Re: [SignServer-develop] Choose which certificate is used to sign data

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Antoine, Nancy,

On 2012-12-27 07:47, ant...@yo... wrote:
> Hi Nancy,
> 
> For when do you need this functionality ? You could integrate yourself
> the code (with the diff file in the link below) or wait for the
> integration in signserver.
> 
> @Markus : I just see that the integration is scheduled for signserver
> 3.5, is it possible to do it before ?

It all come down to our available resources and customer requirements.
However, 3.5 might not be so far away as we are planning on releasing
3.3 in the beginning of next year and 3.4 just 1-2 months later.

Best regards,
Markus

> 
> Here's the address of the ticket :
> https://jira.primekey.se/browse/DSS-457
> 
> Have a nice day.
> 
> Best regards,

--
PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

> 
> 
> Antoine
> 
> 
> On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang <nan...@gm...>
> wrote:
>> Hi Antoine Louiset,
>>
>> Thank you for your response. I'm trying the 2nd solution as I need to
>> use many certificates in my system. However, it takes time to read
>> through the code :) Thanks again for your idea. 
>>
>> In my system, the certificates belong to users, not the server (or
>> signer). Each user will have different certificate (+private key) but
>> they don't have a token to store those information. My plan is to
>> store those information on the server and when a user needs to sign a
>> document, he will have a signer did it. 
>>
>> The private key of each user will not change frequently but there are
>> many private keys. So different workers have to work with different
>> private keys. 
>>
>> Best regards, 
>>
>> On Thu, Dec 27, 2012 at 4:24 AM,  wrote:
>>  On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang 
>>  wrote:
>>
>>> Hi,
>>  >
>>  > I would like to customize the project in a way that allows me to
>>  > choose which certificate is used to sign the data.
>>  >
>>  > Currently, to my knowledge, I need to specify a .p12 file in the
>>  > property file of each signer. That file will then be used for
>> signing.
>>  > I want to change the source code so that the worker can be
>> reloaded
>>  > (or started) by some command like this:
>>  >
>>  > # bin/signserver.sh reload 3 001 
>>  >
>>  > where 3 is the worker ID and 001 is the certificate ID from a
>>  > database.
>>  >
>>  > I'm new to Sign Server and still dig in. Please help me with some
>>  > ideas how to do this. Or at least answer the question: Is this
>>  > possible?
>>  >
>>  > Thank you very much. 
>>
>>  Hi,
>>
>>  Welcome to the community !
>>
>>  You should use a JKS file to store your private keys and your
>>  certificates. It will be faster.
>>
>>  I have 2 suggestions. Perhaps, you could change the property
>>  "defaultkey" in the configuration of the worker. The defaultkey
>>  corresponds to the alias of the private key stored in the keystore.
>>
>>  Otherwise, I develop a new functionality which could interest you.
>> In
>>  the configuration of the worker, I add one property where you
>> specify
>>  different parameters that the client of signserver has to specify.
>> In
>>  my
>>  case, I need the alias of the private key used to sign. These
>>  properties
>>  are stored in the metadata which could be sent for example by Web
>>  Services. In that case, you just have to change in the different
>>  workers
>>  the line getPrivateKey(alias) and put alias with the one sent.
>>
>>  Do not hesitate to tell me if you don't understand something.
>>
>>  Will you often change the private key to use ? How many private keys
>>  will you use ? If it is not an important number, you should use
>>  different workers with different values of the property
>> "defaultkey".
>>
>>  Best regards,
>>
>>  Antoine Louiset
>>  Yousign
> 
> 
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
> 

-- 
Kind regards,
Markus Kilås
Security Consultant & Developer

PrimeKey Solutions AB

Anderstorpsv. 16
171 54 Solna
Sweden

Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...

www.primekey.se