|
|
Library Spi Parameters Notes Errors | Api Parameters Description Return Value See Also |
API:CSSM_RETURN CSSMAPI CSSM_GenerateKey(CSSM_CC_HANDLE CCHandle,uint32 KeyUsage,uint32 KeyAttr,const CSSM_DATA *KeyLabel,const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,CSSM_KEY_PTR Key)SPI:CSSM_RETURN CSSMCSPI CSP_GenerateKey(CSSM_CSP_HANDLE CSPHandle,CSSM_CC_HANDLE CCHandle,const CSSM_CONTEXT *Context,uint32 KeyUsage,uint32 KeyAttr,const CSSM_DATA *KeyLabel,const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,CSSM_KEY_PTR Key)
cdsa$incssm300_shr.exe
)CCHandle (input) | ||
The handle that describes the context of this cryptographicoperation used to link to the CSP-managed information. | ||
KeyUsage (input) | ||
A bit mask indicating all permitted uses for thenew key. | ||
KeyAttr (input) | ||
A bit mask defining attribute values for the newkey. | ||
KeyLabel (input/optional) | ||
Pointer to a byte string that will be used as thelabel for the key. | ||
CredAndAclEntry (input/optional) | ||
A structure containing one or more credentials authorizedfor creating a key and the prototype ACL entry that will controlfuture use of the newly created key. The credentials and ACL entryprototype can be presented as immediate values or callback functionscan be provided for use by the CSP to acquire the credentials and/orthe ACL entry interactively. If the CSP provides public access forcreating a key, then the credentials can be NULL. If the CSP definesa default initial ACL entry for the new key, then the ACL entryprototype can be an empty list. | ||
Key (output) | Pointer to CSSM_KEY structure used to hold the newkey. The CSSM_KEY structure should be empty upon input to this function.The CSP will ignore any values residing in this structure at functioninvocation. Input values should be supplied in the cryptographic context, KeyUsage , KeyAttr ,and KeyLabel input parameters. |
CSPHandle (input) | ||
The handle that describes the add-in CryptographicService Provider module used to perform up-calls to CSSM for thememory functions managed by CSSM. | ||
Context (input) | ||
Pointer to CSSM_CONTEXT structure that describesthe attributes with this context. | ||
Key (output) | Pointer to CSSM_KEY structure used to obtain thekey. Upon function invocation, any values in the CSSM_Key structureshould be ignored. All input values should be supplied in the cryptographic Context , KeyUsage , KeyAttr ,and KeyLabel input parameters. |
KeyUsage
,and KeyAttr
are used to initialize the keyheaderfor the newly created key. These values are not retained in thecryptographic Context, which contains additional parameters forthis operation. The CSP may cache keying material associated withthe new symmetric key. When the symmetric key is no longer in activeuse, the application can invoke the CSSM_FreeKey()
interface to allow cached keying material associatedwith the symmetric key to be removed.Authorization policy can restrict the set of callers who cancreate a new resource. In this case, the caller must present a setof access credentials for authorization. Upon successfully authenticatingthe credentials, the template that verified the presented samplesidentifies the ACL entry that will be used in the authorization computation.If the caller is authorized, the new resource is created.
The caller must provide an initial ACL entry to be associatedwith the newly created resource. This entry is used to control futureaccess to the new resource and (since the subject is deemed to bethe "Owner") exercise control over its associated ACL. The callercan specify the following items for initializing an ACL entry:
AuthorizationTag
.(This item only applies to public key subjects).AuthorizationTag
valuesin their Module Directory Services primary record.KeyData
field of the CSSM_KEY structureis allocated by the CSP. The application is required to free this memoryusing the CSSM_FreeKey()
(CSSM API), or CSP_FreeKey()
(CSP SPI), function or with the memory functions registeredfor the CSPHandle
.CSSMERR_CSP_KEY_LABEL_ALREADY_EXISTS
Intel CDSA Application Developer's Guide
Functions for the CSSM API:
CSSM_GenerateRandom, CSSM_GenerateKeyPair
Functions for the CSP SPI:
CSP_GenerateRandom, CSP_GenerateKeyPair
|
|