Page Comparison

Comment: This article is new for Smart ID Identity Manager 24.R1.

Remember to update the release version number before publishing externally.

...

Generate dummy certificate for transient key-pairs generated on a target device when provisioning Smart ID Mobile/Desktop App profiles (the certificates themselves are merely used as transport container for the key-usage parameter)

Required

TODO: David Banz what should we add here? This info is missing.

Configured in the following application

...

...

Use-case

Signing content for Visual ID provisioning to Smart ID Mobile App

...

Configured in the following applications

• Identity Manager Operator (

  see

  See Set up visual ID layout in Identity Manager for more information.)

Storage

• storage: pkcs12, HSM (recommended)versioning: possible

• pkcs12

Versioning

Possible, but unnecessary.

...

General requirements

...

• placeholder

  Placeholder allowed only if Visual ID is not used

  • if

    If the certificate configured here is not trusted by the end-user (mobile-) device, then Visual ID provisioning will fail

  • forgery

    Forgery of Visual ID possible if placeholder key is used and also trusted by the end-user device

  key

Key requirements

...

...

Supported types

...

• RSA 2048

• RSA 3072

• RSA 4096 (recommended)certificate

Certificate requirements

...

• must

  Must not be self-signed!

• key

  Key usage is not checked (recommended for informational purposes: set digitalSignature)

• issuing

  Issuing CA cert must be trusted by the app onto which to provision Visual IDs

• validity

  Validity: at your discretion (make sure you do not forget to renew before the expiry date!), validity is checked on the SDK side

• versioning Versioning not needed (always uses the default (i.e. highest) version)

...