Versions Compared

Version Old Version 24 New Version 25
Changes made by

David Banz

David Banz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attribute of the type element inside descriptor

Description

algorithm

For field encryption EncryptedFields/ConfigZipEncrypter: a symmetric algorithm to be used, for example,  usually AES/CBC/PKCS7Padding.

For JWT SelfServiceJWTSigner/JWSContentProviderJWSSigner: only always RSA.

For zip ConfigZipSigner/history signingObjectHistorySigner: hashing algorithm to be used (for example, SHA-256).

For mail signing/hermod: a signature or hashing SignEmailDescriptor/hermodDeviceEnc/att_* and pinBlob decryption: signature algorithm to be used (for example, SHA256withRSA).

For idopteAuthentication: always NoneWithRSA.

size

For field encryption: size EncryptedFields/ConfigZipEncrypter only.
Size of the symmetric key,  for example, 256either 128 or 256 (recommended).

result

For field encryption: EncryptedFields/ConfigZipEncrypter only.
Output format. Currently, the only possible value is

NX02: Output the raw bytes and some metadata

, always NX02.

key

Refers to a key defined in the same document

asymCipher

For field encryption: specific cipher description, for example, EncryptedFields/ConfigZipEncrypter only.
Cipher definition, e.g. RSA/None/OAEPWithSHA384AndMGF1Padding.

When used with an HSM, you need to adjust the cipher format to be compatible with the JCE provider used for HSM access. 
For example, instead of the above cipher descriptiondefinition, specify RSA/ECB/OAEPWithSHA-384AndMGF1Padding (ECB instead of None and SHA-384 instead of SHA384).

initVector

If this is missing, a randomly generated IV will be used. This , which is the recommended behaviour.
For Only for migrating from SmartAct or ProAct it is necessary to set a fixed IV here.

Key

This is an example of a key (taken from the file shown above in the example file engineSignEncryptConfig.xml or signencrypt.xml for docker deployment), see the See the tables below the example for more information about the key/-type.

Key example
Code Block
<key name="objectHistorySignerCert">
    <type name="pkcs12" locationValue="classpath:sign.p12" pin="1234"/>
</key>

...