| Info |
|---|
This article is valid for Smart ID Identity Manager 24.R1 or later. |
| Note |
|---|
IDM 24.R1 makes a number of significant changes compared to earlier releases! |
TODO: Write some high level description of the engine here
This article describes the The sign and encrypt engine in Smart ID Identity Manager. There are a number of use cases in Identity Manager that are based on encryption or signing, for example:
...
is the central component of Identity Manager for signing, verification and encryption using keys and certificates. It handles several use cases, and most of them have to be configured for each deployment, so that the private keys are kept secret. The keys themselves can be stored in files or preferably on a Hardware Security Module (HSM) for increased security.
The use cases the engine handles include:
Encryption and decryption of fields in the Identity Manager database
Sign Signing and verify verification of the object history
Sign and validate config zip files
Encrypt config zip files
Sign and encrypt emails
Create device encryption certificates used in certain Hermod scenarios
Authenticate Signing, validation and encryption of the configuration files
Signing and encryption of emails
Creation of device encryption certificates that are used in Smart ID messaging
Creation of JWS signatures used for Smart ID messaging content provider API
Authentication of Smart ID Self-Service users to the Identity Manager backend
Creating JWS signatures used for Hermod's content provider API
Decrypting Decryption of PIN blobs from pre-personalized smart-cards created with the Personal Desktop Client
Attestation for provisioning to Smart ID Mobile / Desktop Apps
The sign and encrypt engine provides a consistent configuration of keys and certificates for both signing and encryption. You can define algorithms and parameters and reference keys from an HSM (for most use-cases) or from PKCS#12 files (always supportedfor all use cases).
Additional Information
| Expand | ||
|---|---|---|
| ||
...