As in the previous example, a prompt appears for the private key passphrase because it is not included. RSA public keys are generally not considered secret quantities and are not encrypted. Not protecting public keys does not cause a security breach. WLI follows this convention.

3.2 User keys

A user key can have no authorization for WLI operations and still suffice for creating WLI file access policies and signing executable binaries. WLI user authorization enables a key for verifying signatures and file access policies during run-time operations.

A WLI administrator key can authorize an RSA key to enable run-time enforcement of WLI policies created with the key. This authorization is accomplished by copying the public key and associated information into a file under WLI database directory /etc/wli/certificates. For details on authorizing keys, see wlicert(1M).

User key authorization enables the following:

An authorized key enables a WLI file access policy to be enforced for run-time access requests on the file. The public key must verify the signature on the file access policy as part of enforcement.

Any key can generate a WLI policy but only an authorized key can verify a policy signature. For details on generating file access policies, see wlipolicy(1).

Capabilities can be granted to an authorized key. The file /etc/wli/wlicert.conf retains information on authorized keys that also have capabilities. An authorized key with a capability can authorize an executable to use a particular WLI-protected resource.

Any unauthorized key can sign and grant a capability to an executable. For the executable to use the WLI-protected resource, the key used for its signing must be authorized as a user key and granted the capability. For details on granting capabilities to executables, see wlisign(1). For granting capabilities to authorized keys, see wlicert(1M).

3.3Administrator keys

A WLI administrator key has all the authority of an authorized user key. A WLI administrator key also has authority to execute WLI administrative commands.

Multiple WLI administrator keys can be defined. The number of administrator keys depends on site security requirements and is left to the discretion of WLI administrators.

Administrator authority is required to:

Grant WLI administrator authority to keys with wliadm. The key can already have WLI user authority.

Remove administrator authority from a key with wlicert. A key can remove its own administrator authority.

Grant one or more capabilities to a key. An administrator key can grant a capability to itself.

Grant user authority to a key for file access policy enforcement with wlicert. All administrator keys are authorized for policy enforcement without an explicit grant through wlicert. Set the storage type for WLI metadata with wlisys. A key is not required for storage type retrieval.

Set WLI security attributes with wlisyspolicy. A key is not required to query these attribute values.

Sign executable binaries that are invoked through wliwrap to execute with one or more capabilities. An administrator key is not required to authorize execution of wliwrap. Execution of wliwrap can be authorized by any user key that is granted the capabilities.

20 Key usage