...
Below is an example of the XML configuration. On Docker deployments it is located in docker/compose/identitymanager/config/signencrypt.xml, on WAR deployments it is located in WEB-INF/classes/engineSignEncryptConfig.xml of IDM Admin and IDM Operator.
There are also several tools including a similar configuration file.
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?>
<engineSignEncrypt>
<descriptors>
<descriptor name="EncryptedFields" version="1">
<type algorithm="AES/CBC/PKCS7Padding" size="256" result="NX02" key="encCert"
asymCipher="RSA/None/OAEPWithSHA384AndMGF1Padding"/>
</descriptor>
<descriptor name="ConfigZipEncrypter" version="1">
<type algorithm="AES/CBC/PKCS7Padding" size="256" key="configZipEncrypterCert"
asymCipher="RSA/None/OAEPWithSHA384AndMGF1Padding"/>
</descriptor>
<descriptor name="ConfigZipSigner" version="1">
<type algorithm="SHA-256" key="configZipSignerCert" />
</descriptor>
<descriptor name="ObjectHistorySigner" version="1">
<type algorithm="SHA-256" key="objectHistorySignerCert" />
</descriptor>
<descriptor name="SignEmailDescriptor" version="1">
<type algorithm="SHA256withRSA" key="emailSigningCert" />
</descriptor>
<descriptor name="hermodDeviceEnc" version="1">
<type algorithm="SHA256withRSA" key="serverCert" />
</descriptor>
<descriptor name="SelfServiceJWTSigner" version="1">
<type algorithm="RSA" key="selfServiceJWTSignerCert" />
</descriptor>
<descriptor name="ContentProviderJWSSigner" version="1">
<type algorithm="RSA" key="contentProviderJWSSignerCert" />
</descriptor>
<descriptor name="att_external-attestation-1" version="1">
<type algorithm="SHA256withRSA" key="attestationKey_mobile_1" />
</descriptor>
<descriptor name="att_external-attestation-2" version="1">
<type algorithm="SHA256withRSA" key="attestationKey_mobile_2" />
</descriptor>
<descriptor name="att_external-attestation-3" version="1">
<type algorithm="SHA256withRSA" key="attestationKey_mobile_3" />
</descriptor>
<descriptor name="att_external-attestation-4" version="1">
<type algorithm="SHA256withRSA" key="attestationKey_mobile_4" />
</descriptor>
<descriptor name="att_ATTESTATION" version="1">
<type algorithm="SHA256withRSA" key="attestationKey_mobile_pda_def" />
</descriptor>
</descriptors>
<keys>
<key name="encCert">
<type name="pkcs12" locationValue="classpath:hybridEncKeypair.p12" pin="1234"/>
</key>
<key name="configZipEncrypterCert">
<type name="pkcs12" locationValue="classpath:encryptConfig.p12" pin="1234"/>
</key>
<key name="configZipSignerCert">
<type name="pkcs12" locationValue="classpath:signConfig.p12" pin="1234"/>
</key>
<key name="objectHistorySignerCert">
<type name="pkcs12" locationValue="classpath:sign.p12" pin="1234"/>
</key>
<key name="selfServiceJWTSignerCert">
<type name="pkcs12" locationValue="classpath:signJWT.p12" pin="1234"/>
</key>
<key name="contentProviderJWSSignerCert">
<type name="pkcs12" locationValue="classpath:signJWS.p12" pin="1234"/>
</key>
<key name="emailSigningCert">
<type name="pkcs12" locationValue="classpath:emailSigning.p12" pin="1234"/>
</key>
<key name="serverCert">
<type name="pkcs12" locationValue="classpath:deviceEncCA.p12" pin="1234"/>
</key>
<key name="attestationKey_mobile_1">
<type name="pkcs12" locationValue="classpath:attKeyMobile1.p12" pin="936584967"/>
</key>
<key name="attestationKey_mobile_2">
<type name="pkcs12" locationValue="classpath:attKeyMobile2.p12" pin="873145568"/>
</key>
<key name="attestationKey_mobile_3">
<type name="pkcs12" locationValue="classpath:attKeyMobile3.p12" pin="8564789632"/>
</key>
<key name="attestationKey_mobile_4">
<type name="pkcs12" locationValue="classpath:attKeyMobile4.p12" pin="9263564893"/>
</key>
<key name="attestationKey_mobile_pda_def">
<type name="pkcs12" locationValue="classpath:attKeyMobileDef.p12" pin="2586453793"/>
</key>
</keys>
</engineSignEncrypt> |
...