Copyright Digital Equipment Corp. All rights reserved.

Integrity_Signing

  Integrity signing is optional for applications and mandatory 
  for plug-in modules. 


SYNOPSIS

   cdsa_sign module_name subdirectory type signer_cert password 
   cert_chain module_guid access_tag pvcapi_tag pvcspi_tag priv_tag

OPTIONS

  module_ name
     The name of the module being signed.

  subdirectory
     The subdirectory (in UNIX directory format) containing the 
     module being signed.

  type
     The module type, which can be one of the following:

       A - Service provider module
       C - CSSM
       D - Application sharable image
       E - Elective Module Manager
       G - Generic image
       X - Application executable

  signer_cert
     The name of the certificate being used to sign the module. 

  password
     The password for the private key of the certificate being used 
     to sign the module.  

  cert_chain
     A text file identifying the Integrity certificates to be 
     embedded. This file has the following form:

       number
       cert1
       cert2
       .
       .
       .

       where number is the number of certificates being embedded, 
       and cert1 and cert2 are the names of certificates to be 
       embedded; for example:

            2
            introot.cer
            intmanf.cer

  module_guid
     The string version of the globally unique identifier of the 
     module being signed (as installed in MDS).

  access_tag
     For installer modules, this is the base-64 encoded, unsigned, 
     32-bit value (in big-endian) of the access type defined for 
     CDSA_DB_ACCESS_TYPE.  For modules other than installers, 
     specify "XX" for this parameter.

  pvcapi_tag
     Specifies whether pointer validation checking is to be done on 
     the application program interface boundaries. 
     The values for the CDSA_PVC_API tag are as follows: 

        "EXEMPT" Specifies an application manifest, where the program 
                 can set the PVC flag in cssm_Init.
        "OFF"    Specifies a CSSM manifest, where the PVC flag is 
                 not applicable. 
        "XX"     Specifies that the CDSA_PVC_API tag is not in the 
                 manifest.

  pvcspi_tag
     Specifies whether pointer validation checking is to be done on 
     the service provider interface boundaries. 
     The values for the CDSA_PVC_SPI tag are as follows:

        "EXEMPT" Specifies a service provider manifest, where the 
                 program can set the PVC flag in cssm_Init.
        "OFF"    Specifies a CSSM manifest, where the PVC flag is 
                 not applicable. 
        "XX"     Specifies that the CDSA_PVC_SPI tag is not in the 
                 manifest.

  priv_tag
     The CDSA_PRIV tag in the manifest. Currently, no CDSA_PRIV tag 
     values are defined, so specify "XX" to indicate that this tag 
     is not in the manifest.