Comment: This article is new for Smart ID Identity Manager 24.R1.
Remember to update the release version number before publishing externally.
| Info |
|---|
This article includes updates for Smart ID Identity Manager 24.R1. |
...
descriptor names: can be any descriptor listed in the pinBlobDecryptor.keyDescriptorNames property of system.properties (or its Docker counterpart)
use-case: decrypting pin-blobs from pre-personalized cards to e.g. print pin letters for them (see Encodings using Personal Desktop Client middleware in Identity Manager (section "Read encrypted PINs")
configured in this application:
Identity Manager Operator
supported algorithm value: RSA
storage: pkcs12, HSM (recommended)
versioning: not needed
general requirements:
by default the property is empty, hence no descriptors are needed, unless the feature is required
key requirements:
supported types:
RSA 2048
certificate requirements:
issued by Nexus Certificate Manager
validity ignored by IDM
does not need to be trusted by IDM
key usage is not checked (recommended for informational purposes: set dataEncipherment + keyEncipherment)
Additional information
For more information, see Encrypt configuration files in Identity Manager.