CL_CertSign(3)CL_CertSign(3)NAME
CL_CertSign, CSSM_CL_CertSign - Sign a certificate (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CertSign (CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle, const CSSM_DATA *CertTemplate, const
CSSM_FIELD *SignScope, uint32 ScopeSize, CSSM_DATA_PTR SignedCert) SPI:
CSSM_RETURN CSSMCLI CL_CertSign (CSSM_CL_HANDLE CLHandle, CSSM_CC_HAN‐
DLE CCHandle, const CSSM_DATA *CertTemplate, const CSSM_FIELD *Sign‐
Scope, uint32 ScopeSize, CSSM_DATA_PTR SignedCert)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in certificate library module used to
perform this function. A signature context defining the CSP, signing
algorithm, and private key that must be used to perform the operation.
The passphrase for the private key is also provided. A pointer to a
CSSM_DATA structure containing a certificate template in the default
format supported by this CL. The template contains values that are cur‐
rently contained in or will be contained in a signed certificate. A
pointer to the CSSM_FIELD array containing the OID/value pairs of the
fields to be signed. A null input signs all the fields provided by
CertTemplate. The number of entries in the SignScope list. If the sign
scope is not specified, the input value for scope size must be zero. A
pointer to the CSSM_DATA structure containing the signed certificate.
DESCRIPTION
This function signs a certificate using the private key and signing
algorithm specified in the CCHandle. The result is a signed, encoded
certificate in SignedCert. The certificate field values are specified
in the input certificate template. The template is constructed using
CSSM_CL_CertCreateTemplate() (CSSM API), or CL_CertCreateTemplate() (CL
SPI). The template is in the default format for this CL.
The CCHandle must be a signature context created using the function
CSSM_CSP_CreateSignatureContext() (CSSM API), or CSP_CreateSignature‐
Context() (SPI). The context must specify the Cryptographic Services
Provider (CSP) module, the signing algorithm, and the signing key that
must be used to perform this operation. The context must also provide
the passphrase or a callback function to obtain the passphrase required
to access and use the private key.
The fields included in the signing operation are identified by the OIDs
in the optional SignScope array.
The memory for the SignedCert->Data output is allocated by the service
provider using the calling application's memory management routines.
The application must deallocate the memory.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSS‐
MERR_CL_UNKNOWN_FORMAT CSSMERR_CL_INVALID_FIELD_POINTER CSS‐
MERR_CL_UNKNOWN_TAG CSSMERR_CL_INVALID_SCOPE CSSMERR_CL_INVALID_NUM‐
BER_OF_FIELDS CSSMERR_CL_SCOPE_NOT_SUPPORTED
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CertVerify(3), CSSM_CL_CertCreateTemplate(3)
Functions for the CLI SPI:
CL_CertVerify(3), CL_CertCreateTemplate(3)CL_CertSign(3)