pkc_get_key_trust

pkc_get_key_trust_info(3sec)

Returns information about key trust

Synopsis

#include <pkc_api.h>

unsigned32 pkc_get_key_trust_info(

keyinfo_t * keyinfobase,

unsigned key_index,

certification_flags_t * flags,

uuid_t * key_domain,

unsigned long * key_usages);

Parameters

Input

keyinfobase
Key information, returned by pkc_retrieve_keyinfo(3sec).

key_index
Index of the key, ranging from 0 to keycount - 1.

Output

flags
Information about the trust that can be placed in the key (see below).

key_domain
Indicates domain of retrieved key. A value of sec_pk_domain_unspecified or NULL means that the policy does not distinguish keys by domain.

key_usages
Indicates usage key is intended for.

Description

pkc_get_key_trust_info(3sec) returns a set of flags describing the trust that can be placed in the key.

The desired information is extracted by the routine from the keyinfo_t structure, which must first be obtained by the caller by a call to the pkc_retrieve_keyinfo(3sec) routine.

The returned certification_flags_t structure describes the trust that can be placed in a returned key. It contains the following fields:

· trust_type
A trust_type_t value, which will be one of the following:

- UNTRUSTED
No trust (e.g., unauthenticated).

- DIRECT_TRUST
Direct trust via third party (e.g., authenticated registry).

- CERTIFIED_TRUST
Trust certified by caller's trust base.

· missing_crls
A char; its value is TRUE (not 0) if one or more CRLs are missing.

· revoked
A char whose value is TRUE (not 0) if any certificate has been revoked (even if it was still valid at the retrieval time).

If key_domain and key_usages are passed as non-NULL pointers, upon successful return these parameters will describe the domain and permitted usage(s) of the specified key. Policies that do not distinguish keys according to domain will indicate a domain of sec_pk_domain_unspecified; policies that do not distinguish keys according to usage will indicate all usages are permitted.

The returned key_usages is a bit mask which describes the usage(s), if any, which the key is restricted to. The value is formed by AND-ing together one or more of the following constants:

PKC_KEY_USAGE_AUTHENTICATION
The key can be used to authenticate a user

PKC_KEY_USAGE_INTEGRITY
The key can be used to provide integrity protection

PKC_KEY_USAGE_KEY_ENCIPHERMENT
The key can be used to encrypt user keys

PKC_KEY_USAGE_DATA_ENCIPHERMENT
The key can be used to encrypt user data

PKC_KEY_USAGE_KEY_AGREEMENT
The key can be used for key-exchange

PKC_KEY_USAGE_NONREPUDIATION
The key can be used for non-repudiation

PKC_CAKEY_USAGE_KEY_CERT_SIGN
The key can be used to sign key certificates

PKC_CAKEY_USAGE_OFFLINE_CRL_SIGN
The key can be used to sign CRLs

PKC_CAKEY_USAGE_TRANSACTION_SIGN
The key can be used to sign transactions

A returned key_usages value of NULL (or a value with all bits set) means that the key is suitable for any usage.

Return Values

pkc_s_success
Operation successfully completed.

Errors

Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

Related Information

Functions:
pkc_intro(3sec)
pkc_append_to_trustlist(3sec)
pkc_free(3sec)
pkc_free_keyinfo(3sec)
pkc_free_trustbase(3sec)
pkc_free_trustlist(3sec)
pkc_get_key_certifier_count(3sec)
pkc_get_key_certifier_info(3sec)
pkc_get_key_count(3sec)
pkc_get_key_data(3sec)
pkc_get_registered_policies(3sec)
pkc_init_trustbase(3sec)
pkc_init_trustlist(3sec)
pkc_retrieve_keyinfo(3sec)
pkc_retrieve_keylist(3sec)