HP UX Security Products and Features Software manual Contents

Contents

1. Common Data Security Architecture (CDSA) White Paper

Glossary of CDSA Terms and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . .4

What Is CDSA? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

HP’s Implementation of CDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

CDSA Components in HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

CDSA in the Context of Other Security Applications . . . . . . . . . . . . .15

HP’s Paradigm Shift . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Common Security Services Manager (CSSM) API . . . . . . . . . . . . . . . . .18 CSSM Module Information Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Cryptography Service Provider (CSP) API. . . . . . . . . . . . . . . . . . . . . . . .21 Public/Private Key Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Interaction between CSP and Applications . . . . . . . . . . . . . . . . . . . . .26 CSP Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Certificate Library Services (CL) API . . . . . . . . . . . . . . . . . . . . . . . . . . .34 What is a Certificate? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Operations on Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Introduction to Add-in Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 The Role of Add-In Modules in the CDSA Framework . . . . . . . . . . . .48 Design Criteria for Add-In Modules . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Global Unique Identifier (GUID). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Initializer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Code to Register Services with CSSM . . . . . . . . . . . . . . . . . . . . . . . . .51 Add-In Module Install Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

How to Create a CDSA Add-In Module for HP-UX . . . . . . . . . . . . . . . .53 Implementing Integrity Checking in Add-In Modules . . . . . . . . . . . . .55 Programming AddInAuthenticate() to Perform Bilateral Authentication 60

Completing the Development of a CSP that Performs Integrity Checking 63

1