Versions Compared

Version Old Version 10 New Version 11
Changes made by

Paul Zachos

Paul Zachos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Example configuration file

Below is an example of the XML configurationThis is how a typical configuration file looks like.

Code Block
languagexml
<?xml version="1.0" encoding="UTF-8"?>
<engineSignEncrypt>
    <descriptors>
        <descriptor name="EncryptedFields" version="1">
            <type algorithm="AES/CBC/PKCS7Padding" size="256" result="NX02" key="encCert" 
                  asymCipher="RSA/None/OAEPWithSHA384AndMGF1Padding"/>
        </descriptor>
        <descriptor name="ConfigZipEncrypter" version="1">
            <type algorithm="AES/CBC/PKCS7Padding" size="256" key="configZipEncrypterCert"
                  asymCipher="RSA/None/OAEPWithSHA384AndMGF1Padding"/>
        </descriptor>
        <descriptor name="ConfigZipSigner" version="1">
            <type algorithm="SHA-256" key="configZipSignerCert" />
        </descriptor>
        <descriptor name="ObjectHistorySigner" version="1">
            <type algorithm="SHA-256" key="objectHistorySignerCert" />
        </descriptor>
        <descriptor name="SignEmailDescriptorObjectHistorySigner" version="12">
            <type algorithm="SHA256withRSASHA-256" key="emailSigningCertnewObjectHistorySignerCert" />
        </descriptor>
        <descriptor name="hermodDeviceEncSignEmailDescriptor" version="1">
            <type algorithm="SHA256withRSA" key="serverCertemailSigningCert" />
        </descriptor>
        <descriptor name="SelfServiceJWTSignerhermodDeviceEnc" version="1">
            <type algorithm="RSASHA256withRSA" key="selfServiceJWTSignerCertserverCert" />
        </descriptor>
        <descriptor name="ContentProviderJWSSignerSelfServiceJWTSigner" version="1">
            <type algorithm="RSA" key="contentProviderJWSSignerCertselfServiceJWTSignerCert" />
        </descriptor>
        <descriptor name="att_external-attestation-1ContentProviderJWSSigner" version="1">
            <type algorithm="SHA256withRSARSA" key="attestationKey_mobile_1contentProviderJWSSignerCert" />
        </descriptor>
        <descriptor name="att_external-attestation-21" version="1">
            <type algorithm="SHA256withRSA" key="attestationKey_mobile_21" />
        </descriptor>
        <descriptor name="att_external-attestation-32" version="1">
            <type algorithm="SHA256withRSA" key="attestationKey_mobile_32" />
        </descriptor>
        <descriptor name="att_external-attestation-43" version="1">
            <type algorithm="SHA256withRSA" key="attestationKey_mobile_43" />
        </descriptor>
        <descriptor name="att_ATTESTATION" version="1external-attestation-4" version="1">
            <type algorithm="SHA256withRSA" key="attestationKey_mobile_4" />
        </descriptor>
        <descriptor name="att_ATTESTATION" version="1">
            <type algorithm="SHA256withRSA" key="attestationKey_mobile_pda_def" />
        </descriptor>
    </descriptors>
    <keys>
        <key name="encCert">
            <type algorithmname="SHA256withRSApkcs12" keylocationValue="attestationKey_mobile_pda_def" classpath:hybridEncKeypair.p12" pin="1234"/>
        </descriptor>
  key>
 </descriptors>     <keys>         <key name="encCertconfigZipEncrypterCert">
            <type name="pkcs12" locationValue="classpath:hybridEncKeypairencryptConfig.p12" pin="1234"/>
        </key>
        <key name="configZipEncrypterCertconfigZipSignerCert">
            <type name="pkcs12" locationValue="classpath:encryptConfigsignConfig.p12" pin="1234"/>
        </key>
        <key name="configZipSignerCertnewObjectHistorySignerCert">
            <type name="pkcs12" locationValue="classpath:signConfighistorySignNew.p12" pin="1234"/>
        </key>
        <key name="objectHistorySignerCert">
            <type name="pkcs12" locationValue="classpath:signhistorySign.p12" pin="1234"/>
        </key>
        <key name="selfServiceJWTSignerCert">
            <type name="pkcs12" locationValue="classpath:signJWT.p12" pin="1234"/>
        </key>
        <key name="contentProviderJWSSignerCert">
            <type name="pkcs12" locationValue="classpath:signJWS.p12" pin="1234"/>
        </key>
        <key name="emailSigningCert">
            <type name="pkcs12" locationValue="classpath:emailSigning.p12" pin="1234"/>
        </key>
        <key name="serverCert">
            <type name="pkcs12" locationValue="classpath:deviceEncCA.p12" pin="1234"/>
        </key>
        <key name="attestationKey_mobile_1">
            <type name="pkcs12" locationValue="classpath:attKeyMobile1.p12" pin="936584967"/>
        </key>
        <key name="attestationKey_mobile_2">
            <type name="pkcs12" locationValue="classpath:attKeyMobile2.p12" pin="873145568"/>
        </key>
        <key name="attestationKey_mobile_3">
            <type name="pkcs12" locationValue="classpath:attKeyMobile3.p12" pin="8564789632"/>
        </key>
        <key name="attestationKey_mobile_4">
            <type name="pkcs12" locationValue="classpath:attKeyMobile4.p12" pin="9263564893"/>
        </key>
        <key name="attestationKey_mobile_pda_def">
            <type name="pkcs12" locationValue="classpath:attKeyMobileDef.p12" pin="2586453793"/>
        </key>
    </keys>
</engineSignEncrypt>