United States of America export laws include restrictions on cryptography.
Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11
Cryptographic Framework.
A.
Corporations must utilize signed X.509 v3 certificates.
B.
A third-party provider object must be signed with a certificate issued by Oracle.
C.
Loadable kernel software modules must register using the Cryptographic Framework SPI.
D.
Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification
Authorities.
E.
Systems destined for embargoed countries utilize loadable kernel software modules that restrict
encryption to 64 bit keys.
Explanation:
B: Binary Signatures for Third-Party Software
The elfsign command provides a means to sign providers to be used with the Oracle Solaris
Cryptographic Framework. Typically, this command is run by the developer of a provider.
The elfsign command has subcommands to request a certificate from Sun and to sign binaries.
Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle
Solaris Cryptographic Framework. To sign one or more providers requires the certificate from Sun
and the private key that was used to request the certificate.C: Export law in the United States requires that the use of open cryptographic interfaces be
restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that
kernel cryptographic providers and PKCS #11 cryptographic providers be signed.
Reference: System Administration Guide: Security Services, Oracle Solaris Cryptographic
Framework
BC