Skip to main content

Entrust SAM Crypto Token Properties

EntrustSAMCryptoToken implements the Entrust SAM and requires access to the Entrust SAM interface and nShield HSM. Once configured, it can be used to create remote signatures on behalf of the users. The EntrustSAMCryptoToken can be attached to any Signer implementation.

The implementation class of the EntrustSAMCryptoToken requires the following properties to be defined:

IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoWorker
CRYPTOTOKEN_IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoToken

The Crypto Token seamlessly integrates with the Entrust SAM interface. The EntrustSAMCryptoToken will check the following configuration properties.

PropertyDescriptionDefault ValueMandatory
ENTRUST_SAM_SERVEREnd point to access Entrust SAM service functions.NONEYES
ENTRUST_TRUST_SELF_SIGNEDTrue if the self-signed certificate of the Entrust SAM can be trusted. False otherwise.falseNO
ENTRUST_CONNECTION_POOL_SIZENumber as the maximum size of the pooled connections with the Entrust SAM. This value can be fine-tuned to optimize the performance of the signing process.30NO
OTHER_SIGNERSSets the reference to the Crypto Token containing the key that is used to authenticate to the Entrust SAM. Only one value should be specified for this attribute. In case it contains multiple comma separated references to Crypto Token, the first one is taken.NONEYES
ENTRUST_CLIENT_AUTHENTICATION_KEY_ALIASIdentification of the key, based on alias, that should be used to authenticate to the Entrust SAM interface. The key alias is taken from the OTHER_SIGNERS Crypto Token configuration.NONEYES
SAD_PROVIDER_IMPLEMENTATION_CLASSImplementation class for Signature Activation Protocol handling between the Signature Integration Component and the Signature Activation Module. This is the interface for providing the Signature Activation Data to be used in order to execute signing operation.NONE
See SAD Providers for more information.
YES