This article is new for Identity Manager 5.0.1.
You can print and fill this table according to your specific requirements. The values already present in this table are fixed, for example, “RSA / “ means that you must use RSA but you can decide on the key size.
Use the table to help you with bootstrapping the sign and encrypt engine. See Sign and encrypt engine descriptors for a detailed description of the requirements.
|
Descriptor |
Setup Required |
Place-holder |
HSM |
Key type / size |
Key Usage |
Validity |
Trusted by |
Issuer |
|---|---|---|---|---|---|---|---|---|
|
EncryptedFields |
Yes |
No |
|
RSA / |
|
Any |
None |
|
|
configZipEncrypter |
Yes |
|
|
RSA / |
|
Any |
None |
|
|
configZipSigner |
Yes |
|
|
RSA / |
|
|
IDM |
|
|
objectHistorySigner |
Yes |
|
|
RSA / |
|
Any |
None |
|
|
signEmailDescriptor |
Yes |
|
|
/ |
|
|
Email recipients |
|
|
hermodDeviceEnc |
Yes |
|
No |
/ |
|
Any |
None |
|
|
SelfServiceJWTSigner |
Yes |
No |
|
RSA / |
|
Any |
None |
|
|
ContentProviderJWSSigner |
Yes |
|
|
RSA / |
|
|
Mobile device |
|
|
att_* |
|
|
|
RSA / |
|
Any |
None |
|
|
idopteAuthentication |
|
No |
No |
RSA / 2048 |
|
Any |
Client side Idopte Middleware |
Idopte CA |
|
insideClientAuth |
|
No |
No |
RSA / |
digitalSignature |
|
Inside Server |
|
|
(PIN blob decryption) |
|
No |
|
RSA / 2048 |
|
Any |
None |
|