Cryptographic modules are registered in the form of pkc_signature_algorithm_t structures, which contain the entry points for the following developer-supplied routines:
open( )
Opens the module
close( )
Closes the module
verify( )
Verifies a certificate signature
sign( )
Affixes a signature to a certificate
verify( ) and sign( ) are the routines that will actually call the encryption/decryption functions appropriate to the algorithm.
name( )
Returns the algorithm name, a character string that can be used in auditing or diagnostic messages.
The pkc_signature_algorithm_t structure also contains the following data fields:
· a version number
Note that the version field of a cryptographic module is not the same thing as the version number of a certificate. A crypto module's version
number is the version of the certification API that it is designed for (which in particular specifies the format of the pkc_signature_algorithm_t structure used to register the crypto
module).
· an object identifier (OID) identifying the signature algorithm