Skip to main content

OneTime Crypto Worker

EntrustSAMOneTimeCryptoWorker authenticates to the Entrust SAM using the certificate and key pair provided by any implementation of the Crypto Token. The Signer referencing the EntrustSAMOneTimeCryptoWorker will be able to sign documents or data using the following process:

  • generate a new key pair based on the specified algorithm
  • assign the user to the generate key pair
  • generate a proof of possession for the user and associated key pair
  • request the certificate from certification authority
  • sign the document or data using the certificate and key pair
  • unassign the user from the key pair
  • destroy the key pair

The implementation class of the EntrustSAMOneTimeCryptoWorker is:

IMPLEMENTATION_CLASS=com.czertainly.signserver.module.sam.onetime.entrust.EntrustSAMOneTimeCryptoWorker
warning

This implementation requires the SignServer Enterprise Edition version 5.5.0 and higher to access the crypto instances from other Workers.

info

For a sample configuration of the Entrust SAM One Time Crypto Token, see OneTime Sample Configuration.

The EntrustSAMOneTimeCryptoWorker will check the following configuration properties.

PropertyDescriptionDefault ValueMandatory
CRYPTOTOKENName of the underlying source of the EntrustSAMCryptoToken. Refer to the implementation of the Entrust SAM Crypto Token for more information.NONEYES
OTHER_SIGNERSSets the reference to the Crypto Token containing the key that should be used to authenticate communication with the certification authority, if needed. Only one value should be specified for this attribute. In case it contains multiple comma separated references to Crypto Token, the first one is taken.NONEYES
KEYALIAS_PREFIXPrefix that is used to generate the key alias for the key pair.onetime-NO
KEYGEN_ALGORITHMAlgorithm to use for generating the key pair. The following algorithms are supported:
  • RSA
  • ECDSA
NONEYES
KEYGEN_SPECIFICATIONSpecification of the key for generating the key pair.
The following values are supported:
RSAECDSA
  • 2048
  • 4096
  • secp256r1
  • prime256v1
  • secp384r1
  • prime384v1
  • secp521r1
  • prime521v1
NONEYES
CA_CONNECTOR_IMPLEMENTATION_CLASSImplementation class of the CA Connector to be used to request the certificate for user.NONEYES