Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
CSSM_KR_SetEnterpriseRecoveryPolicy z/OS Open Cryptographic Services Facility Application Programming SC24-5899-01 |
|
PurposeThis call establishes the identity of the file that contains the enterprise key recovery policy function. It allows the use of a passphrase for access control to the update of the enterprise policy module. The first time this function is invoked, the old passphrase should be "default" in the Param field of the CSSM_CRYPTO_DATA_PTR. A passphrase can be established at this time for subsequent access control to this function by entering it in the NewPassphrase parameter. If the passphrase is to be changed, both the old and new passphrases have to be supplied. The policy function module is operating system platform-specific (for Win95 and NT, it may be a Dynamic Link Library (DLL); for UNIX-based platforms, it may be a separate executable that gets launched by the OCSF). It is expected that the policy function file will be protected using the available protection mechanisms of the operating system platform. The policy function is expected to conform to this interface:
The CSSM_BOOL return value of this policy function will determine whether enterprise-based key recovery is mandated for the given cryptographic operation. CSSM_TRUE means that key recovery enablement is required for the given Context, and CSSM_FALSE means it is not. Format
ParametersInput
Return ValueA CSSM return value. This function returns CSSM_OK if successful, and returns CSSM_FAIL if an error has occurred. Use CSSM_GetError to determine the error code. |
Copyright IBM Corporation 1990, 2014
|