Versions Compared

Version Old Version 119 New Version 120
Changes made by

David Banz

Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Comment: This article is new for Smart ID Identity Manager 24.R1.

Remember to update the release version number before publishing externally.

Info

This article includes updates for Smart ID Identity Manager 24.R1.

...

Supported asymClipher values

For HSM:

  • RSA/ECB/OAEPWithSHA-384AndMGF1Padding

  • RSA/ECB/OAEPWithSHA-512AndMGF1Padding

For PKCS#12:

  • RSA/None/OAEPWithSHA384AndMGF1Padding

  • RSA/None/OAEPWithSHA512AndMGF1Padding

General requirements

  • Placeholder keys/certs forbidden for productive use

    • Confidentiality of database secrets would be at risk

    • The key can only be changed with the tool batch_secretfieldstore_change_encryption_key once the first secret is stored in the database

...

Supported asymClipher values

For HSM:

  • RSA/ECB/OAEPWithSHA-384AndMGF1Padding

  • RSA/ECB/OAEPWithSHA-512AndMGF1Padding

For PKCS#12:

  • RSA/None/OAEPWithSHA384AndMGF1Padding

  • RSA/None/OAEPWithSHA512AndMGF1Padding

Note

You cannot reconfigure the asymCipher after exporting an encrypted ZIP, as config import of such a ZIP will fail.

...

Certificate requirements

David Banz this section is here, but also in a different format below under “Supported types”., Which section is correct and which one should be removed? use the second one

  • If key usage extension is critical, then digitalSignature is required

  • Issuing certificate has to be installed in the Identity Manager trust-store

  • Certificate must not be self-signed

...