United States of America export laws include restrictions on cryptography.
Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11
Cryptographic Framework.
A.
Corporations must utilize signed X.509 v3 certificates.
B.
A third-party provider object must be signed with a certificate issued by Oracle.
C.
Loadable kernel software modules must register using the Cryptographic Framework SPI.
D.
Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification Authorities.
E.
Systems destined for embargoed countries utilize loadable kernel software modules that restrict encryption
to 64 bit keys.
Explanation:
B: Binary Signatures for Third-Party Software
The elfsign command provides a means to sign providers to be used with the Oracle Solaris Cryptographic
Framework. Typically, this command is run by the developer of a provider.
The elfsign command has subcommands to request a certificate from Sun and to sign binaries. Another
subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic
Framework. To sign one or more providers requires the certificate from Sun and the private key that was used
to request the certificate.
C: Export law in the United States requires that the use of open cryptographic interfaces be restricted. The
Oracle Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic
providers and PKCS #11 cryptographic providers be signed.