HELPLIB.HLB  —  CDSA  CDSA_API, CL CertSign
 NAME

   CL_CertSign,
   CSSM_CL_CertSign - Sign a certificate (CDSA)

 SYNOPSIS

   # include <cssm.h>

        API:
        CSSM_RETURN CSSMAPI CSSM_CL_CertSign
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *CertTemplate,
        const CSSM_FIELD *SignScope,
        uint32 ScopeSize,
        CSSM_DATA_PTR SignedCert)
        SPI:
        CSSM_RETURN CSSMCLI CL_CertSign
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *CertTemplate,
        const CSSM_FIELD *SignScope,
        uint32 ScopeSize,
        CSSM_DATA_PTR SignedCert)

 LIBRARY

   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS

   CLHandle (input)
           The handle that describes the add-in certificate library module
           used to perform this function.

   CCHandle (input)
           A signature context defining the CSP, signing algorithm, and
           private key that must be used to perform the operation. The
           passphrase for the private key is also provided.

   CertTemplate (input)
           A pointer to a CSSM_DATA structure containing a certificate
           template in the default format supported by this CL. The
           template contains values that are currently contained in or
           will be contained in a signed certificate.

   SignScope (input/optional)
           A pointer to the CSSM_FIELD array containing the OID/value
           pairs of the fields to be signed. A null input signs all the
           fields provided by CertTemplate.

   ScopeSize (input)
           The number of entries in the SignScope list. If the sign scope
           is not specified, the input value for scope size must be zero.

   SignedCert (output)
           A pointer to the CSSM_DATA structure containing the signed
           certificate.

 DESCRIPTION

   This function signs a certificate using the private key and signing
   algorithm specified in the CCHandle. The result is a signed, encoded
   certificate in SignedCert. The certificate field values are specified
   in the input certificate template. The template is constructed using
   CSSM_CL_CertCreateTemplate() (CSSM API), or CL_CertCreateTemplate()
   (CL SPI). The template is in the default format for this CL.

   The CCHandle must be a signature context created using the function
   CSSM_CSP_CreateSignatureContext() (CSSM API), or
   CSP_CreateSignatureContext() (SPI). The context must specify the
   Cryptographic Services Provider (CSP) module, the signing algorithm,
   and the signing key that must be used to perform this operation.  The
   context must also provide the passphrase or a callback function to
   obtain the passphrase required to access and use the private key.

   The fields included in the signing operation are identified by the OIDs
   in the optional SignScope array.

   The memory for the SignedCert->Data output is allocated by the service
   provider using the calling application's memory management routines.
   The application must deallocate the memory.

 RETURN VALUE

   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other values
   represent an error condition.

 ERRORS

   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_CL_INVALID_CONTEXT_HANDLE
        CSSMERR_CL_UNKNOWN_FORMAT
        CSSMERR_CL_INVALID_FIELD_POINTER
        CSSMERR_CL_UNKNOWN_TAG
        CSSMERR_CL_INVALID_SCOPE
        CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
        CSSMERR_CL_SCOPE_NOT_SUPPORTED

 SEE ALSO

   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CertVerify
       CSSM_CL_CertCreateTemplate

   Functions for the CLI SPI:

       CL_CertVerify
       CL_CertCreateTemplate
Close Help