Modules | |
| Recipient Attributes | |
| Content Integrity Check information. | |
Detailed Description
These #defines are used to provide the security environment used to sign messages and verify signatures. (NB Message Tokens used to provide signatures on a per recipient basis are in a different section). All these attributes apart from X400_B_SEC_GEN_MOAC can be specified in the Message object using X400msMsgAddStrParam() or X400msMsgAddIntParam(). They can also be specified in the default object using X400SetStrDefault() or X400SetIntDefault. X400_B_SEC_GEN_MOAC can only be set using X400msMsgAddIntParam().
Values in the Message object override those set in the Default object.
The values are all ignored when the message is constructed unless X400_B_SEC_GEN_MOAC is set in the Message object.
If X400_B_SEC_GEN_MOAC is set in the Message object, then a valid security environment must have been set up (see the X.509 Setup Guide). The other attributes must be passed in to point to this security environment.
Previously only Digital Identities in a directory called "x509" can be used. The parent directory is passed into X400_S_SEC_IDENTITY.
The preferred way to get the security environment is to use the X400_S_SEC_IDENTITY_FILE attribute which specifies a specific PKCS12 file.
These #defines are used to provide the security environment used to sign messages and verify signatures using Message Tokens to provide signatures on a per recipient basis. All these attributes apart from X400_B_SEC_GEN_MESSAGE_TOKEN can be specified
- in the Message object using X400msMsgAddStrParam() or X400msMsgAddIntParam().
- in the Recipient object using X400msRecipAddStrParam() or X400msRecipAddIntParam(). They can also be specified in the default object using X400SetStrDefault() or X400SetIntDefault. X400_B_SEC_GEN_MESSAGE_TOKEN can only be set by X400msRecipAddIntParam().
Values in the Message object override those set in the Default object. Values in the Recipient object override those set in the Message object.
The values are all ignored when the message is constructed unless the X400_B_SEC_GEN_MESSAGE_TOKEN is set in the Recipient object.
If X400_B_SEC_GEN_MESSAGE_TOKEN is set in the Recipient object, then a valid security environment must have been set up. (see the X.509 Setup Guide). The other attributes must be passed in to point to this security environment.
Currently only Digital Identities in a directory called "x509" can be used. This parent directory is passed in X400_S_SEC_IDENTITY.
Macro Definition Documentation
◆ X400_S_SEC_IDENTITY
| #define X400_S_SEC_IDENTITY 180 |
- Deprecated:
- Directory in which to search for Identities: Looks in x509 Sub Directory, obsolescent: use X400_S_SEC_IDENTITY_FILE
Definition at line 564 of file x400_att.h.
◆ X400_B_SEC_GEN_MOAC
| #define X400_B_SEC_GEN_MOAC 181 |
Generate MOAC 0: no (default), 1: yes
Definition at line 567 of file x400_att.h.
◆ X400_S_SEC_IDENTITY_PASSPHRASE
| #define X400_S_SEC_IDENTITY_PASSPHRASE 182 |
Passphrase to open Identity
Definition at line 570 of file x400_att.h.
◆ X400_S_SEC_IDENTITY_DN
| #define X400_S_SEC_IDENTITY_DN 183 |
- Deprecated:
- DN in Certificate - obsolescent: use X400_S_SEC_IDENTITY_FILE
Definition at line 573 of file x400_att.h.
◆ X400_S_SEC_DB_IDENTITY
| #define X400_S_SEC_DB_IDENTITY 184 |
When X400_B_P1_GATEWAY_INBOUND_SIGN is set (in order to use P1 inbound gateway per-recipient signing), this is the Security Database configuration to use. If this value is set, it overrides any setting for the channel. If it is not set the channel setting is used, else use the default 'x400mt'.
Definition at line 579 of file x400_att.h.
◆ X400_S_SEC_DB_MTA
| #define X400_S_SEC_DB_MTA 185 |
When X400_B_P1_GATEWAY_INBOUND_SIGN is set (in order to use P1 inbound gateway per-recipient signing), this is the MTA to use when signing to obtain the security database identity. If this value is set, it overrides any setting for the channel. If it is not set the channel setting is used.
Definition at line 586 of file x400_att.h.
◆ X400_S_SEC_ENV
| #define X400_S_SEC_ENV 186 |
For internal use only
Definition at line 589 of file x400_att.h.
◆ X400_S_MOAC
| #define X400_S_MOAC 187 |
X.400 Message Origin Authentication Check
- Examples
- examples/x400_mtrcv.c, and examples/x400_mtsend.c.
Definition at line 592 of file x400_att.h.
◆ X400_N_MOAC_STATUS
| #define X400_N_MOAC_STATUS 188 |
Status of MOAC in message
Definition at line 595 of file x400_att.h.
◆ X400_S_CERT_INFO
| #define X400_S_CERT_INFO 189 |
For internal use only
Definition at line 598 of file x400_att.h.
◆ X400_S_SEC_IDENTITY_FILE
| #define X400_S_SEC_IDENTITY_FILE 190 |
Names the PKCS12 files - preferred to obsolescent X400_S_SEC_IDENTITY_DN and X400_S_SEC_IDENTITY
Definition at line 601 of file x400_att.h.
◆ X400_S_SEC_TRUSTED_CERTS_DIR
| #define X400_S_SEC_TRUSTED_CERTS_DIR 191 |
Directory containing trusted Certificates. Needed when verifying signatures using Certificates issued by CAs other than the verifier. These certificates have to be in DER fomat (usually with a .crt extension).
Definition at line 605 of file x400_att.h.
◆ X400_S_SEC_SECURITY_DB
| #define X400_S_SEC_SECURITY_DB 192 |
Name of security DB file to provide the security environment
Definition at line 608 of file x400_att.h.
◆ X400_S_SEC_SECURITY_PASSPHRASE
| #define X400_S_SEC_SECURITY_PASSPHRASE 193 |
Passphrase to access security DB file
Definition at line 611 of file x400_att.h.
◆ X400_S_SEC_SIGNING_URI
| #define X400_S_SEC_SIGNING_URI 194 |
URI for the signing certificate/key to be used for signing The value should correspond to the name of an entity in the security DB
Definition at line 616 of file x400_att.h.
◆ X400_S_SECURITY_ENV
| #define X400_S_SECURITY_ENV 195 |
For internal use only
Definition at line 619 of file x400_att.h.
◆ X400_S_SEC_DB_CHANNEL
| #define X400_S_SEC_DB_CHANNEL 196 |
When X400_B_P1_GATEWAY_INBOUND_SIGN is set (in order to use P1 inbound gateway per-recipient signing), this is the channel to use for the Security Database configuration. If this value is set, it overrides any setting for the channel. This must be set in this case.
Definition at line 624 of file x400_att.h.
◆ X400_N_S4406
| #define X400_N_S4406 440600 |
STANAG 4406 security control. For message creation the attribute controls what elements are used. For a received message, it reports the security elements in the message. Currently supported values are: 0 - no security elements X400_N_S4406_SINGLE_WRAP - Single wrap signing, compatible with PCT.
Definition at line 633 of file x400_att.h.
◆ X400_N_S4406_STATUS
| #define X400_N_S4406_STATUS 440601 |
Status of security for S4406 signed message. For an S4406 message this gives the status for the verification of the signing Not present in a non-S4406 secured message.
Definition at line 639 of file x400_att.h.
◆ X400_S_S4406_STATUS_DETAIL
| #define X400_S_S4406_STATUS_DETAIL 440602 |
Detail for status of S4406 signed message. This is a message string giving more detail about a verification failure.
Definition at line 644 of file x400_att.h.
◆ X400_S_S4406_SECURITY_LABEL
| #define X400_S_S4406_SECURITY_LABEL 440603 |
Label for S4406 signed message. The value should be the binary encoding of an ESS Label
Definition at line 649 of file x400_att.h.
◆ X400_N_S4406_CERTIFICATE
| #define X400_N_S4406_CERTIFICATE 440604 |
Certificate from S4406 signed message. Used with X400MsgGetCert()
Definition at line 654 of file x400_att.h.
◆ X400_S_S4406_SIGNING_TIME
| #define X400_S_S4406_SIGNING_TIME 440605 |
Signing time from S4406 signed message. In UTCTime format.
Definition at line 659 of file x400_att.h.
◆ X400_B_SEC_GEN_MESSAGE_TOKEN
| #define X400_B_SEC_GEN_MESSAGE_TOKEN 1700 |
Generate Message Token 0: no (default), 1: yes
Definition at line 1446 of file x400_att.h.
◆ X400_B_SEC_ADD_CERT_PATH
| #define X400_B_SEC_ADD_CERT_PATH 1701 |
Include Certificate Path when generating Message Token 0: no (default), 1: yes
Definition at line 1449 of file x400_att.h.
◆ X400_B_SEC_CONTENT_INTEGRITY_CHECK
| #define X400_B_SEC_CONTENT_INTEGRITY_CHECK 1702 |
Add Content Integrity Extension and use in Message Token: no (default), 1: yes
Definition at line 1452 of file x400_att.h.
◆ X400_B_P1_GATEWAY_INBOUND_SIGN
| #define X400_B_P1_GATEWAY_INBOUND_SIGN 1703 |
Sign messages on the P1 inbound gateway channel (x400mt) if not already signed. Only Security Database configurations are supported. The value of X400_S_SEC_DB_CONFIGURATION is used to control which configuration is used. 0: no gateway signing (default), 1: sign on the gateway
Definition at line 1460 of file x400_att.h.
◆ X400_N_MSGTOK_STATUS
| #define X400_N_MSGTOK_STATUS 1710 |
Status of recipient Message Token - See below for possible values
- Examples
- examples/x400_mtrcv.c.
Definition at line 1464 of file x400_att.h.
◆ X400_S_MSGTOK_DER
| #define X400_S_MSGTOK_DER 1716 |
Token in recipient when verifying a Message Token signature
- Examples
- examples/x400_mtrcv.c.
Definition at line 1467 of file x400_att.h.
◆ X400_N_MSGTOK_SEQ_NUM
| #define X400_N_MSGTOK_SEQ_NUM 1717 |
Sequence number in Message Token
- Examples
- examples/x400_mtrcv.c.
Definition at line 1470 of file x400_att.h.
◆ X400_S_MSGTOK_RECIP
| #define X400_S_MSGTOK_RECIP 1718 |
Recipient in Message Token
- Examples
- examples/x400_mtrcv.c.
Definition at line 1473 of file x400_att.h.
◆ X400_S_MSGTOK_SEC_LAB
| #define X400_S_MSGTOK_SEC_LAB 1719 |
Security Label in Message Token
- Examples
- examples/x400_mtrcv.c.
Definition at line 1476 of file x400_att.h.
◆ X400_N_MSGTOK_PODR_STATUS
| #define X400_N_MSGTOK_PODR_STATUS 1721 |
Information about PODR in Token and Envelope
Definition at line 1479 of file x400_att.h.
◆ X400_N_MSGTOK_SEC_LAB_STATUS
| #define X400_N_MSGTOK_SEC_LAB_STATUS 1722 |
Information about Security Label in Token and Envelope
Definition at line 1482 of file x400_att.h.
◆ X400_N_MSGTOK_RECIP_STATUS
| #define X400_N_MSGTOK_RECIP_STATUS 1723 |
Information about Recipient in Token and Envelope
Definition at line 1485 of file x400_att.h.
◆ X400_N_MSGTOK_CIC_STATUS
| #define X400_N_MSGTOK_CIC_STATUS 1724 |
Status of CIC in Message Token
Definition at line 1488 of file x400_att.h.
◆ X400_S_MSGTOK_CIC
| #define X400_S_MSGTOK_CIC 1726 |
Content Integrity Check DER from Message Token
- Examples
- examples/x400_mtrcv.c.
Definition at line 1491 of file x400_att.h.