diff options
author | Parménides GV <parmegv@sdf.org> | 2014-04-07 20:43:34 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-04-08 11:43:27 +0200 |
commit | c206a91d320995f37f8abb33188bfd384249da3d (patch) | |
tree | 10a7d8a9dd7f24437ac4851b8d01edbd5dd3ee3b /openssl/crypto/store/README | |
parent | 910b0e1746ab3f63e63808b198ad51fec5b635e5 (diff) |
Next step: compile jni sources correctly.
Diffstat (limited to 'openssl/crypto/store/README')
-rw-r--r-- | openssl/crypto/store/README | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/openssl/crypto/store/README b/openssl/crypto/store/README deleted file mode 100644 index 966168f6..00000000 --- a/openssl/crypto/store/README +++ /dev/null @@ -1,95 +0,0 @@ -The STORE type -============== - -A STORE, as defined in this code section, is really a rather simple -thing which stores objects and per-object associations to a number -of attributes. What attributes are supported entirely depends on -the particular implementation of a STORE. It has some support for -generation of certain objects (for example, keys and CRLs). - - -Supported object types ----------------------- - -For now, the objects that are supported are the following: - -X.509 certificate -X.509 CRL -private key -public key -number -arbitrary (application) data - -The intention is that a STORE should be able to store everything -needed by an application that wants a cert/key store, as well as -the data a CA might need to store (this includes the serial number -counter, which explains the support for numbers). - - -Supported attribute types -------------------------- - -For now, the following attributes are supported: - -Friendly Name - the value is a normal C string -Key ID - the value is a 160 bit SHA1 hash -Issuer Key ID - the value is a 160 bit SHA1 hash -Subject Key ID - the value is a 160 bit SHA1 hash -Issuer/Serial Hash - the value is a 160 bit SHA1 hash -Issuer - the value is a X509_NAME -Serial - the value is a BIGNUM -Subject - the value is a X509_NAME -Certificate Hash - the value is a 160 bit SHA1 hash -Email - the value is a normal C string -Filename - the value is a normal C string - -It is expected that these attributes should be enough to support -the need from most, if not all, current applications. Applications -that need to do certificate verification would typically use Subject -Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. -S/MIME applications would typically use Email to look up recipient -and signer certificates. - -There's added support for combined sets of attributes to search for, -with the special OR attribute. - - -Supported basic functionality ------------------------------ - -The functions that are supported through the STORE type are these: - -generate_object - for example to generate keys and CRLs -get_object - to look up one object - NOTE: this function is really rather - redundant and probably of lesser usage - than the list functions -store_object - store an object and the attributes - associated with it -modify_object - modify the attributes associated with - a specific object -revoke_object - revoke an object - NOTE: this only marks an object as - invalid, it doesn't remove the object - from the database -delete_object - remove an object from the database -list_object - list objects associated with a given - set of attributes - NOTE: this is really four functions: - list_start, list_next, list_end and - list_endp -update_store - update the internal data of the store -lock_store - lock the store -unlock_store - unlock the store - -The list functions need some extra explanation: list_start is -used to set up a lookup. That's where the attributes to use in -the search are set up. It returns a search context. list_next -returns the next object searched for. list_end closes the search. -list_endp is used to check if we have reached the end. - -A few words on the store functions as well: update_store is -typically used by a CA application to update the internal -structure of a database. This may for example involve automatic -removal of expired certificates. lock_store and unlock_store -are used for locking a store to allow exclusive writes. |