The issuer utility is used to create a set of functions that
are embedded into CSSM, or are used by EISL. A CDSA application
developer needs to create only the EISL_RetrieveSelfCheckKey() function. The other functions noted here are applicable
only for CDSA vendors (in this case, HP).
This program generally is called by CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM().
SYNOPSIS
issueroptioncertfilecodefilefunctionname
OPTIONS
option
A code that defines the function to be created.
Specify one of the following values:
-i
Creates a function that returns
an issuer name from the certificate.
-s
Creates a function that returns
a signer name from the certificate.
-k
Creates a function that returns
a trusted public key.
Note: A CDSA application developer who is creating the EISL_RetrieveSelfCheckKey() function should specify -k. The other
codes are used only by CDSA vendors who are building CDSA itself
rather than a CDSA application or service provider module.
certfile
A text file that contains
the name of the certificate to be used.
codefile
The file to which the generated
function is written.
functionname
Name of the function to be
generated.
Note: CDSA application developers need to create only
the EISL_RetrieveSelfCheckKey() function (the last item in the following list). The
full set of functions is listed here to provide a complete overview
of the issuer utility. The other functions are applicable only for
CDSA vendors. Those who want to learn more about export chains can
refer to the Intel Common Data Security Architecture
Manifest Signing Tools User's Guide.
cssm_GetIntegrityRootKeys() (or cssm_GetExportRootKeys() for export)
cssm_GetIntegrityRootNames() (or cssm_GetExportRootNames() for export)
EISL_RetrieveSelfCheckKey()
EXAMPLE
The following example extracts the public key from the certificate
intmods.cer and creates a function named EISL_RetrieveSelfCheckKey() in the file modselfkey.h.
