JackNJI11KeyWrappingCryptoWorker
ENTERPRISE This is a SignServer Enterprise feature.
The Crypto Worker is a worker not performing any operations on its own and instead only hosts a Crypto Token that can be referenced by other workers.
This crypto worker internally implements a JackNJI11KeyWrappingCryptoToken and requires a JackNJI11CryptoToken referenced by the CRYPTOTOKEN property to use as the source crypto token.
Fully qualified class name: org.signserver.p11ng.common.cryptotoken.JackNJI11KeyWrappingCryptoWorker
Worker Properties
|
Property |
Description |
|
CRYPTOTOKEN |
Name of (crypto) worker holding the JackNJI11CryptoToken to use as the source crypto token. |
|
DEFAULTKEY |
Key alias of the secret/symmetric wrapping key in the token that should be used to wrap and unwrap keys. Required. |
|
WRAPPED_TESTKEY |
Key alias of wrapped key stored in the database that can be used to test that unwrapping is working. If specified, the worker will be offline if a test signing cannot be performed with this key. Optional. |
|
WRAPPING_CIPHER_ALGORITHM |
Cipher algorithm used to wrap the keys by secret/symmetric key. The value can be provided as PKCS#11 mechanism name, long constant value, or hexadecimal constant value. For more information on the Wrapping Cipher Algorithm, see JackNJI11KeyWrappingCryptoToken. Optional. Default value is CKM_AES_CBC_PAD. |
Note that all crypto token features are not supported by this worker if running in NoDB mode. For more information, see NoDB Mode in JackNJI11KeyWrappingCryptoToken.