...
Some descriptors support multiple versions. For example, you can replace the key of the ObjectHistorySigner by adding a descriptor of this name with with the same name and a newer version, and leaving the existing descriptor with the old version configured. This will cause any new signatures to be created with the new key, but you can still verify signatures made with the old one.
...
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?>
<engineSignEncrypt>
<descriptors>
<descriptor name="ObjectHistorySigner" version="2">
<type algorithm="SHA-256" key="newHistorySignernewKey" />
</descriptor>
<descriptor name="ObjectHistorySigner" version="1">
<type algorithm="SHA-256" key="oldHistorySigneroldKey" />
</descriptor>
<!-- others descriptors -->
</descriptors>
<keys>
<key name="newHistorySignernewKey">
<type name="pkcs12" locationValue="classpath:sign_new.p12" pin="1234"/>
</key>
<key name="oldHistorySigneroldKey">
<type name="pkcs12" locationValue="classpath:sign_old.p12" pin="1234"/>
</key>
<!-- other keys -->
</keys>
</engineSignEncrypt> |
...