Menu
▾
▴
Re: [SignServer-develop] Choose which certificate is used to sign data
|
From: Markus K. <ma...@pr...> - 2012-12-28 07:50:37
|
Hi Nancy, On 2012-12-28 05:42, Nancy Dang wrote: > Hi Markus, Antoine, > > It's so great to hear about the forthcoming versions. > > @Antoine: Thank you for your kindness. I've tried to apply the patch > at https://jira.primekey.se/browse/DSS-457 but there was some error. I'm > using SignServer 3.2 and realize that the patch is for 3.5. Should I > apply all the previous patches before this one? I think the patch was for the trunk branch of SignServer. Details for how to check it out from our repository at SourceForge can be found here: http://sourceforge.net/projects/signserver/develop?source=navbar It is possible though that even the trunk has changed since the patch was made so the patch might not apply completely. Best regards, Markus > > Here is the screenshot: > Inline image 1 > > Best Regards, > > > On Thu, Dec 27, 2012 at 2:44 PM, Markus Kilås <ma...@pr... > <mailto:ma...@pr...>> wrote: > > Hi Antoine, Nancy, > > On 2012-12-27 07:47, ant...@yo... > <mailto:ant...@yo...> wrote: > > Hi Nancy, > > > > For when do you need this functionality ? You could integrate yourself > > the code (with the diff file in the link below) or wait for the > > integration in signserver. > > > > @Markus : I just see that the integration is scheduled for signserver > > 3.5, is it possible to do it before ? > > It all come down to our available resources and customer requirements. > However, 3.5 might not be so far away as we are planning on releasing > 3.3 in the beginning of next year and 3.4 just 1-2 months later. > > > Best regards, > Markus > > > > > Here's the address of the ticket : > > https://jira.primekey.se/browse/DSS-457 > > > > Have a nice day. > > > > Best regards, > > -- > PrimeKey Solutions offers a commercial EJBCA & SignServer support > subscription and training. Please see www.primekey.se > <http://www.primekey.se> or contact > in...@pr... <mailto:in...@pr...> for more information. > http://www.primekey.se/Services/Support/ > http://www.primekey.se/Services/Training/ > > > > > > > Antoine > > > > > > On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang > <nan...@gm... <mailto:nan...@gm...>> > > wrote: > >> Hi Antoine Louiset, > >> > >> Thank you for your response. I'm trying the 2nd solution as I need to > >> use many certificates in my system. However, it takes time to read > >> through the code :) Thanks again for your idea. > >> > >> In my system, the certificates belong to users, not the server (or > >> signer). Each user will have different certificate (+private key) but > >> they don't have a token to store those information. My plan is to > >> store those information on the server and when a user needs to sign a > >> document, he will have a signer did it. > >> > >> The private key of each user will not change frequently but there are > >> many private keys. So different workers have to work with different > >> private keys. > >> > >> Best regards, > >> > >> On Thu, Dec 27, 2012 at 4:24 AM, wrote: > >> On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang > >> wrote: > >> > >>> Hi, > >> > > >> > I would like to customize the project in a way that allows me to > >> > choose which certificate is used to sign the data. > >> > > >> > Currently, to my knowledge, I need to specify a .p12 file in the > >> > property file of each signer. That file will then be used for > >> signing. > >> > I want to change the source code so that the worker can be > >> reloaded > >> > (or started) by some command like this: > >> > > >> > # bin/signserver.sh reload 3 001 > >> > > >> > where 3 is the worker ID and 001 is the certificate ID from a > >> > database. > >> > > >> > I'm new to Sign Server and still dig in. Please help me with some > >> > ideas how to do this. Or at least answer the question: Is this > >> > possible? > >> > > >> > Thank you very much. > >> > >> Hi, > >> > >> Welcome to the community ! > >> > >> You should use a JKS file to store your private keys and your > >> certificates. It will be faster. > >> > >> I have 2 suggestions. Perhaps, you could change the property > >> "defaultkey" in the configuration of the worker. The defaultkey > >> corresponds to the alias of the private key stored in the keystore. > >> > >> Otherwise, I develop a new functionality which could interest you. > >> In > >> the configuration of the worker, I add one property where you > >> specify > >> different parameters that the client of signserver has to specify. > >> In > >> my > >> case, I need the alias of the private key used to sign. These > >> properties > >> are stored in the metadata which could be sent for example by Web > >> Services. In that case, you just have to change in the different > >> workers > >> the line getPrivateKey(alias) and put alias with the one sent. > >> > >> Do not hesitate to tell me if you don't understand something. > >> > >> Will you often change the private key to use ? How many private keys > >> will you use ? If it is not an important number, you should use > >> different workers with different values of the property > >> "defaultkey". > >> > >> Best regards, > >> > >> Antoine Louiset > >> Yousign > > > > > > > ------------------------------------------------------------------------------ > > Master Visual Studio, SharePoint, SQL, ASP.NET <http://ASP.NET>, > C# 2012, HTML5, CSS, > > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills > current > > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > > MVPs and experts. ON SALE this month only -- learn more at: > > http://p.sf.net/sfu/learnmore_122712 > > _______________________________________________ > > SignServer-develop mailing list > > Sig...@li... > <mailto:Sig...@li...> > > https://lists.sourceforge.net/lists/listinfo/signserver-develop > > > > > > -- > Kind regards, > Markus Kilås > Security Consultant & Developer > > PrimeKey Solutions AB > > Anderstorpsv. 16 > 171 54 Solna > Sweden > > Phone: +46 70 424 94 85 > Skype: markusatskype > Email: mar...@pr... <mailto:mar...@pr...> > > www.primekey.se <http://www.primekey.se> > > > > > > -- > Nancy -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
