B: Binary Signatures for Third-Party Software
The elfsign command provides a means to sign providers to be used with the Oracle Solaris
Cryptographic Framework. Typically, this command is run by the developer of a provider.
The elfsign command has subcommands to request a certificate from Sun and to sign binaries.
Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris
Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the
private key that was used to request the certificate.
C: Export law in the United States requires that the use of open cryptographic interfaces be
restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that
kernel cryptographic providers and PKCS #11 cryptographic providers be signed.
