This Appendix describes the cryptographic service calls under development by NIST and proposed to the POSIX.6 Working Group. An overview of this draft API is given in Chapter 5.
The cryptographic service calls are presented in four subsections. Section B.1 describes the databases needed to support the API. Section B.1.1 addresses the database management functions in support of the cryptographic functions. Section B.1.2 presents secret-key cryptographic service calls including message encryption, message integrity, and key management. Similarly, Section B.1.3 addresses the public-key cryptographic service calls including public-key encryption, digital signature, and key management.
In describing the service calls, it should be noted that the specification of the service calls is not tied to any particular programming language. For each service call, the syntax of the call is presented first, followed by its parameter descriptions. Each parameter is listed with its data type and an indication of whether it is an input or output parameter, or both. It is possible for some input parameters to be passed through a trusted path such as a smart card other than from the application programs. For each output parameter, whether it is a single-value parameter or an array of single-value elements, it is assumed that the host application program will allocate the necessary memory storage in advance to receive the output values. The data type of ``string'' refers to strings of characters or sequences of bytes. Strings are left justified, and padded on the right if necessary. Commands marked with an asterisk are restricted to cryptographic officers (CO).