Library /sys$common/syshlp/helplib.hlb  —  CDSA  CDSA$SIGN.EXE  Integrity Signing
   Integrity signing is optional for applications and mandatory
   for plug-in modules.

 SYNOPSIS

    cdsa_sign module_name subdirectory type signer_cert password
    cert_chain module_guid access_tag pvcapi_tag pvcspi_tag priv_tag

 OPTIONS

   module_ name
      The name of the module being signed.

   subdirectory
      The subdirectory (in UNIX directory format) containing the
      module being signed.

   type
      The module type, which can be one of the following:

        A - Service provider module
        C - CSSM
        D - Application sharable image
        E - Elective Module Manager
        G - Generic image
        X - Application executable

   signer_cert
      The name of the certificate being used to sign the module.

   password
      The password for the private key of the certificate being used
      to sign the module.

   cert_chain
      A text file identifying the Integrity certificates to be
      embedded. This file has the following form:

        number
        cert1
        cert2
        .
        .
        .

        where number is the number of certificates being embedded,
        and cert1 and cert2 are the names of certificates to be
        embedded; for example:

             2
             introot.cer
             intmanf.cer

   module_guid
      The string version of the globally unique identifier of the
      module being signed (as installed in MDS).

   access_tag
      For installer modules, this is the base-64 encoded, unsigned,
      32-bit value (in big-endian) of the access type defined for
      CDSA_DB_ACCESS_TYPE.  For modules other than installers,
      specify "XX" for this parameter.

   pvcapi_tag
      Specifies whether pointer validation checking is to be done on
      the application program interface boundaries.
      The values for the CDSA_PVC_API tag are as follows:

         "EXEMPT" Specifies an application manifest, where the program
                  can set the PVC flag in cssm_Init.
         "OFF"    Specifies a CSSM manifest, where the PVC flag is
                  not applicable.
         "XX"     Specifies that the CDSA_PVC_API tag is not in the
                  manifest.

   pvcspi_tag
      Specifies whether pointer validation checking is to be done on
      the service provider interface boundaries.
      The values for the CDSA_PVC_SPI tag are as follows:

         "EXEMPT" Specifies a service provider manifest, where the
                  program can set the PVC flag in cssm_Init.
         "OFF"    Specifies a CSSM manifest, where the PVC flag is
                  not applicable.
         "XX"     Specifies that the CDSA_PVC_SPI tag is not in the
                  manifest.

   priv_tag
      The CDSA_PRIV tag in the manifest. Currently, no CDSA_PRIV tag
      values are defined, so specify "XX" to indicate that this tag
      is not in the manifest.
Close Help