Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ pkc_get_key_trust_info(3sec) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

pkc_get_key_trust_info(3sec)  —  Subroutines

NAME

pkc_get_key_trust_info — Returns information about key trust

Synopsis

unsigned32 pkc_get_key_trust_info(
keyinfo_t  ∗ keyinfobase,
unsigned key_index,
certification_flags_t ∗ flags,
uuid_t ∗ key_domain,
unsigned long ∗ key_usages);

Parameters

Input

keyinfobaseKey information, returned by pkc_retrieve_keyinfo(3sec). 

key_indexIndex of the key, ranging from 0 to keycount - 1. 

Output

flagsInformation about the trust that can be placed in the key (see below). 

key_domain
Indicates domain of retrieved key. A value of sec_pk_domain_unspecified or NULL means that the policy does not distinguish keys by domain. 

key_usagesIndicates usage key is intended for. 

Description

pkc_get_key_trust_info(3sec) returns a set of flags describing the trust that can be placed in the key. 

The desired information is extracted by the routine from the keyinfo_t structure, which must first be obtained by the caller by a call to the pkc_retrieve_keyinfo(3sec) routine. 

The returned certification_flags_t structure describes the trust that can be placed in a returned key. It contains the following fields:

   •trust_type

A trust_type_t value, which will be one of the following:

   •UNTRUSTED

No trust (e.g., unauthenticated). 

   •DIRECT_TRUST

Direct trust via third party (e.g., authenticated registry). 

   •CERTIFIED_TRUST

Trust certified by caller’s trust base. 

   •missing_crls

A char; its value is TRUE (not 0) if one or more CRLs are missing. 

   •revoked

A char whose value is TRUE (not 0) if any certificate has been revoked (even if it was still valid at the retrieval time). 

If key_domain and key_usages are passed as non-NULL pointers, upon successful return these parameters will describe the domain and permitted usage(s) of the specified key. Policies that do not distinguish keys according to domain will indicate a domain of sec_pk_domain_unspecified; policies that do not distinguish keys according to usage will indicate all usages are permitted. 

The returned key_usages is a bit mask which describes the usage(s), if any, which the key is restricted to. The value is formed by AND-ing together one or more of the following constants:

PKC_KEY_USAGE_AUTHENTICATION
The key can be used to authenticate a user

PKC_KEY_USAGE_INTEGRITY
The key can be used to provide integrity protection

PKC_KEY_USAGE_KEY_ENCIPHERMENT
The key can be used to encrypt user keys

PKC_KEY_USAGE_DATA_ENCIPHERMENT
The key can be used to encrypt user data

PKC_KEY_USAGE_KEY_AGREEMENT
The key can be used for key-exchange

PKC_KEY_USAGE_NONREPUDIATION
The key can be used for non-repudiation

PKC_CAKEY_USAGE_KEY_CERT_SIGN
The key can be used to sign key certificates

PKC_CAKEY_USAGE_OFFLINE_CRL_SIGN
The key can be used to sign CRLs

PKC_CAKEY_USAGE_TRANSACTION_SIGN
The key can be used to sign transactions

A returned key_usages value of NULL (or a value with all bits set) means that the key is suitable for any usage. 

Return Values

pkc_s_success
Operation successfully completed.

Errors

Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages. 

Related Information

Functions: pkc_intro(3sec), pkc_append_to_trustlist(3sec), pkc_free(3sec), pkc_free_keyinfo(3sec), pkc_free_trustbase(3sec), pkc_free_trustlist(3sec), pkc_get_key_certifier_count(3sec), pkc_get_key_certifier_info(3sec), pkc_get_key_count(3sec), pkc_get_key_data(3sec), pkc_get_registered_policies(3sec), pkc_init_trustbase(3sec), pkc_init_trustlist(3sec), pkc_retrieve_keyinfo(3sec), pkc_retrieve_keylist(3sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026