skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of reference: API Functions API Functions
go to previous page: CL_CertGroupToSignedBundle CL_CertGroupToSignedBundle
go to next page: CL_CertVerifyCL_CertVerify
end of book navigation links


CL_CertSign
Library
Description
Errors
 Parameters
Return Value
See Also

NAME

CSSM_CL_CertSign - Sign a certificate (CDSA)

SYNOPSIS  

# include <cssm.h>

API:
CSSM_RETURN CSSMAPI CSSM_CL_CertSign
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *CertTemplate,
const CSSM_FIELD *SignScope,
uint32 ScopeSize,
CSSM_DATA_PTR SignedCert)
SPI:
CSSM_RETURN CSSMCLI CL_CertSign
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *CertTemplate,
const CSSM_FIELD *SignScope,
uint32 ScopeSize,
CSSM_DATA_PTR SignedCert)

return to top LIBRARY  

Common Security Services Manager library (cdsa$incssm300_shr.exe)

return to top PARAMETERS  

CLHandle (input)
 The handle that describes the add-in certificate library module used to perform this function.
CCHandle (input)
 A signature context defining the CSP, signing algorithm, and private key that must be used to perform the operation. The passphrase for the private key is also provided.
CertTemplate (input)
 A pointer to a CSSM_DATA structure containing a certificate template in the default format supported by this CL. The template contains values that are currently contained in or will be contained in a signed certificate.
SignScope (input/optional)
 A pointer to the CSSM_FIELD array containing the OID/value pairs of the fields to be signed. A null input signs all the fields provided by CertTemplate.
ScopeSize (input)
 The number of entries in the SignScope list. If the sign scope is not specified, the input value for scope size must be zero.
SignedCert (output)
 A pointer to the CSSM_DATA structure containing the signed certificate.

return to top DESCRIPTION  

This function signs a certificate using the private key and signing algorithm specified in the CCHandle. The result is a signed, encoded certificate in SignedCert. The certificate field values are specified in the input certificate template. The template is constructed using CSSM_CL_CertCreateTemplate() (CSSM API), or CL_CertCreateTemplate() (CL SPI). The template is in the default format for this CL.

The CCHandle must be a signature context created using the function CSSM_CSP_CreateSignatureContext() (CSSM API), or CSP_CreateSignatureContext() (SPI). The context must specify the Cryptographic Services Provider (CSP) module, the signing algorithm, and the signing key that must be used to perform this operation. The context must also provide the passphrase or a callback function to obtain the passphrase required to access and use the private key.

The fields included in the signing operation are identified by the OIDs in the optional SignScope array.

The memory for the SignedCert->Data output is allocated by the service provider using the calling application's memory management routines. The application must deallocate the memory.

return to top RETURN VALUE  

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

return to top ERRORS  

Errors are described in the CDSA Technical Standard. 
CSSMERR_CL_INVALID_CONTEXT_HANDLE
CSSMERR_CL_UNKNOWN_FORMAT
CSSMERR_CL_INVALID_FIELD_POINTER
CSSMERR_CL_UNKNOWN_TAG
CSSMERR_CL_INVALID_SCOPE
CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
CSSMERR_CL_SCOPE_NOT_SUPPORTED

return to top SEE ALSO  

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_CL_CertVerify, CSSM_CL_CertCreateTemplate

Functions for the CLI SPI:

CL_CertVerify, CL_CertCreateTemplate

go to previous page: CL_CertGroupToSignedBundle CL_CertGroupToSignedBundle
go to next page: CL_CertVerifyCL_CertVerify