Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   12896 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TP_CertReclaimKey(3)					  TP_CertReclaimKey(3)

NAME
       TP_CertReclaimKey,  CSSM_TP_CertReclaimKey - Get private key associated
       with a certificate (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_TP_CertReclaimKey (CSSM_TP_HANDLE	TPHan‐
       dle,  const CSSM_CERTGROUP *CertGroup, uint32 CertIndex, CSSM_LONG_HAN‐
       DLE KeyCacheHandle, CSSM_CSP_HANDLE CSPHandle, const CSSM_RESOURCE_CON‐
       TROL_CONTEXT  *CredAndAclEntry)	SPI:  CSSM_RETURN  CSSMTPI  TP_CertRe‐
       claimKey (CSSM_TP_HANDLE	 TPHandle,  const  CSSM_CERTGROUP  *CertGroup,
       uint32	CertIndex,  CSSM_LONG_HANDLE  KeyCacheHandle,  CSSM_CSP_HANDLE
       CSPHandle, const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The handle that describes the service provider module used  to  perform
       this  operation.	  A pointer to a structure containing a reference to a
       group of certificates and the number of certificates contained in  that
       group.  The certificate group contains all certificates that are candi‐
       dates for reclamation.  An index value that identifies the  certificate
       whose associated private key is to be recovered and stored in the local
       CSP. This index value I references the I-th certificate	in  CertGroup.
       A reference handle that uniquely identifies the cache of protected pri‐
       vate keys associated with the reclaimed certificates contained in Cert‐
       Group.  The structure of the cache is opaque to the caller.  The handle
       that describes the CSP module where the private key is  to  be  stored.
       Optionally,  the	 CA service provider can use this CSP to perform addi‐
       tional cryptographic operations or may use another default CSP for that
       purpose.	 A structure containing one or more credentials authorized for
       creating a key and the prototype ACL entry that will control future use
       of  the	newly created key. The credentials and ACL entry prototype can
       be presented as immediate values or callback functions can be  provided
       for  use	 by  the  CSP  to acquire the credentials and/or the ACL entry
       interactively. If the CSP provides public access for  creating  a  key,
       then  the credentials can be NULL. If the CSP defines a default initial
       ACL entry for the new key, then the ACL entry prototype can be an empty
       list.

DESCRIPTION
       This  function  recovers	 the private key associated with a certificate
       and securely stores that key in	the  specified	cryptographic  service
       provider.   The	key  and its associated certificate are among a set of
       certificates and private keys reclaimed from a certificate authority.

       The particular private key to be recovered to the local system is iden‐
       tified  by its associated certificate. The certificate is identified by
       its CertIndex position within the CertGroup.

       The reclamation process associates the private key with the public  key
       contained  in  the  certificate, and securely stores the private key in
       the specified cryptographic service provider. The CSP can require  that
       the  caller  provide access credentials authorizing inserting a new key
       into the CSP through an UnwrapKey operation.  The  caller  should  also
       provide	an  initial  Access  Control  List  (ACL)  entry for the newly
       inserted key. The ACL entry is used to control future use of the recov‐
       ered private key. These inputs are provided in CredAndAclEntry.

       When  all  required private keys have been reclaimed, the key cache can
       be discarded using the function CSSM_TP_CertReclaimAbort() (CSSM	 API),
       or  TP_CertReclaimAbort()  (TP SPI). The caller must free the CertGroup
       when it is no longer needed.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors  are  described	in   the   CDSA	  technical   standard.	   See
       CDSA_intro(3).	      CSSMERR_TP_INVALID_CERTGROUP_POINTER	  CSS‐
       MERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE	  CSS‐
       MERR_TP_INVALID_INDEX	  CSSMERR_TP_INVALID_KEYCACHE_HANDLE	  CSS‐
       MERR_TP_INVALID_CSP_HANDLE    CSSMERR_TP_AUTHENTICATION_FAILED	  CSS‐
       MERR_TP_INSUFFICIENT_CREDENTIALS

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_TP_RetrieveCredResult(3), CSSM_TP_Cert_ReclaimAbort(3)

       Functions for the TP SPI:

       TP_RetrieveCredResult(3), TP_Cert_ReclaimAbort(3)

							  TP_CertReclaimKey(3)

Vote for polarhome