VMS Help  —  CDSA  CDSA_API, CL CrlSign
 NAME

   CL_CrlSign,
   CSSM_CL_CrlSign - Sign a CRL (CDSA)

 SYNOPSIS

   # include <cssm.h>

    API:
        CSSM_RETURN CSSMAPI CSSM_CL_CrlSign
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *UnsignedCrl,
        const CSSM_FIELD *SignScope,
        uint32 ScopeSize,
        CSSM_DATA_PTR SignedCrl)

    SPI:
        CSSM_RETURN CSSMCLI CL_CrlSign
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *UnsignedCrl,
        const CSSM_FIELD *SignScope,
        uint32 ScopeSize,
        CSSM_DATA_PTR SignedCrl)

 LIBRARY

   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS

   CLHandle (input)
           The handle that describes the add-in Certificate Library
           module used to perform this function.

   CCHandle (input)
           The handle that describes the context of this cryptographic
           operation.

   UnsignedCrl (input)
           A pointer to the CSSM_DATA structure containing the CRL to be
           signed.

   SignScope (input/optional)
           A pointer to the CSSM_FIELD array containing the tag/value pairs
           of the fields to be signed. If the signing scope is null, the
           Certificate Library module includes a default set of CRL fields
           in the signing process.

   ScopeSize (input)
           The number of entries in the sign scope list. If the signing
           scope is not specified, the input scope size must be zero.

   SignedCrl (output)
           A pointer to the CSSM_DATA structure containing the signed CRL.
           The SignedCrl->Data is allocated by the service provider and
           must be deallocated by the application.

 DESCRIPTION

   This function signs a CRL using the private key and signing algorithm
   specified in the CCHandle parameter. The result is a signed, encoded
   certificate revocation list in SignedCrl. The unsigned CRL is specified
   in the input UnsignedCrl. The UnsignedCrl is constructed using the
   CSSM_CL_CrlCreateTemplate(), CSSM_CL_CrlSetFields(),
   CSSM_CL_CrlAddCert(), and CSSM_CL_CrlRemoveCert() functions (for the
   CSSM API), or their CL SPI equivalents.

   The CCHandle must be context created using the function
   CSSM_CSP_CreateSignatureContext() (CSSM API), or
   CSP_CreateSignatureContext() (SPI). The context must specify the
   Cryptographic Services Provider module, the signing algorithm, and the
   signing key that must be used to perform this operation. The context
   must also provide the passphrase or a callback function to obtain the
   passphrase required to access and use the private key.

   The fields included in the signing operation are identified by the OIDs
   in the optional SignScope array.

   Once the CRL has been signed it cannot be modified. This means that
   entries cannot be added or removed from the CRL through application of
   the CSSM_CL_CrlAddCert() or CSSM_CL_CrlRemoveCertCSSM_CL_CrlRemoveCert()
   (or their CL SPI equivalent operations. A signed CRL can be verified,
   applied to a data store, and searched for values.

   The memory for the SignedCrl->Data output is allocated by the service
   provider using the calling application's memory management routines.
   The application must deallocate the memory.

 RETURN VALUE

   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other values
   represent an error condition.

 ERRORS

   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_CL_INVALID_CONTEXT_HANDLE
        CSSMERR_CL_INVALID_CRL_POINTER
        CSSMERR_CL_UNKNOWN_FORMAT
        CSSMERR_CL_INVALID_FIELD_POINTER
        CSSMERR_CL_UNKNOWN_TAG
        CSSMERR_CL_INVALID_SCOPE
        CSSMERR_CL_SCOPE_NOT_SUPPORTED
        CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
        CSSMERR_CL_CRL_ALREADY_SIGNED

 SEE ALSO

   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CrlVerify
       CSSM_CL_CrlVerifyWithKey

   Functions for the CLI SPI:

       CL_CrlVerify
       CL_CrlVerifyWithKey
Close Help