Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Comment: Potentially a new New article?

Comment: Remember to update the release version numbers in the article before publishing externally.

Info

This article includes is new for Smart ID Identity Manager 24.R1.

...

This means that one or more demo keys, for example, keys that are considered compromised and unfit for productive production use, are still in use. Each message indicates the offending descriptor and version from the config configuration XML.

For information about how to replace the keys, seeĀ Bootstrapping the sign and encrypt engine.

Note
  • Replacing the EncryptedFields descriptor's key requires re-encryption of existing secrets via thebatch_secretfieldstore_change_encryption_key tool. For more information, see Change encryption key of secret field store.

  • Replacing the ObjectHistorySigner descriptor's key requires re-signing existing history entries via the batch_re-sign_history tool.

  • Replacing the ConfigZipSigner descriptor's key means any previously exported encrypted config ZIP files cannot be decrypted anymore, versioning to enable decryption with historical keys is not supported.

...

  1. The key configured for the ObjectHistorySigner descriptor in the current version (version 2 in the example error message) is wrong, the wrong P12 file might been configured.

  2. The object history got corrupted by accident or deliberate manipulation, forensic analysis may be advisable.

...