Versions Compared

Version Old Version 118 New Version 119
Changes made by

David Banz

David Banz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Comment: This article is new for Smart ID Identity Manager 24.R1.

Remember to update the release version number before publishing externally.

Info

This article includes updates for Smart ID Identity Manager 24.R1.

...

Info

Descriptor included in default configuration.

Correct bootstrapping may be required for productive use, depending on the use-case.

Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container).

...

Info

Descriptor included in default configuration.

Correct bootstrapping may be required for productive use, depending on the use-case.

Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container).

...

Certificate requirements

David Banz this section is here, but also in a different format below under “Supported types”., Which section is correct and which one should be removed? use the second one

  • If key usage extension is critical, then digitalSignature is required

  • Issuing certificate has to be installed in the Identity Manager trust-store

  • Certificate must not be self-signed

...

Info

Descriptor included in default configuration.

Correct bootstrapping may be required for productive use, depending on the use-case.

Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container).

...

Info

Descriptor included in default configuration.

Correct bootstrapping may be required for productive use, depending on the use-case.

Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container).

...

Info

Descriptor included in default configuration.

Bootstrapping required for technical reasons, but with relaxed security requirements compared to other use-cases.

  • use-case: generate dummy certificate for transient key-pairs generated on a target device when provisioning Smart ID Mobile / Desktop App profiles (the certificates themselves are merely used as transport container for the key-usage parameter)

  • configured in this application:

    • Identity Manager Operator

  • storage: pkcs12

  • versioning: possible, but unnecessary

  • supported algorithm values:

    • for RSA keys only

      • SHA256withRSA  

      • SHA384withRSA

      • SHA512withRSA

    • for ECC keys only

      • SHA256withECDSA

      • SHA384withECDSA

      • SHA512withECDSA

  • general requirements:

    • placeholders allowed

  • key requirements:

    • supported types:

      • RSA 2048

      • RSA 3072

      • RSA 4096

      • ECC NIST P-256 (best performance)

      • ECC NIST P-384

      • ECC NIST P-521

  • certificate requirements

    • may be self-signed

    • validity is ignored

    • key usage is not checked (recommended for informational purposes: set digitalSignature)

    • certificate does not need to be trusted

...

Info

Descriptor included in default configuration.

Correct bootstrapping may be required for productive use, depending on the use-case.

Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container).

...