Versions Compared

Version Old Version 16 New Version 17
Changes made by

Josefin Klang (Deactivated)

Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article includes updates for Smart ID IdentityManager 24.R1 or later.

Attestation keys are keypairs. The private keys are used by Smart ID Mobile App and Smart ID Desktop App to sign Certification Signing Requests (CSR) while the public keys are used by Smart ID Identity Manager to verify the requests.

...

Info

During bootstrap, if you have custom keys, it is advised to remove the default attestation keys from the engine's configuration. Thus only clients with the custom attestation keys will be able to generate keypairs. If instead you keep the default keys and add new keys under a newer version of the same descriptor, requests signed with the default keys will still be accepted!

Example

title
Expand

Sample descriptor configuration

Example: attestation key

Code Block
languagexml
<?xml version="1.0" encoding="UTF-8"?>
<engineSignEncrypt>
    <descriptors>
         <descriptor name="att_attestation_key_id" version="1">
            <type algorithm="SHA256withRSA" size="" result="" key="attestationKey_old" />
        </descriptor>
          <descriptor name="att_attestation_key_id" version="2">
            <type algorithm="SHA256withRSA" size="" result="" key="attestationKey_current" />
        </descriptor>
        <!-- others descriptors -->
    </descriptors>
    <keys>
        <key name="attestationKey_old">
            <type name="pkcs12" locationValue="classpath:attKeyOld.p12" pin="1234"/>
        </key>
         <key name="attestationKey_current">
            <type name="pkcs12" locationValue="classpath:attKeyCurrent.p12" pin="1234"/>
        </key>
        <!-- others keys -->
     </keys>
</engineSignEncrypt>