A signing request follow the exact same process flow as an authentication request. For more information, see Example: Personal Desktop authentication.


Prerequisites

  • Installed Hermod, see here.

Step-by-step instruction

  1. Create a signing request in Hermod with the POST /rest/command/sign command. See example:

    POST /rest/command/sign
    {
       "commandHeader":{
          "lifespan":30,
          "timeout":30,
          "to":[
             "@tmp"
          ]
       },
       "signCommand":{
          "params":{
             "description":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"UGVyc29uYWw=",
                   "description":"Signing request from",
                   "key":"requester",
                   "visible":true
                }
             ],
             "filter":{
                "op":"eq",
                "param":"key.type",
                "value":"RSA"
             },
             "format":"pkcs7",
             "mechanism":"CKM_SHA256_RSA_PKCS",
             "tbs":[
                {
                   "content_encoding":"base64",
                   "content_type":"text/plain",
                   "data":"VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC4=",
                   "description":"Text to sign",
                   "key":"tbs",
                   "visible":true
                }
             ]
          }
       }
    }
    


    Response 200 OK
    {
        "commandId": "688",
        "destinations": [
            {
                "to": "@tmp",
                "bid": "11318956-2040-4360-941d-437e4ddd810c",
                "uri": "com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8",
                "mid": "14fc191a-a0a3-4ae3-929a-e37efafdb510",
                "location": "http://nexus-cod1.ad.nexusgroup.com:20401/hermod/rest/ms/11318956-2040-4360-941d-437e4ddd810c/14fc191a-a0a3-4ae3-929a-e37efafdb510"
            }
        ],
        "commandType": "SIGN",
        "state": "IN_PROGRESS",
        "fqdn": "nexus-cod1.ad.nexusgroup.com"
    } 



  1. Add the URI from the response as a link. 

    com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8


    The protocol handler for personal desktop will open the plugout dialog: 

    Start Personal Desktop for signing


When the user has provided the smart card and entered the PIN then personal will sign the request and send the response to Hermod which sends the response to the application server in a callback.

  1. Validate the response:

    POST https://my-registered-callbackserver/rest/callback/sign


    Response 200 OK
    {
      "responseHeader" : {
        "inReplyTo" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "status" : 200
      },
      "signResponse" : {
        "code" : 0,
        "result" : {
          "signature" : "MIIIEAYJKoZIhvcNAQcCoIIIATCCB/0CAQExDzANBglghkgBZQMEAgEFADBEBgkqhkiG9w0BBwGgNwQ1VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC6gggXEMIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRLMYIB1zCCAdMCAQEwQjA8MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLTmV4dXMgR3JvdXAxFzAVBgNVBAMTDk5leHVzIEdyb3VwIENBAgJCFzANBglghkgBZQMEAgEFAKBoMAkGA1UEDTECDAAwEAYKKoZIhvcNAQkZAzECBAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAvBgkqhkiG9w0BCQQxIgQgRDUmD1f94cSdDINiH415YwjEqdSLds5x5k/+HFemZO8wDQYJKoZIhvcNAQELBQAEggEARdx5wC/xa8kt0CxZiFVpRigkuw4vD6ZykHwY4wx5co9pUm0ezjiCz5qZCNhRHxnULb4R8rJeI5+F87p85lWRovrsbfWZqXM0/vgugnGXfdOVamenADDxmFV57lCpetea100FYSP5rb6qYOcg8bWrDt9+/4HQihY6FMhIM3DDArIe+mmXIuHOAk140MC27wU+dk0eajyLE2pWc7Nf9/nOEosVw9BokoE/HbppVp++hhVewhhTGSkfZNZ4jSUWIGbJjlARR6MsMtdwAV1xj9QvWgW4f7O+dJ9wXM0ZtPhiJeptPNXFC5PYq3smIzJ+W6+Q71HnsebzamuEVmdoEf2yHw==",
          "mechanism" : "CKM_SHA256_RSA_PKCS",
          "format" : "pkcs7",
          "signer" : {
            "certificate" : "MIIFwDCCA6igAwIBAgICQhcwDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5OZXh1cyBHcm91cCBDQTAeFw0xNzA1MjkxMDM0NDZaFw0yMDA1MjkxMDM0NDZaMF0xFDASBgNVBAoTC05leHVzIEdyb3VwMRcwFQYDVQQDEw5BbmRlcnMgV2FsbGJvbTEsMCoGCSqGSIb3DQEJARYdYW5kZXJzLndhbGxib21AbmV4dXNncm91cC5jb20wggEhMA0GCSqGSIb3DQEBAQUAA4IBDgAwggEJAoIBAQCaWqeX9BvG4Xj6myqHQ5+LKkAbAZsW5H+9WNuD+ByenS3HjtzS6Ab0CkZBMNKA1pLIXiAAd0V0WGQ60BJ9rfiAcWiFivdNMLwo/r49NipvdmIgS51T3sBmqt/BvhHY+4j55VXYCKz0dA9Jc1fEGFnM6wBEGjmLgcMPRTp6mgsBJYNoWb4YO/Rt9KpdeD/DslX0olw/eGroMioRgAvvJaC3IN3TKJAeSfejN0yeUBOudeXcWGYf+K76Thzadw8DpLyMNKp580V0mF7XCTGgxlGu2W/OFmHYMN9z2Av4ZVsUH95KsXzJlbBLZ4EOwpJSGv/Do2mVY8djn0d2F7f0m+PJAgIBAaOCAaowggGmMBEGA1UdDgQKBAhJaM/A6anEczA7BgNVHREENDAyoDAGCisGAQQBgjcUAgOgIgwgYW5kZXJzLndhbGxib21AYWQubmV4dXNncm91cC5jb20wEwYDVR0jBAwwCoAISF3B26nf72AwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzABhitodHRwOi8vb2NzcC5oc3MubmV4dXNncm91cC5jb20vTmV4dXNHcm91cENBMA4GA1UdDwEB/wQEAwIGQDCB5QYDVR0fBIHdMIHaMIHXoIHUoIHRhoGNbGRhcDovL29jc3AuaHNzLm5leHVzZ3JvdXAuY29tOjM4OS9DTj1OZXh1cyUyMEdyb3VwJTIwQ0EsTz1OZXh1cyUyMEdyb3VwLEM9U0U/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPUNSTERpc3RyaWJ1dGlvblBvaW50hj9odHRwOi8vd3d3Lmhzcy5uZXh1c2dyb3VwLmNvbS9jcmxzL05leHVzJTIwR3JvdXAlMjBDQSUyMENSTC5jcmwwDQYJKoZIhvcNAQELBQADggIBAByrtqo684kS2KywDnADytF18LOS+2kRw8VbJxvnp95aEQ/uLSh/JCHsnJhn0qBMaXLB/dLYJ7St6PckakoS4mEOJ4myGH65WqhZiMtvgSdxTNdTJCrODBt+3cufzkTW1K+0G6r3UONmCgGGsDJ5fxHZesNvDuDzk9l6ST7HahA8PY5de3/yNlOWTkzCprf6I15hj/skozjw2oDYkw2WwN5Pu2wKhDVcBskgdOkFwoAKTT9ab2E9xRHOgvh5rCVxgVrQ22qvyG6kcJMXOQKR5UN1m2bU25y6a0WpYvTNwb4Dq7p9+hH0rS/aBrQOiAQawr7oyFi6tJFulDnWXiIaxKgl6MvjSLqvnkUQ0QpTrkFPtLBwjUPFaCIN+9rBcq9vexaDKQm0YXdMNGOiiQaqxxvg5OhQBahGgFyFL+2zgl3Ip0oAWj1ys2JrmO7DOjYBKUrUe93BQSDX5CeeMSTTO0592nEbyeYApy9ovgMdO0CSWKWsEo1MPz60IP1EgzIkz4+Ca/4Nofxm/8BHyg6kMhj5oE9+NSor7k4tY9e3w41Cl/5GmXA+VcAIWslpwqYsqkQgAyELcutk0WxbfBuyOoNtqsh07jqtYM+mlYVloLvcVpeRqxx9y0eOuPTpkn+ES1lywJgK5GsuLMZqrUmzjQTSctmWMDv3Qmfexb4msXRL"
          }
        }
      },
      "commandId" : "687",
      "destinations" : [ {
        "to" : "@tmp",
        "bid" : "1557ac95-5c1c-4dff-a9aa-f1176744f5a6",
        "uri" : "com.nexusgroup.plugout:///?url=https%3a%2f%2fnexus-cod1.test.nexusgroup.com%3A20400%2fhermod%2Frest%2Fms%2F1557ac95-5c1c-4dff-a9aa-f1176744f5a6&token=98dab581-6bf6-4c9d-8c78-dac98f5b899f",
        "mid" : "31a10af2-8fe5-4847-b4e5-5272bdaee07b",
        "location" : "https://nexus-cod1.test.nexusgroup.com:20400/hermod/rest/ms/1557ac95-5c1c-4dff-a9aa-f1176744f5a6/31a10af2-8fe5-4847-b4e5-5272bdaee07b"
      } ],
      "commandType" : "SIGN",
      "state" : "COMPLETED",
      "fqdn" : "nexus-cod1.test.nexusgroup.com"
    }