Mercurial Mercurial > oss > MCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptomgmtlibs/securitydocs/building-swicertstore.txt
changeset 0 2c201484c85f
child 8 35751d3474b7 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptomgmtlibs/securitydocs/building-swicertstore.txt	Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,73 @@
+swicertstoretool
+================
+
+swicertstoretool is a tool for creating the SWI cert store data file containing
+the root certificates used by software install.  
+
+Command syntax
+--------------
+
+The syntax of the command is:
+
+swicertstoretool INPUT_FILE OUTPUT_FILE LOG_FILE
+
+INPUT_FILE is a text file describing the certificates to be put in the store.
+The format is described below.
+
+OUTPUT_FILE is where the cert store data file is written.  This will need to be
+copied to where the SWI cert store expects to find it,
+z:\resource\swicertstore.dat.
+
+LOG_FILE names a file that information is logged to when the command is run.
+This should be checked afterwards to see if the command succeeded.  Errors are
+indicated by lines starting with "***".
+
+Input file format
+-----------------
+
+The input file is in "ini" format.  Each section describes a certificate to be
+put in the store, with the section name taken as the certificate label.
+
+The following parameters can be specified for each certificate:
+
+Name			Description
+--------------------------------------------------------------------------------
+file			The name of the file containing the DER encoded certificate. 
+				This field must be present.
+
+mandatory		Whether the certificate is marked as mandatory for software
+				install. The value must be either "0" or "1".  The field is
+				optional - if it is not present the default is "0".
+
+capability		The name of a capability that the certificate can sign for.
+				This field can be repeated to allow multiple capabilities to be
+				specified.  Allowed capabilities are:
+
+					TCB
+					CommDD
+					PowerMgmt
+					MultimediaDD
+					ReadDeviceData
+					WriteDeviceData
+					DRM
+					TrustedUI
+					ProtServ
+					DiskAdmin
+					NetworkControl
+					AllFiles
+					SwEvent
+					NetworkServices
+					LocalServices
+					ReadUserData
+					WriteUserData
+					Location
+
+application		The name of an application that the certificate can be used for.
+				This can be repeated, but it must appear at least once.  Allowed
+				applications are:
+
+					SWInstall		(Software install)
+					SWInstallOCSP	(Software install OCSP signing)
+--------------------------------------------------------------------------------
+
+An example input file can be found in this directory.
MCL/sf/os/security