...
Attribute of the type element inside descriptor | Description |
|---|
algorithm | For EncryptedFields/ConfigZipEncrypter: symmetric algorithm to be used, usually AES/CBC/PKCS7Padding. For SelfServiceJWTSigner/ContentProviderJWSSigner: always RSA. For ConfigZipSigner/ObjectHistorySigner: hashing algorithm to be used (for example, SHA-256). For SignEmailDescriptor/hermodDeviceEnc/att_* and pin-blob decryption descriptors:
signature algorithm to be used (for example, SHA256withRSA). For idopteAuthentication: always NoneWithRSA. |
size | For EncryptedFields/ConfigZipEncrypter only.
Size of the symmetric key, either 128or 256 (recommended). |
result | For EncryptedFields only.
Output format, currently always NX02. |
key | The descriptor’s key. Refers to a key defined in the same document. |
asymCipher | For EncryptedFields/ConfigZipEncrypter only.
Cipher definition, e.g. RSA/None/OAEPWithSHA384AndMGF1Padding. When used with an HSM, you need to adjust the cipher format to be compatible with the JCE provider
used for HSM access.
For example, instead of the above cipher definition, specify RSA/ECB/OAEPWithSHA-384AndMGF1Padding
(ECBinstead of Noneand SHA-384 instead of SHA384). |
initVector | If this is missing, a randomly generated IV will be used, which is the recommended behaviour.
Only Only needed for migrating EncryptedFields from SmartAct or ProAct it is necessary to set a fixed IV here. A fixed Initialization Vector (IV). For other descriptors, omit this attribute in order to use randomly generated IVs. |
Key
See the tables below the example for more information about the key/-type.
...
