Versions Compared

Version Old Version 1 New Version Current
Changes made by

Ylva Andersson

Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Note added for IDM 5.0.1 and later versions.
Info

This article includes updates for Smart ID 23.04.2.

For Identity Manager 5.0.1 and later versions, see Bootstrapping the sign and encrypt engine.

Overview

The sign/encrypt engine is a component of Identity Manager which manages keys and certificates used for several purposes, and most of them have to be configured for each deployment, so that the private keys are kept secret.

...

Expand
titleEncrypt and decrypt secret fields

  • bootstrap requirement

    • mandatory

  • risk

    • Secrets in the database can be accessed by a well-known private key. As we don't support key versioning here. The key can only be changed with the tool batch_secretfieldstore_change_encryption_key once the first secret is in the database.

  • configured in these applications

    • Identity Manager Admin / (earlier know as PRIME Designer)

    • Identity Manager Operator / (earlier known as PRIME Explorer)

  • configured in these special-case tools

    • batch_secretfieldstore_change_encryption_key

      (repair tool for secret fields)

    • batch_migration_smartact_to_prime

      (for migration of data from Identity Manager's/PRIME's predecessor SmartAct, it has additional requirements for decrypting secret fields and config entries from the source system)

  • certificate requirements

    • key usage at least key encipherment and data encipherment

...