NPKIT_x509NovellExtensionInfo
Retrieves the Novell Security Attribute extension information
encoded in the certificate if the Novell Security Attribute extension
exists in the certificate.
Syntax
#include "NPKIT_x509.h"
NWRCODE NPKIT_x509NovellExtensionInfo
(
NPKIT_x509Context context,
unicode const **version,
unicode const **URIReference,
nbool8 *keyQEnforceQuality,
nint16 *keyQCSCriteria,
nint16 *keyQCSRating,
nint16 *keyQCryptoCriteria,
nint16 *keyQCryptoRating,
nint16 *keyQKeyStorage,
nbool8 *cryptoProEnforceQuality,
nint16 *cryptoProCSCriteria,
nint16 *cryptoProCSRating,
nint16 *cryptoProCryptoCriteria,
nint16 *cryptoProCryptoRating,
nint16 *cryptoProKeyStorage,
nint16 *certificateClass,
nuint8 const **EIDRootLabel,
nint32 *EIDRootLabelLen,
nuint8 const **EIDEnterpriseLabel,
nuint8 const *EIDEnterpriseLabelLen,
nuint8 const **EIDRegistryLabel,
nint32 *EIDRegistryLabelLen
);
Parameters
- context
- (IN) Specifies the NPKIT_x509 context handle
for the request. This is a nuint32 value.
- version
- (OUT) Points to a Unicode string containing the
version of the Novell Security Attribute.
- URIReference
- (OUT) Points to a Unicode string containing a URI
where more information about the Novell Security Attributes can
be found.
- keyQEnforceQuality
- (OUT) Points to the enforce quality flag, which
specifies whether the cryptography provider can use the private
key on a platform that does not meet the minimum key quality attributes specified.
- keyQCSCriteria
- (OUT) Points to the computer security criteria under
which the machine used to generate the key pair was evaluated (for
example, TCSEC or Common Criteria).
- keyQCSRating
- (OUT) Points to the computer security rating of
the machine used to generate the key pair (for example, TCSEC C2
EVALUATED).
- keyQCryptoCriteria
- (OUT) Points to the cryptographic module criteria
under which the machine used to generate the key pair was evaluated
(for example, FIPS 140-1).
- keyQCryptoRating
- (OUT) Points to the cryptographic module rating
of the machine used to generate the key pair (for example, FIPS
140-1 VENDOR INSPECTED).
- keyQKeyStorage
- (OUT) Points to the key storage quality which represents
the protection used to secure the private key (for example, password,
biometric).
- cryptoProEnforceQuality
- (OUT) Points to the enforce quality flag, which
specifies whether the user will use the private key on a platform
that meets the minimum cryptography process attributes specified.
- cryptoProCSCriteria
- (OUT) Points to the computer security criteria under
which the machine that uses the private key was evaluated (that
is, TCSEC or Common Criteria).
- cryptoProCSRating
- (OUT) Points to the cryptographic module rating
of the machine that uses the private key (that is, FIPS 140-1 VENDOR
INSPECTED).
- cryptoProCryptoCriteria
- (OUT) Points to the cryptographic module criteria
under which the machine that uses the private key was evaluated
(that is, FIPS 140-1).
- cryptoProCryptoRating
- (OUT) Points to the cryptographic module rating
of the machine that uses the private key (that is, FIPS 140-1 VENDOR
INSPECTED).
- cryptoProKeyStorage
- (OUT) Points to the cryptography process storage
quality which represents the protection used to secure the private
key (for example, password, biometric).
- certificateClass
- (OUT) Points to the certificate class, which represents
the amount of due diligence preformed by the CA before signing the
certificate (for example, e-mail address, enterprise name, government
agency).
- EIDRootLabel
- (OUT) Points to the enterprise identifier, which
specifies the levels and categories for secrecy and integrity for
the Root authority.
- EIDRootLabelLen
- (OUT) Specifies the length of the EIDRootLabel field.
- EIDEnterpriseLabel
- (OUT) Points to the enterprise identifier, which
specifies the levels and categories for secrecy and integrity for
the enterprise authority.
- EIDEnterpriseLabelLen
- (OUT) Points to the length of the EIDEnterpriseLabel field.
- EIDRegistryLabel
- (OUT) Points to the enterprise identifier which
specifies the levels and categories for secrecy and integrity for
the registry authority.
- EIDRegistryLabelLen
- (OUT) Points to the length of the EIDRegistryLabel field.
Remarks
Before calling this function, you must first successfully
call NPKIT_x509DecodeCertificate. The Novell
Security Attribute contains information about the cryptographic
key quality and operating system’s security assurance.For
more information about Novell Security Attributes, see Novell
Certificate Extension Attributes - Novell Security Attributes.
The Novell Security Attributes extension is optional. Therefore,
not all certificates have Novell Security Attributes