Entrust SAM Crypto Token Properties
EntrustSAMCryptoToken implements the Entrust SAM and requires access to the Entrust SAM interface and nShield HSM.
Once configured, it can be used to create remote signatures on behalf of the users. The EntrustSAMCryptoToken can be attached to any Signer implementation.
The implementation class of the EntrustSAMCryptoToken requires the following properties to be defined:
IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoWorker
CRYPTOTOKEN_IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoToken
The Crypto Token seamlessly integrates with the Entrust SAM interface. The EntrustSAMCryptoToken will check the following configuration properties.
| Property | Description | Default Value | Mandatory |
|---|---|---|---|
| ENTRUST_SAM_SERVER | End point to access Entrust SAM service functions. | NONE | YES |
| ENTRUST_TRUST_SELF_SIGNED | True if the self-signed certificate of the Entrust SAM can be trusted. False otherwise. | false | NO |
| ENTRUST_CONNECTION_POOL_SIZE | Number as the maximum size of the pooled connections with the Entrust SAM. This value can be fine-tuned to optimize the performance of the signing process. | 30 | NO |
| OTHER_SIGNERS | Sets the reference to the Crypto Token containing the key that is used to authenticate to the Entrust SAM. Only one value should be specified for this attribute. In case it contains multiple comma separated references to Crypto Token, the first one is taken. | NONE | YES |
| ENTRUST_CLIENT_AUTHENTICATION_KEY_ALIAS | Identification of the key, based on alias, that should be used to authenticate to the Entrust SAM interface. The key alias is taken from the OTHER_SIGNERS Crypto Token configuration. | NONE | YES |
| SAD_PROVIDER_IMPLEMENTATION_CLASS | Implementation class for Signature Activation Protocol handling between the Signature Integration Component and the Signature Activation Module. This is the interface for providing the Signature Activation Data to be used in order to execute signing operation. | NONE See SAD Providers for more information. | YES |