HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > Chapter 4 CDSA Utility Programs


  Table of Contents



The issuer utility is used to create a set of functions that are embedded into CSSM, or are used by EISL. A CDSA application developer needs to create only the EISL_RetrieveSelfCheckKey() function. The other functions noted here are applicable only for CDSA vendors (in this case, HP).

This program generally is called by CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM().


issuer option certfile codefile functionname



A code that defines the function to be created. Specify one of the following values:


Creates a function that returns an issuer name from the certificate.


Creates a function that returns a signer name from the certificate.


Creates a function that returns a trusted public key.

Note: A CDSA application developer who is creating the EISL_RetrieveSelfCheckKey() function should specify -k. The other codes are used only by CDSA vendors who are building CDSA itself rather than a CDSA application or service provider module.


A text file that contains the name of the certificate to be used.


The file to which the generated function is written.


Name of the function to be generated.

Note: CDSA application developers need to create only the EISL_RetrieveSelfCheckKey() function (the last item in the following list). The full set of functions is listed here to provide a complete overview of the issuer utility. The other functions are applicable only for CDSA vendors. Those who want to learn more about export chains can refer to the Intel Common Data Security Architecture Manifest Signing Tools User's Guide.

  • cssm_GetIntegrityRootKeys() (or cssm_GetExportRootKeys() for export)

  • cssm_GetIntegrityRootNames() (or cssm_GetExportRootNames() for export)

  • EISL_RetrieveSelfCheckKey()


The following example extracts the public key from the certificate intmods.cer and creates a function named EISL_RetrieveSelfCheckKey() in the file modselfkey.h.

$ create intmodscertfile.
$ issuer -k intmodscertfile. modselfkey.h -
_$ "EISL_RetrieveSelfCheckKey"