Skip Navigation Links | |
Exit Print View | |
Developer's Guide to Oracle Solaris 11 Security Oracle Solaris 11.1 Information Library |
1. Oracle Solaris Security for Developers (Overview)
2. Developing Privileged Applications
3. Writing PAM Applications and Services
4. Writing Applications That Use GSS-API
7. Writing Applications That Use SASL
8. Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Requirements for Developers of Kernel-Level Consumers
9. Writing User-Level Cryptographic Applications
10. Introduction to the Oracle Solaris Key Management Framework
A. Secure Coding Guidelines for Developers
B. Sample C-Based GSS-API Programs
The components of the cryptographic framework are described as follows.
libpkcs11.so – The framework provides access through the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). Applications need to link to the libpkcs11.so library, which implements the RSA PKCS #11 of the standard.
Pluggable interface – The pluggable interface is the service provider interface (SPI) for PKCS #11 cryptographic services that are provided by Oracle Corporation and third-party developers. Providers are user-level libraries. Providers are implemented through encryption services that are available from either hardware or software.
pkcs11_softtoken.so – A private shared object that contains user-level cryptographic mechanisms that are provided by Oracle Corporation The pkcs11_softtoken(5) library implements the RSA PKCS #11 v2.11 of the standard.
pkcs11_kernel.so – The private shared object used to access kernel-level cryptographic mechanisms. pkcs11_kernel(5) implements the RSA PKCS#11 v2.11 specification. pkcs11_kernel.so offers a PKCS#11 user interface for cryptographic services that are plugged into the kernel's service provider interface.
/dev/crypto pseudo device driver – The private pseudo device driver for using kernel-level cryptographic mechanisms. This information is provided to avoid inadvertent deletion of the pseudo device driver.
Scheduler / load balancer – The kernel software that is responsible for coordinating use, load balancing, and dispatching of the cryptographic service requests.
Kernel programmer interface – The interface for kernel-level consumers of cryptographic services. The IPSec protocol and the kerberos GSS mechanism are typical cryptographic consumers.
Note - This interface is only available through a special contract with Oracle Corporation Send email to solaris-crypto-req_ww@oracle.com for more information.
Oracle HW and SW cryptographic providers – Kernel-level cryptographic services that are provided by Oracle Corporation HW refers to hardware cryptographic services such as accelerator boards. SW refers to kernel modules that provide cryptographic services, such as an implementation of a cryptographic algorithm.
Kernel cryptographic framework daemon – The private daemon that is responsible for managing system resources for cryptographic operations. The daemon is also responsible for verifying cryptographic providers.
Module verification library – A private library used to verify the integrity and authenticity of all binaries that the Oracle Solaris cryptographic framework is importing.
elfsign – A utility that can verify the signature of binaries, that is, elf objects, that plug into the Oracle Solaris cryptographic framework.
/dev/cryptoadm pseudo device driver – The private pseudo device driver used by cryptoadm(1M) for administering kernel-level cryptographic mechanisms. This information is provided to avoid inadvertent deletion of the pseudo device driver.
cryptoadm – A user-level command for administrators to manage cryptographic services. A typical cryptoadm task is listing cryptographic providers and their capabilities. Disabling and enabling cryptographic mechanisms according to security policy is also performed with cryptoadm.