| Info |
|---|
This article is valid for Smart ID Identity Manager 24.R1 or later. |
...
| Info |
|---|
Descriptors not present by default, can be ignored unless pin-blobs from pre-personalized cards (using Personal Desktop Client / KGS) have to be decrypted. |
descriptor names: can be any descriptor listed in the pinBlobDecryptor.keyDescriptorNames property of system.properties (or its Docker counterpart)
use-case: decrypting pin-blobs from pre-personalized cards to e.g. print pin letters for them (see Encodings using Personal Desktop Client middleware in Identity Manager (section "Read encrypted PINs")
configured in this application:
Identity Manager Operator
supported algorithm value: RSA
storage: pkcs12, HSM (recommended)
versioning: not needed
general requirements:
by default the property is empty, hence no descriptors are needed, unless the feature is required
key requirements:
supported types:
RSA 2048 (others?)
certificate requirements:
issued by Nexus Certificate Manager
validity ignored by IDM
does not need to be trusted by IDM
key usage is not checked (recommended for informational purposes: set dataEncipherment + keyEncipherment)
...