Certificate, Key, and Trust Services Programmer’s Guide contains an overview of Certificate, Key, and Trust services, discusses the functions and data structures that are most commonly used by developers, and provides examples of how to use Certificate, Key, and Trust Services in your own applications.
Certificate, Key, and Trust Services provides a C API for verifying certificates, evaluating trust, and generating asymmetric keys. You can use these services in your application to:
Add a certificate to a keychain
Find the certificate and private key associated with an identity
Generate an asymmetric key pair and store the keys on a keychain
Get a policy object for use in evaluating a certificate’s trust
Retrieve the anchor certificates stored by Mac OS X
Set parameters to use in evaluating a certificate’s trust
Evaluate a certificate’s trust
Get detailed information about the results of a trust evaluation
In addition, the Certificate, Key, and Trust Services API includes a number of functions that make it easier to move between the Mac OS X security APIs and CSSM.
Certificate, Key, and Trust Services can be used in Carbon, Cocoa, and UNIX applications running in Mac OS X.
This document concentrates on the use of Certificate, Key, and Trust Services to evaluate trust of a certificate.
In order to read this document, you should be familiar with general concepts of computer security and with the use of the keychain to store certificates and keys. See “See Also” for suggestions for further reading.
This document contains the following chapters:
“Certificate, Key, and Trust Services Concepts” discusses some of the concepts you need to understand in order to use the Certificate, Key, and Trust Services API.
“Certificate, Key, and Trust Services Tasks for iOS” contains iOS sample code and explanations for several common tasks associated with evaluating the trust of a certificate and recovering from a trust failure.
“Certificate, Key, and Trust Services Tasks for Mac OS X” contains Mac OS X sample code and explanations for several common tasks associated with evaluating the trust of a certificate and recovering from a trust failure.
“Glossary” defines new terms introduced in this book.
For more information on the APIs and concepts covered in this book, use the following resources:
Certificate, Key, and Trust Services Reference in Security Documentation documents all the functions and structures provided in the Certificate, Key, and Trust Services API.
For more information about storing and retrieving certificates and keys, see Keychain Services Reference in Security Documentation.
Many security concepts, including keys and certificates, are discussed in more detail in Security Overview in Security Documentation.
Certificate, Key, and Trust Services and other Mac OS X security APIs are built on the open-source Common Data Security Architecture (CDSA) and its programming interface, Common Security Services Manager (CSSM). For more information about the CSSM API, see Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm).
Last updated: 2010-07-09