Common Data Security Architecture (CDSA) White Paper

Validating the CSP Credentials

Certificate 2’s public key, and so on.

Figure 1-8

Verifying a Certificate Chain

Certificate 0

 

 

Issuer: Root Issuer

Certificate 1

Subject: Root Issuer

Issuer: Root Issuer

Root Public Key

Subject: Issuer A

 

 

DSA Signature

Public Key

Certificate 2

 

Issuer: Issuer A

Certificate 3

Subject: Issuer B

DSA Signature

Issuer: Issuer B

Public Key

Subject: Signer

 

 

DSA Signature

 

Public Key

The Validation Sequence

The validation process is comprised of three phases:

Integrity check by the CSSM of the CSP shared library prior to loading

Self-check of the CSP by itself

Bilateral authentication check of the CSSM by the CSP

NOTE

The CSP add-in module is not used in the validation sequence. Instead,

 

duplicate cryptographic functions for validating DSA signatures and

 

calculating SHA-1 hashes are embedded in the integrity checking library

 

of the HP CDSA Framework.

 

 

CSP shared libraries are validated in the order they are loaded by the CDSA application user.

66

Chapter 1

Page 66
Image 66
HP UX Security Products and Features Software manual Validation Sequence, Verifying a Certificate Chain