Mercurial Mercurial > oss > FCL > sf > os > security / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptomgmtlibs/securitydocs/building-swicertstore.txt
branchRCL_3
changeset 53 030c4fbc13d7
parent 50 d07aa956024a
child 57 e0a1505373c1
child 58 b54b58ee9d58
equal deleted inserted replaced
50:d07aa956024a 53:030c4fbc13d7 
     1 swicertstoretool
 
       
     2 ================
 
       
     3 
       
     4 swicertstoretool is a tool for creating the SWI cert store data file containing
 
       
     5 the root certificates used by software install.  
       
     6 
       
     7 Command syntax
 
       
     8 --------------
 
       
     9 
       
    10 The syntax of the command is:
 
       
    11 
       
    12 swicertstoretool INPUT_FILE OUTPUT_FILE LOG_FILE
 
       
    13 
       
    14 INPUT_FILE is a text file describing the certificates to be put in the store.
 
       
    15 The format is described below.
 
       
    16 
       
    17 OUTPUT_FILE is where the cert store data file is written.  This will need to be
 
       
    18 copied to where the SWI cert store expects to find it,
 
       
    19 z:\resource\swicertstore.dat.
 
       
    20 
       
    21 LOG_FILE names a file that information is logged to when the command is run.
 
       
    22 This should be checked afterwards to see if the command succeeded.  Errors are
 
       
    23 indicated by lines starting with "***".
 
       
    24 
       
    25 Input file format
 
       
    26 -----------------
 
       
    27 
       
    28 The input file is in "ini" format.  Each section describes a certificate to be
 
       
    29 put in the store, with the section name taken as the certificate label.
 
       
    30 
       
    31 The following parameters can be specified for each certificate:
 
       
    32 
       
    33 Name			Description
 
       
    34 --------------------------------------------------------------------------------
 
       
    35 file			The name of the file containing the DER encoded certificate. 
       
    36 				This field must be present.
 
       
    37 
       
    38 mandatory		Whether the certificate is marked as mandatory for software
 
       
    39 				install. The value must be either "0" or "1".  The field is
 
       
    40 				optional - if it is not present the default is "0".
 
       
    41 
       
    42 capability		The name of a capability that the certificate can sign for.
 
       
    43 				This field can be repeated to allow multiple capabilities to be
 
       
    44 				specified.  Allowed capabilities are:
 
       
    45 
       
    46 					TCB
 
       
    47 					CommDD
 
       
    48 					PowerMgmt
 
       
    49 					MultimediaDD
 
       
    50 					ReadDeviceData
 
       
    51 					WriteDeviceData
 
       
    52 					DRM
 
       
    53 					TrustedUI
 
       
    54 					ProtServ
 
       
    55 					DiskAdmin
 
       
    56 					NetworkControl
 
       
    57 					AllFiles
 
       
    58 					SwEvent
 
       
    59 					NetworkServices
 
       
    60 					LocalServices
 
       
    61 					ReadUserData
 
       
    62 					WriteUserData
 
       
    63 					Location
 
       
    64 
       
    65 application		The name of an application that the certificate can be used for.
 
       
    66 				This can be repeated, but it must appear at least once.  Allowed
 
       
    67 				applications are:
 
       
    68 
       
    69 					SWInstall		(Software install)
 
       
    70 					SWInstallOCSP	(Software install OCSP signing)
 
       
    71 --------------------------------------------------------------------------------
 
       
    72 
       
    73 An example input file can be found in this directory.
FCL/sf/os/security