"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/crypto/store/README" (20 Nov 2018, 3451 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 The STORE type
    2 ==============
    3 
    4 A STORE, as defined in this code section, is really a rather simple
    5 thing which stores objects and per-object associations to a number
    6 of attributes.  What attributes are supported entirely depends on
    7 the particular implementation of a STORE.  It has some support for
    8 generation of certain objects (for example, keys and CRLs).
    9 
   10 
   11 Supported object types
   12 ----------------------
   13 
   14 For now, the objects that are supported are the following:
   15 
   16 X.509 certificate
   17 X.509 CRL
   18 private key
   19 public key
   20 number
   21 arbitrary (application) data
   22 
   23 The intention is that a STORE should be able to store everything
   24 needed by an application that wants a cert/key store, as well as
   25 the data a CA might need to store (this includes the serial number
   26 counter, which explains the support for numbers).
   27 
   28 
   29 Supported attribute types
   30 -------------------------
   31 
   32 For now, the following attributes are supported:
   33 
   34 Friendly Name		- the value is a normal C string
   35 Key ID			- the value is a 160 bit SHA1 hash
   36 Issuer Key ID		- the value is a 160 bit SHA1 hash
   37 Subject Key ID		- the value is a 160 bit SHA1 hash
   38 Issuer/Serial Hash	- the value is a 160 bit SHA1 hash
   39 Issuer			- the value is a X509_NAME
   40 Serial			- the value is a BIGNUM
   41 Subject			- the value is a X509_NAME
   42 Certificate Hash	- the value is a 160 bit SHA1 hash
   43 Email			- the value is a normal C string
   44 Filename		- the value is a normal C string
   45 
   46 It is expected that these attributes should be enough to support
   47 the need from most, if not all, current applications.  Applications
   48 that need to do certificate verification would typically use Subject
   49 Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
   50 S/MIME applications would typically use Email to look up recipient
   51 and signer certificates.
   52 
   53 There's added support for combined sets of attributes to search for,
   54 with the special OR attribute.
   55 
   56 
   57 Supported basic functionality
   58 -----------------------------
   59 
   60 The functions that are supported through the STORE type are these:
   61 
   62 generate_object		- for example to generate keys and CRLs
   63 get_object		- to look up one object
   64 			  NOTE: this function is really rather
   65 			  redundant and probably of lesser usage
   66 			  than the list functions
   67 store_object		- store an object and the attributes
   68 			  associated with it
   69 modify_object		- modify the attributes associated with
   70 			  a specific object
   71 revoke_object		- revoke an object
   72 			  NOTE: this only marks an object as
   73 			  invalid, it doesn't remove the object
   74 			  from the database
   75 delete_object		- remove an object from the database
   76 list_object		- list objects associated with a given
   77 			  set of attributes
   78 			  NOTE: this is really four functions:
   79 			  list_start, list_next, list_end and
   80 			  list_endp
   81 update_store		- update the internal data of the store
   82 lock_store		- lock the store
   83 unlock_store		- unlock the store
   84 
   85 The list functions need some extra explanation: list_start is
   86 used to set up a lookup.  That's where the attributes to use in
   87 the search are set up.  It returns a search context.  list_next
   88 returns the next object searched for.  list_end closes the search.
   89 list_endp is used to check if we have reached the end.
   90 
   91 A few words on the store functions as well: update_store is
   92 typically used by a CA application to update the internal
   93 structure of a database.  This may for example involve automatic
   94 removal of expired certificates.  lock_store and unlock_store
   95 are used for locking a store to allow exclusive writes.