HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > Chapter 4 CDSA Utility Programs

CDSA$ISSUER.EXE

  Table of Contents

  Glossary

  Index

The issuer utility is used to create a set of functions that are embedded into CSSM, or are used by EISL. A CDSA application developer needs to create only the EISL_RetrieveSelfCheckKey() function. The other functions noted here are applicable only for CDSA vendors (in this case, HP).

This program generally is called by CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM().

SYNOPSIS

issuer option certfile codefile functionname

OPTIONS

option 

A code that defines the function to be created. Specify one of the following values:

-i 

Creates a function that returns an issuer name from the certificate.

-s 

Creates a function that returns a signer name from the certificate.

-k 

Creates a function that returns a trusted public key.

Note: A CDSA application developer who is creating the EISL_RetrieveSelfCheckKey() function should specify -k. The other codes are used only by CDSA vendors who are building CDSA itself rather than a CDSA application or service provider module.

certfile 

A text file that contains the name of the certificate to be used.

codefile 

The file to which the generated function is written.

functionname 

Name of the function to be generated.

Note: CDSA application developers need to create only the EISL_RetrieveSelfCheckKey() function (the last item in the following list). The full set of functions is listed here to provide a complete overview of the issuer utility. The other functions are applicable only for CDSA vendors. Those who want to learn more about export chains can refer to the Intel Common Data Security Architecture Manifest Signing Tools User's Guide.

  • cssm_GetIntegrityRootKeys() (or cssm_GetExportRootKeys() for export)

  • cssm_GetIntegrityRootNames() (or cssm_GetExportRootNames() for export)

  • EISL_RetrieveSelfCheckKey()

EXAMPLE

The following example extracts the public key from the certificate intmods.cer and creates a function named EISL_RetrieveSelfCheckKey() in the file modselfkey.h.

$ create intmodscertfile.
intmods.cer
$!
$ issuer -k intmodscertfile. modselfkey.h -
_$ "EISL_RetrieveSelfCheckKey"