HP UX Security Products and Features Software manual Cssm Module Information Files

Common Data Security Architecture (CDSA) White Paper

Common Security Services Manager (CSSM) API

operations.

Module verification has three aspects:

•verification of the module’s identity, based on a digitally-signed certificate

•verification of object code, whose integrity is itself based on a signed hash of the object

•tightly binding the verified module identity with the verified set of object code.

CSSM Module Information Files

Each CSSM module (including CSSM itself and add-ins) must be installed on the system before applications can use it. CSSM_ModuleInstall() is the API used to install modules. CSSM_ModuleInstall() creates information files under the directory /var/cdsa/cssm. The information file for each module installed is named for its module GUID, in the form “module-guid”.info.

For example, the CSSM core has a module GUID of

{4405ee7c-eeac-11d1-b73d-0060b0b6e655}

Its module-guid.info file, named

/var/cdsa/cssm/{4405ee7c-eeac-11d1-b73d-0060b0b6e655}.info

contains the following information:

String*Location: /usr/lib/libcssm.1

String*Name: Helwett-Packard Common Security Service Managers Module

String*Version: 1.20

String*Vendor: Hewlett-Packard Company

String*Description: CSSM Module

Binary*ThreadSafe: 00000000

Binary*NumberOfServices: 00000000

String*GUID: {4405ee7c-eeac-11d1-b73d-0060b0b6e655}

Binary*ServiceMasks: 00000001

If the NumberOfServices is not 0, the directory guid contains information for each service.

CSSM_ModuleUnInstall() is the API to uninstall a module. CSSM_ModuleUnInstall() removes the module information file from /var/cdsa/cssm. After a module is uninstalled, it becomes unavailable to applications.

For HP-UX, CSSM core, the bundled CSP and the x509v3 CL are preinstalled into the system