LINEBURG


<< . .

 9
( 9)





OCI - API Mappings B-3
OCI - API Mapping Exceptions




B-4 Oracle Cryptographic Toolkit Programmer™s Guide
Glossary

API
See Application Programming Interface.

Application Programming Interface
A set of functions that allow applications written in C or C++ to communicate with
an operating system and issue SQL statements to one or more Oracle servers.

Certi¬cate
A document that uses the signature of a trusted party to attest to the validity of its
information.

Ciphertext
The result of encrypting data into an apparently random and meaningless format.
Ciphertext must be decrypted to be converted into a readable format.

Decrypt
To restore an encrypted message to its original form, so the original message is
readable.

Digital Signature
A cryptographic checksum of data encrypted using an entity™s private key. The
result authenticates the signature as having been generated by an entity, and it pro-
tects the data from tampering, since the signature can be veri¬ed.
A digital signature is an example of a message. If the message is a PKCS#7 mes-
sage, the message is considered to be in PKCS format.




Glossary-1
Encrypt
The transformation of data into an apparently random and meaningless format
(called ciphertext). The ciphertext is unreadable by anyone without the correct
decryption key.

Entity
A person (physical, imaginary, or otherwise) or a process.

Handle
A pointer to a storage area allocated by the API library.

Identity
The binding of a public key and other information to an entity. It is possible to have
more than one identity bound to an entity. Every identity has a type. Some better
known identity types are X.509 certi¬cates and PGP certi¬cates.

MD5
A message-digest hashing alogorithm that compresses a message of arbitrary
length into a 128-bit digest.

Message Format
The message format describes the layout and the contents of a message such as a
digital signature.

OCI
See Oracle Call Interface.

Oracle Call Interface
An application programming interface that allows applications written in C to inter-
act with one or more Oracle servers. See Programmer™s Guide to the Oracle Call Inter-
face.

Persona
An instance of your electronic personality. Each instance contains one or more ele-
ments such as an identity, the private key associated with the identity, and other
cipher keys. An entity may have more than one persona. A persona implies a set of
actions that can be used and a set of message formats that can be generated.




Glossary-2
PL/SQL
PL/SQL is Oracle Corporation™s procedural language extension to Structured
Query Language (SQL).

RC4
An encryption algorithm.

Repository IO
An abstraction from the various repositories (e.g., ¬le, database, hardware) used by
the wallet interface.

RIO
See Repository IO.

Sign
Data is signed using a persona from a wallet. The result may be formatted in a num-
ber of ways and may contain only the digital signature. The signed data may also
contain the original data, possibly encrypted, along with information about the
identity used for the signature.

SQL
See Structured Query Language.

Structured Query Language
A language used to query and manipulate databases.

TDU
See Toolkit Data Unit.

Toolkit Data Unit
An encoding of possibly formatted and/or cryptographically altered data that is
created by an application via the Oracle Security Server Toolkit. The toolkit data
unit is usually transferred to another application that uses the Oracle Security
Server Toolkit to decode the toolkit data unit back into data.
A toolkit data unit is the message granularity of the Oracle Security Server Toolkit,
and it is transport independent.




Glossary-3
Trustpoint
One or more identities that are considered trustworthy and can be used to validate
other identities.

Verify
A formatted message that results from signing is veri¬ed using the identity that
signed the message. Verifying the signature does not mean that the data can be
trusted. The identity associated with the message should be validated using a trust-
point.

Wallet
A facility that acts as a container for credentials (identities, personas, and trust-
points). Each entity has one or more wallets, and each wallet, while logically identi-
cal, may exist on a ¬le system or on a hardware device. The wallet may be
password protected.
A wallet may be shared (read only) across a network. In this case, the wallet should
only contain public information (i.e., identities and trust points).

Wallet Resource Locator
Speci¬es the wallet location.

WRL
See Wallet Resource Locator.




Glossary-4
Index
A Data type names, 2
DBMS_RANDOM, 15
API Interfaces, 5 Definitions
API Layer, 5 Authentication, 2
Attached sign/verify, 5 Authorization, 2
Certificate, 2
C Certificate Authority, 2
Confidentiality, 2
Certificate Authority (CA), 2
Cryptography, 2
Certificate Management Services, 3
Decryption, 2
Certificate Revocation List (CRL), 3
Encryption, 3
Checksums
Integrity, 3
generating, 12
Non-repudiation, 3
Concepts
Oracle Cryptographic Toolkit, 4
Cryptographic Engine, 4
Oracle Security Server, 2
Detached Signature, 4
Public/Private Key Pair, 3
Entity, 4
Public-Key Encryption, 3
Enveloping, 4
X.509, 3
Identity, 4
Detached sign/verify, 6
Persona, 4
Digital signatures
Personal Resource Locator, 4
PL/SQL routines for, 7
Protection Set, 5
Recipient Oriented Encryption, 5
E
security, 2
Signature, 5
Examples
Symmetric Encryption, 5
Generate a detached signature for an array of
Toolkit Data Unit, 5
bytes, 5
Trust Point, 6
Random Number Generator, 2
Wallet, 6
Cryptographic Engine functions, 5
F
D Features
Oracle Security Server, 2
data structures, 5 Functions




Index-1
K
Cryptographic Engine, 5
OCI, 1
Keyed hash, 6
OCISecurityClosePersona, 7
OCISecurityCloseWallet, 5
M
OCISecurityHash, 15
OCISecurityInitBlock, 19
Mapping
OCISecurityInitialize, 2
Exceptions, 3
OCISecurityOpenPersona, 6
Overview, 2
OCISecurityOpenWallet, 4
OCISecurityPurgeBlock, 21
O
OCISecurityRandomBytes, 17
OCISecurityRandomNumber, 18 Oracle Call Interface, 10
OCISecurityReuseBlock, 20 Oracle Enterprise Manager, 3
OCISecuritySeedRandom, 16 Oracle Security Server Manager, 3
OCISecuritySetBlock, 22
OCISecuritySign, 8
P
OCISecuritySignDetached, 12
OCISecurityTerminate, 3 Persona
OCISecurityValidate, 11 definition of, 8
OCISecurityVerify, 9 PL/SQL functions
OCISecurityVerifyDetached, 13 AbortIdentity, 5
Oracle Call Interface. See Functions ClosePersona, 4
OCI CloseWallet, 3
Persona/Identity, 6 CreateIdentity, 5
PL/SQL CreatePersona, 4
Digital Signature, 7 DestroyWallet, 3
General Purpose, 2 iInitialize, 2
Hash, 12 OpenPersona, 4
Random Number Generation, 15 OpenWallet, 2
Use Oracle Wallet, 3 RemoveIdentity, 5
Wallet, 6 RemovePersona, 4
StorePersona, 3
StoreTrustedIdentity, 6
H
Terminate, 2
Hash, 6 Validate, 6
PL/SQL interface, 10
I PL/SQL routines
Hash, 14
Identity
KeyedHash, 13
definition of, 7
Random, 15
Interfaces
SeedRandom, 15
Oracle call interface, 10
Sign, 8
PL/SQL, 10
SignDetached, 10
Verify, 9
VerifyDetached, 11




Index-2
Prefixes
data type names, 2
Program Flow, 2
Programming Steps
Interface with the Oracle Security Server, 3


R
Random Number Generator, 2
Example, 2
Functions, 2
Relationship
between Oracle Cryptographic Toolkit and
Oracle Security Server Services, 9


S
Sample
PL/SQL Program, 2
Security concepts, 2
Signatures
DSS, 5
RSA, 5


T
Toolkit
Elements of, 7
Trusted Identity
definition of, 8


W
Wallet
definition of, 9


X
X.509 v1 Certificate, 2




Index-3
Index-4

<< . .

 9
( 9)



Copyright Design by: Sunlight webdesign