Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
Chapter 1 19
Common Data Security Architecture (CDSA) White Paper
Common Security Services Manager (CSSM) API
operations.
Module verification has three aspects:
verification of the module’s identity, based on a digitally-signed certificate
verification of object code, whose integrity is itself based on a signed hash of the object
tightly binding the verified module identity with the verified set of object code.
CSSM Module Information Files
Each CSSM module (including CSSM itself and add-ins) must be installed on the system
before applications can use it. CSSM_ModuleInstall() is the API used to install modules.
CSSM_ModuleInstall() creates information files under the directory /var/cdsa/cssm. The
information file for each module installed is named for its module GUID, in the form
“module-guid”.info.
For example, the CSSM core has a module GUID of
{4405ee7c-eeac-11d1-b73d-0060b0b6e655}
Its module-guid.info file, named
/var/cdsa/cssm/{4405ee7c-eeac-11d1-b73d-0060b0b6e655}.info
contains the following information:
String*Location: /usr/lib/libcssm.1
String*Name: Helwett-Packard Common Security Service Managers Module
String*Version: 1.20
String*Vendor: Hewlett-Packard Company
String*Description: CSSM Module
Binary*ThreadSafe: 00000000
Binary*NumberOfServices: 00000000
String*GUID: {4405ee7c-eeac-11d1-b73d-0060b0b6e655}
Binary*ServiceMasks: 00000001
If the NumberOfServices is not 0, the directory guid contains information for each service.
CSSM_ModuleUnInstall() is the API to uninstall a module. CSSM_ModuleUnInstall()
removes the module information file from /var/cdsa/cssm. After a module is uninstalled, it
becomes unavailable to applications.
For HP-UX, CSSM core, the bundled CSP and the x509v3 CL are preinstalled into the system