.  A bit mask indicating all
       permitted uses for the new public key.  A bit mask  defining  attribute
       values  for  the new public key.	 Pointer to a byte string that will be
       used as the label for the public key.  Pointer  to  CSSM_KEY  structure
       used to hold the new public key. The CSSM_KEY structure should be empty
       upon input to this function. The CSP will ignore any values residing in
       this structure at function invocation.  Input values should be supplied
       in the cryptographic Context, PublicKeyUsage, PublicKeyAttr,  and  Pub‐
       licKeyLabel input parameters.  A bit mask indicating all permitted uses
       for the new private key.	 A bit mask defining attribute values for  the
       new  private  key.   Pointer  to a byte string that will be used as the
       label for the private key.  A structure containing one or more  creden‐
       tials  authorized  for  creating a key and the prototype ACL entry that
       will control future use of the newly created key. The  credentials  and
       ACL  entry  prototype  can be presented as immediate values or callback
       functions can be provided for use by the CSP to acquire the credentials
       and/or  the  ACL entry interactively. If the CSP provides public access
       for creating a key, then the  credentials  can  be  NULL.  If  the  CSP
       defines a default initial ACL entry for the new key, then the ACL entry
       prototype can be an empty list.	Pointer to CSSM_KEY structure used  to
       obtain  the  private  key.  Upon function invocation, any values in the
       CSSM_Key structure should be ignored.  All input values should be  sup‐
       plied  in  the  cryptographic Context, PrivateKeyUsage, PrivateKeyAttr,
       and PrivateKeyLabel input parameters.

       The handle that describes the  add-in  cryptographic  service  provider
       module  used  to perform calls to CSSM for the memory functions managed
       by CSSM.	 The handle that describes the context of  this	 cryptographic
       operation  used	to  link  to  the CSP-managed information.  Pointer to
       CSSM_CONTEXT structure that describes the attributes with this context.
       The  export privilege to be applied during the cryptographic operation.
       This parameter is forwarded to the CSP after CSSM verifies  the	caller
       and service provider privilege set includes the specified privilege.

       This  function generates an asymmetric key pair. The CSP may cache key‐
       ing material associated with the new asymmetric keypair.	 When  one  or
       both  of	 the  keys  are	 no  longer in active use, the application can
       invoke the CSSM_FreeKey() interface to  allow  cached  keying  material
       associated with the key to be removed.

       Authorization  policy  can restrict the set of callers who can create a
       new resource. In this case, the caller must present  a  set  of	access
       credentials  for	 authorization.	 Upon  successfully authenticating the
       credentials, the template that verified the presented  samples  identi‐
       fies  the ACL entry that will be used in the authorization computation.
       If the caller is authorized, the new resource is created.

       The caller must provide an initial ACL entry to be associated with  the
       newly  created resource. This entry is used to control future access to
       the new resource and (since the subject is deemed to  be	 the  "Owner")
       exercise	 control  over	its associated ACL. The caller can specify the
       following items for initializing an ACL entry: A	 CSSM_LIST  structure,
       containing  the	type  of  the subject and a template value that can be
       used to verify samples that are presented in credentials when  resource
       access  is requested.  A value indicating whether the Subject can dele‐
       gate the permissions  recorded  in  the	AuthorizationTag.  (This  item
       applies	only to public key subjects).  The set of permissions that are
       granted to the Subject.	The start time and the stop time for which the
       ACL  entry  is  valid.  A user-defined string value associated with the
       ACL entry.

	      The service provider can modify the caller-provided initial  ACL
	      entry  to	 conform to any innate resource-access policy that the
	      service provider may be required to enforce. If the initial  ACL
	      entry provided by the caller contains values or permissions that
	      are not supported by the	service	 provider,  then  the  service
	      provider	can  modify  the initial ACL appropriately or can fail
	      the request to create the new resource. Service  providers  list
	      their  supported	AuthorizationTag values in their Module Direc‐
	      tory Services primary record.

       The KeyData fields of the CSSM_KEY structures are allocated by the CSP.
       The   application   is	required   to	free  this  memory  using  the
       CSSM_FreeKey() (CSSM API), or CSP_FreeKey() (CSP SPI), function or with
       the memory functions registered for the CSPHandle.

       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

       Errors	are   described	  in   the   CDSA   technical  standard.   See


       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_GenerateKey(3), CSSM_GenerateRandom(3)

       Functions for the CSP SPI:

       CSP_GenerateKey(3), CSP_GenerateRandom(3)


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net