You can print out and fill this table according to your requirements. The values already present in this table are fixed, e.g. “RSA / “ means you must use RSA but you can decide on the keysize. Then use it to help you with bootstrapping the sign and encrypt engine.
Descriptor | Setup Required | Place-holder | HSM | Key type / size | Key Usage | Validity | Trusted by | Issuer |
|---|---|---|---|---|---|---|---|---|
EncryptedFields | Yes | No | RSA / | Any | None | |||
configZipEncrypter | Yes | RSA / | Any | None | ||||
configZipSigner | Yes | RSA / | IDM | |||||
objectHistorySigner | Yes | RSA / | Any | None | ||||
signEmailDescriptor | Yes | / | Email recipients | |||||
hermodDeviceEnc | Yes | No | / | Any | None | |||
SelfServiceJWTSigner | Yes | No | RSA / | Any | None | |||
ContentProviderJWSSigner | Yes | RSA / | Mobile device | |||||
att_* | RSA / | Any | None | |||||
idopteAuthentication | No | No | RSA / 2048 | Any | Client side Idopte Middleware | Idopte CA | ||
insideClientAuth | No | No | RSA / | digitalSignature | Inside Server | |||
(PIN blob decryption) | No | RSA / 2048 | Any | None |