Common Data Security Architecture (CDSA) White Paper

66 Chapter1
Common Data Security Architecture (CDSA) White Paper
Validating the CSP Credentials
Certificate 2’s public key, and so on.
Figure 1-8 Verifying a Certificate Chain
The Validation Sequence
The validation process is comprised of three phases:
Integrity check by the CSSM of the CSP shared library prior to loading
Self-check of the CSP by itself
Bilateral authentication check of the CSSM by the CSP
NOTE The CSP add-in module is not used in the validation sequence. Instead,
duplicate cryptographic functions for validating DSA signatures and
calculating SHA-1 hashes are embedded in the integrity checking library
of the HP CDSA Framework.
CSP shared libraries are validated in the order they are loaded by the CDSA application user.
Issuer: Root Issuer
Subject: Root Issuer
Root Public Key
Issuer: Root Issuer
Subject: Issuer A
DSA Signature
Public Key
Issuer: Issuer A
Subject: Issuer B
DSA Signature
Public Key
Issuer: Issuer B
Subject: Signer
DSA Signature
Public Key
Certificate 0
Certificate 1
Certificate 2
Certificate 3