Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

System Administration Guide: Security Services
Previous Next

Terminology in the Solaris Cryptographic Framework

The following list of definitions and examples is useful when working with the cryptographic framework.

  • Algorithms – Cryptographic algorithms. These are established, recursive computational procedures that encrypt or hash input. Encryption algorithms can be symmetric or asymmetric. Symmetric algorithms use the same key for encryption and decryption. Asymmetric algorithms, which are used in public-key cryptography, require two keys. Hashing functions are also algorithms.

    Examples of algorithms include:

    • Symmetric algorithms, such as AES and ARCFOUR

    • Asymmetric algorithms, such as Diffie-Hellman and RSA

    • Hashing functions, such as MD5

  • Consumers – Are users of the cryptographic services that come from providers. Consumers can be applications, end users, or kernel operations.

    Examples of consumers include:

    • Applications, such as IKE

    • End users, such as an ordinary user who runs the encrypt command

    • Kernel operations, such as IPsec

  • Mechanism – Is the application of a mode of an algorithm for a particular purpose.

    For example, a DES mechanism that is applied to authentication, such as CKM_DES_MAC, is a separate mechanism from a DES mechanism that is applied to encryption, CKM_DES_CBC_PAD.

  • Metaslot – Is a single slot that presents a union of the capabilities of other slots which are loaded in the framework. The metaslot eases the work of dealing with all of the capabilities of the providers that are available through the framework. When an application that uses the metaslot requests an operation, the metaslot figures out which actual slot should perform the operation. Metaslot capabilities are configurable, but configuration is not required. The metaslot is on by default. To configure the metaslot, see the cryptoadm(1M) man page.

  • Mode – Is a version of a cryptographic algorithm. For example, CBC (Cipher Block Chaining) is a different mode from ECB (Electronic Code Book). The AES algorithm has two modes, CKM_AES_ECB and CKM_AES_CBC.

  • Policy – Is the choice, by an administrator, of which mechanisms to make available for use. By default, all providers and all mechanisms are available for use. The disabling of any mechanism would be an application of policy. The enabling of a disabled mechanism would also be an application of policy.

  • Providers – Are cryptographic services that consumers use. Providers plug in to the framework, so are also called plugins.

    Examples of providers include:

    • PKCS #11 libraries, such as pkcs11_softtoken.so

    • Modules of cryptographic algorithms, such as aes and arcfour

    • Device drivers and their associated hardware accelerators, such as the dca/0 accelerator

  • Slot – Is an interface to one or more cryptographic devices. Each slot, which corresponds to a physical reader or other device interface, might contain a token. A token provides a logical view of a cryptographic device in the framework.

  • Token – In a slot, a token provides a logical view of a cryptographic device in the framework.

Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire