OneTime Crypto Worker
EntrustSAMOneTimeCryptoWorker
authenticates to the Entrust SAM using the certificate and key pair provided by any implementation of the Crypto Token. The Signer
referencing the EntrustSAMOneTimeCryptoWorker
will be able to sign documents or data using the following process:
- generate a new key pair based on the specified algorithm
- assign the user to the generate key pair
- generate a proof of possession for the user and associated key pair
- request the certificate from certification authority
- sign the document or data using the certificate and key pair
- unassign the user from the key pair
- destroy the key pair
The implementation class of the EntrustSAMOneTimeCryptoWorker
is:
IMPLEMENTATION_CLASS=com.czertainly.signserver.module.sam.onetime.entrust.EntrustSAMOneTimeCryptoWorker
warning
This implementation requires the SignServer Enterprise Edition version 5.5.0 and higher to access the crypto instances from other Workers
.
info
For a sample configuration of the Entrust SAM One Time Crypto Token, see OneTime Sample Configuration.
The EntrustSAMOneTimeCryptoWorker
will check the following configuration properties.
Property | Description | Default Value | Mandatory | ||||
---|---|---|---|---|---|---|---|
CRYPTOTOKEN | Name of the underlying source of the EntrustSAMCryptoToken. Refer to the implementation of the Entrust SAM Crypto Token for more information. | NONE | YES | ||||
OTHER_SIGNERS | Sets the reference to the Crypto Token containing the key that should be used to authenticate communication with the certification authority, if needed. Only one value should be specified for this attribute. In case it contains multiple comma separated references to Crypto Token, the first one is taken. | NONE | YES | ||||
KEYALIAS_PREFIX | Prefix that is used to generate the key alias for the key pair. | onetime- | NO | ||||
KEYGEN_ALGORITHM | Algorithm to use for generating the key pair. The following algorithms are supported:
| NONE | YES | ||||
KEYGEN_SPECIFICATION | Specification of the key for generating the key pair. The following values are supported:
| NONE | YES | ||||
CA_CONNECTOR_IMPLEMENTATION_CLASS | Implementation class of the CA Connector to be used to request the certificate for user. | NONE | YES |