System Administration Guide: Security Services
Previous Next

Scope of the Solaris Cryptographic Framework

The framework provides commands for administrators, for users, and for developers who supply providers:

  • Administrative commands – The cryptoadm command provides a list subcommand to list the available providers and their capabilities. Ordinary users can run the cryptoadm list and the cryptoadm --help commands.

    All other cryptoadm subcommands require you to assume a role that includes the Crypto Management rights profile, or to become superuser. Subcommands such as disable, install, and uninstall are available for administering the framework. For more information, see the cryptoadm(1M) man page.

    The svcadm command is used to manage the kcfd daemon, and to refresh cryptographic policy in the kernel. For more information, see the svcadm(1M) man page.

  • User-level commands – The digest and mac commands provide file integrity services. The encrypt and decrypt commands protect files from eavesdropping. To use these commands, see Protecting Files With the Solaris Cryptographic Framework (Task Map).

  • Binary signatures for third-party providers – The elfsign command enables third parties to sign binaries for use within the framework. Binaries that can be added to the framework are PKCS #11 libraries, kernel algorithm modules, and hardware device drivers. To use the elfsign command, see Appendix F, Packaging and Signing Cryptographic Providers, in Solaris Security for Developers Guide.

Previous Next