HP UX Security Products and Features Software manual Applications

Page 16

	Common Data Security Architecture (CDSA) White Paper
	What Is CDSA?
Figure 1-4	CDSA, shown relative to higher-level protocols and user
	applications

End User Applications

Higher-Level Security Protocols (PKCS, SSL, S/MIME, IPSEC, SET, et al.)

	Common Security Services Manager (CSSM) APIs
	Crypotgraphy	Certificate	Data Storage	Trust Policy
	Services	Library	Library
				Manager
	Manager	Manager	Manager
				and
	and	and	and
				Interface
	Interface	Interface	Interface

	Cryptography	Certificate	Data	Trust
	Services		Storage	Policy
		Library
	Provider		Library	Library
		(CL)
	(CSP)		(DL)	(TP)

The ﬁrst protocol to have developed widespread use is called Secure Sockets Layer (SSL), which runs on top of TCP/IP and provides security for web browsers and servers.

Another protocol, called Secure Multipurpose Internet Mail Extensions (S/MIME), is used to safeguard email over the Internet. MIME extended the email speciﬁcation, so that other data types, such as graphics and ﬁles created using word-processing programs, can be included in email messages. S/MIME provides privacy, authentication, and integrity services for Internet email messaging.

Pretty Good Privacy (PGP) is another protocol that uses cryptographic techniques for doing security messaging.

Secure Electronic Transactions (SET) is a protocol designed to protect transfer of credit-card information over the Internet. It is a standard being promoted by VISA and MasterCard.

The above protocols make use of some subset of the thirteen Public-Key Cryptography Standards (PKCS). These standards address RSA encryption, password-based encryption, and extended certiﬁcate syntax. One of the key beneﬁts of PKCS is that the standards

16

Chapter 1

Image 16

Contents Contents Sample Install Program Generating the Credential File Migrating to Cdsa ZIP format Private Key FileCommon Data Security Architecture Cdsa White Paper ChapterGlossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and AcronymsGlossary of Cdsa Terms and Acronyms RC2 Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms What Is CDSA? What Is CDSA?HP’s Implementation of Cdsa HP-UX Cdsa Product OverviewWhat Is CDSA? Cdsa Components in HP-UX Cdsa Components on HP-UXWhat Is CDSA? Example of Cdsa APIs Used for Applications vs. Shared Cdsa in the Context of Other Security ApplicationsLibraries CDSA, shown relative to higher-level protocols and user ApplicationsHP’s Paradigm Shift Common Security Services Manager Cssm Common Security Services Manager Cssm APICssm Module Information Files Cssmnotlongfilenamesys Cryptography Service Provider CSP API Cryptography Service Provider CSP APIPublic/Private Key Algorithms Dual Asymmetric Key AlgorithmSymmetric Key Algorithm Authenticating a Digital Signature RC2 or RC4Cryptography Service Provider CSP API Hash Interaction between CSP and Applications CSP Operations Cryptography Service Provider CSP API Cryptography Service Provider CSP API Extensibility Functions Supported Functions and AlgorithmsCssmalgidcdmf Cssmalgiddsa Cssmalgiddh Purpose Pass-Through ID Certiﬁcate Library Services CL API What is a Certiﬁcate?Certiﬁcate Library Services CL API Outline of a Generic CertiﬁcateCertiﬁcate Revocation List CRL and Operations Interaction between Certiﬁcate Library and Application Interaction between Cssm and Certiﬁcate Library Interface Operations on CertiﬁcatesCertiﬁcate Library Interface Certiﬁcate Library Services CL API Certiﬁcate Library Services CL API Certiﬁcate Library Services CL API INTELX509V3PASSTHROUGHCREATEENCODEDNAME INTELX509V3PASSTHROUGHENCODENAME INTELX509V3PASSTHROUGHENCODEALGID INTELX509V3PASSTHROUGHREADCERTFROMFILE INTELX509V3PASSTHROUGHENCODEREVOKEDCERTLIST INTELX509V3PASSTHROUGHFINDSUPPORTINGCSP INTELX509V3PASSTHROUGHCSSMKEYTOSPKI Role of Add-In Modules in the Cdsa Framework Introduction to Add-in ModulesIntroduction to Add-in Modules Design Criteria for Add-In Modules Global Unique Identiﬁer GuidInitializer Code to Register Services with Cssm Add-In Module Install ProgramTo Install an Add-In Library How to Create a Cdsa Add-In Module for How to Create a Cdsa Add-In Module for HP-UXLd -b -o libmylib.1 +I MyAddInInit Implementing Integrity Checking in Add-In Modules Programming Self-Check Functions into the Initializer How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX Typeprocedure How to Create a Cdsa Add-In Module for HP-UX Or specify the following for CL/TP/DL add-ins With a Cssm capable of integrity checking Validating the CSP Credentials Credential FileCertiﬁcate Chain Validating the CSP CredentialsValidation Sequence Verifying a Certiﬁcate ChainIntegrity Check prior to Loading Verifying the signature on the .SF ﬁleSHA-1 Self Check 11 Verifying the validity of the CSP libraryBilateral Authentication In-Memory vs. Static CheckingFurther References Concluding RemarksConcluding Remarks Concluding Remarks Sample Install Program Appendix aAppendix a Appendix a Cssmapimemoryfuncs Appendix a Else if argc != Destpath Sample Install Program Appendix a Sample Install Program Generating the Credential File Appendix BHP Signing Policy for CSP Add-In Vendors for Cdsa Version HP Signing Policy for CSP Add-In Vendors for Cdsa VersionSample Add-in Module Code Appendix CAppendix C Appendix C Sample Add-in Module Code Appendix C Cssmreturn = Null Sample Add-in Module Code == Cssmfail Cssmmodulefuncs Appendix C Sample Add-in Module Code Appendix C Sample Add-in Module Code Data 100 Appendix C 101 102 Appendix C 103 104 Functions Needed for Add-in Module Integrity Appendix D 105106 Trouble Shooting HP Cdsa Appendix E 107Cdsa API Errors Cdsa API Errors108 Appendix E 109 110 Appendix E 111 112 Appendix E 113 114 Appendix E 115 116 Appendix E 117 Cdsa Start Up Errors when calling CSSMModuleAttach Cdsa Start Up Errors when calling CSSMModuleAttach118 Appendix E 119 Debugging Core Dumps Using DDE to Debug Cdsa Applications120 Migrating to Cdsa Appendix F 121122 Appendix F 123 DL data structures 124ZIP format Appendix G 125126 Appendix G 127 128 Private Key File Appendix H 129Private Key File Contention 130

Related manuals

Manual 62 pages 27.73 Kb