Menu
▾
▴
Re: [SignServer-develop] Choose which certificate is used to sign data
|
From: <ant...@yo...> - 2012-12-27 07:04:17
|
Hi Nancy, For when do you need this functionality ? You could integrate yourself the code (with the diff file in the link below) or wait for the integration in signserver. @Markus : I just see that the integration is scheduled for signserver 3.5, is it possible to do it before ? Here's the address of the ticket : https://jira.primekey.se/browse/DSS-457 Have a nice day. Best regards, Antoine On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang <nan...@gm...> wrote: > Hi Antoine Louiset, > > Thank you for your response. I'm trying the 2nd solution as I need to > use many certificates in my system. However, it takes time to read > through the code :) Thanks again for your idea. > > In my system, the certificates belong to users, not the server (or > signer). Each user will have different certificate (+private key) but > they don't have a token to store those information. My plan is to > store those information on the server and when a user needs to sign a > document, he will have a signer did it. > > The private key of each user will not change frequently but there are > many private keys. So different workers have to work with different > private keys. > > Best regards, > > On Thu, Dec 27, 2012 at 4:24 AM, wrote: > On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang > wrote: > >> Hi, > > > > I would like to customize the project in a way that allows me to > > choose which certificate is used to sign the data. > > > > Currently, to my knowledge, I need to specify a .p12 file in the > > property file of each signer. That file will then be used for > signing. > > I want to change the source code so that the worker can be > reloaded > > (or started) by some command like this: > > > > # bin/signserver.sh reload 3 001 > > > > where 3 is the worker ID and 001 is the certificate ID from a > > database. > > > > I'm new to Sign Server and still dig in. Please help me with some > > ideas how to do this. Or at least answer the question: Is this > > possible? > > > > Thank you very much. > > Hi, > > Welcome to the community ! > > You should use a JKS file to store your private keys and your > certificates. It will be faster. > > I have 2 suggestions. Perhaps, you could change the property > "defaultkey" in the configuration of the worker. The defaultkey > corresponds to the alias of the private key stored in the keystore. > > Otherwise, I develop a new functionality which could interest you. > In > the configuration of the worker, I add one property where you > specify > different parameters that the client of signserver has to specify. > In > my > case, I need the alias of the private key used to sign. These > properties > are stored in the metadata which could be sent for example by Web > Services. In that case, you just have to change in the different > workers > the line getPrivateKey(alias) and put alias with the one sent. > > Do not hesitate to tell me if you don't understand something. > > Will you often change the private key to use ? How many private keys > will you use ? If it is not an important number, you should use > different workers with different values of the property > "defaultkey". > > Best regards, > > Antoine Louiset > Yousign |
