Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

A signing request follow the exact same process flow as an authentication request. For more information, see Example: Personal Desktop Client authentication.


Expand/Collapse All

Prerequisites

 Prerequisites
  • Installed Hermod, see here.

Step-by-step instruction

 Create signing request in Hermod
  1. Create a signing request in Hermod with the POST /rest/command/sign command. See example:

    Example: Signing command
    POST /rest/command/sign
    {
       "commandHeader":{
          "lifespan":30,
          "timeout":30,
          "to":[
             "@tmp"
          ]
       },
       "signCommand":{
          "params":{
             "description":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"UGVyc29uYWw=",
                   "description":"Signing request from",
                   "key":"requester",
                   "visible":true
                }
             ],
             "filter":{
                "op":"eq",
                "param":"key.type",
                "value":"RSA"
             },
             "format":"pkcs7",
             "mechanism":"CKM_SHA256_RSA_PKCS",
             "tbs":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC4=",
                   "description":"Text to sign",
                   "key":"tbs",
                   "visible":true
                }
             ]
          }
       }
    }
    
    Example: Signing response
    Response 200 OK
    {
        "commandId": "688",
        "destinations": [
            {
                "to": "@tmp",
                "bid": "11318956-2040-4360-941d-437e4ddd810c",
                "uri": "com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8",
                "mid": "14fc191a-a0a3-4ae3-929a-e37efafdb510",
                "location": "http://nexus-cod1.ad.nexusgroup.com:20401/hermod/rest/ms/11318956-2040-4360-941d-437e4ddd810c/14fc191a-a0a3-4ae3-929a-e37efafdb510"
            }
        ],
        "commandType": "SIGN",
        "state": "IN_PROGRESS",
        "fqdn": "nexus-cod1.ad.nexusgroup.com"
    } 
 Start Personal Desktop Client
  1. Add the URI from the response as a link. 

    Example URI
    com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8
    The protocol handler for Personal Ddesktop Client will open the plugout dialog: 

 Validate signing response

When the user has provided the smart card and entered the PIN then Personal Desktop Client will sign the request and send the response to Hermod which sends the response to the application server in a callback.

  1. Validate the response:

    Example: Signing callback command
    POST https://my-registered-callbackserver/rest/callback/sign
    Example: Signing callback response
    Response 200 OK
    {
      "responseHeader" : {
        "inReplyTo" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "status" : 200
      },
      "signResponse" : {
        "code" : 0,
        "result" : {
          "signature" : "MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExDzANBglghkgBZQMEAgEFADBEBgkqhkiG9w0BBwGgNwQ1VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC6gggXEMIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRLMYIB1zCCAdMCAQEwQjA8MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLTmV4dXMgR3JvdXAxFzAVBgNVBAMTDk5leHVzIEdyb3VwIENBAgJCFzANBglghkgBZQMEAgEFAKBoMAkGA1UEDTECDAAwEAYKKoZIhvcNAQkZAzECBAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAvBgkqhkiG9w0BCQQxIgQgRDUmD1f94cSdDINiH415YwjEqdSLds5x5k/+HFemZO8wDQYJKoZIhvcNAQELBQAEggEARdx5wC/xa8kt0CxZiFVpRigkuw4vD6ZykHwY4wx5co9pUm0ezjiCz5qZCNhRHxnULb4R8rJeI5+F87p85lWRovrsbfWZqXM0/vgugnGXfdOVamenADDxmFV57lCpetea100FYSP5rb6qYOcg8bWrDt9+/4HQihY6FMhIM3DDArIe+mmXIuHOAk140MC27wU+dk0eajyLE2pWc7Nf9/nOEosVw9BokoE/HbppVp++hhVewhhTGSkfZNZ4jSUWIGbJjlARR6MsMtdwAV1xj9QvWgW4f7O+dJ9wXM0ZtPhiJeptPNXFC5PYq3smIzJ+W6+Q71HnsebzamuEVmdoEf2yHw==",
          "mechanism" : "CKM_SHA256_RSA_PKCS",
          "format" : "pkcs7",
          "signer" : {
            "certificate" : "MIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRL"
          }
        }
      },
      "commandId" : "687",
      "destinations" : [ {
        "to" : "@tmp",
        "bid" : "1557ac95-5c1c-4dff-a9aa-f1176744f5a6",
        "uri" : "com.nexusgroup.plugout:///?url=https%3a%2f%2fnexus-cod1.test.nexusgroup.com%3A20400%2fhermod%2Frest%2Fms%2F1557ac95-5c1c-4dff-a9aa-f1176744f5a6&token=98dab581-6bf6-4c9d-8c78-dac98f5b899f",
        "mid" : "31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "location" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b"
      } ],
      "commandType" : "SIGN",
      "state" : "COMPLETED",
      "fqdn" : "nexus-cod1.test.nexusgroup.com"
    }