The issuer utility is used to create a set of functions that
are embedded into CSSM, or are used by EISL. A CDSA application
developer needs to create only the EISL_RetrieveSelfCheckKey
function. The other functions noted here are applicable only for
CDSA vendors (in this case, HP).
This program generally is called by
CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM.
SYNOPSIS
issuer option certfile codefile functionname
OPTIONS
option
A code that defines the function to be created.
Specify one of the following values:
-i Creates a function that returns an issuer name from
the certificate.
-s Creates a function that returns a signer name from
the certificate.
-k Creates a function that returns a trusted public key.
NOTE: A CDSA application developer who is creating the
EISL_RetrieveSelfCheckKey function should specify -k.
The other codes are used only by CDSA vendors who are building CDSA
itself rather than a CDSA application or service provider module.
certfile
A text file that contains the name of the certificate to be used.
codefile
The file to which the generated function is written.
functionname
Name of the function to be generated. One of the following:
* cssm_GetIntegrityRootKeys (cssm_GetExportRootKeys for export)
* cssm_GetIntegrityRootNames (cssm_GetExportRootNames for export)
* EISL_RetrieveSelfCheckKey
NOTE: CDSA application developers need to create only the
EISL_RetrieveSelfCheckKey function (the last item in the following
list). The full set of functions is listed here to provide a
complete overview of the issuer utility. The other functions are
applicable only for CDSA vendors. Those who want to learn more
about certificate chains can refer to the Intel CDSA Manifest
Signing Tools User's Guide.
1 – EXAMPLE
The following example extracts the public key from the certificate
intmods.cer and creates a function named EISL_RetrieveSelfCheckKey()
in the file modselfkey.h.
$ create intmodscertfile.
intmods.cer
$!
$ issuer -k intmodscertfile. modselfkey.h "EISL_RetrieveSelfCheckKey"