# Sample configuration of an extended CMS signer, capable of timestamping in # addition to the features provided by the regular CMS signer. ## General properties WORKERGENID1.TYPE=PROCESSABLE WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.extendedcmssigner.ExtendedCMSSigner WORKERGENID1.NAME=ExtendedCMSSigner WORKERGENID1.AUTHTYPE=NOAUTH # Crypto token WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1KeyWrapping # Using key from sample keystore WORKERGENID1.DEFAULTKEY=signer00003 # Key using ECDSA #WORKERGENID1.DEFAULTKEY=signer00002 # If the content should be encapsulated or not WORKERGENID1.DETACHEDSIGNATURE=FALSE #WORKERGENID1.DETACHEDSIGNATURE=TRUE # If the requester should be able to decide about including the content or not WORKERGENID1.ALLOW_DETACHEDSIGNATURE_OVERRIDE=FALSE #WORKERGENID1.ALLOW_DETACHEDSIGNATURE_OVERRIDE=TRUE # If the signer should by default use client-side hashing (the request data # to the signer is implied to be the pre-computed digest), this requires # the ACCEPTED_HASH_DIGEST_ALGORITHMS property to be set #WORKERGENID1.CLIENTSIDEHASHING=true # If the signer should allow overriding whether the request is using a client- # side digest or not (by a request metadata parameter) #WORKERGENID1.ALLOW_CLIENTSIDEHASHING_OVERRIDE=true # Accepted digest hash algorithms used when the request is using a client-side # hash, this is required if any of CLIENTSIDEHASHING, # or ALLOW_CLIENTSIDEHASHING_OVERRIDE is defined and set to "true" WORKERGENID1.ACCEPTED_HASH_DIGEST_ALGORITHMS=SHA-256,SHA-384,SHA-512 # If a digest of the request should be computed and logged # Default: false #WORKERGENID1.DO_LOGREQUEST_DIGEST=true #WORKERGENID1.DO_LOGREQUEST_DIGEST=false WORKERGENID1.DO_LOGREQUEST_DIGEST= # The digest algorithm to use for the request in the log # Default: SHA256 #WORKERGENID1.LOGREQUEST_DIGESTALGORITHM=SHA256 WORKERGENID1.LOGREQUEST_DIGESTALGORITHM= # If a digest of the response should be computed and logged # Default: false #WORKERGENID1.DO_LOGRESPONSE_DIGEST=true #WORKERGENID1.DO_LOGRESPONSE_DIGEST=false WORKERGENID1.DO_LOGRESPONSE_DIGEST= # The digest algorithm to use for the request in the log # Default: SHA256 #WORKERGENID1.LOGRESPONSE_DIGESTALGORITHM=SHA256 WORKERGENID1.LOGRESPONSE_DIGESTALGORITHM= # Worker name or ID of internal (RFC#3161) timestamp authority # Default: none #WORKERGENID1.TSA_WORKER=TimeStampSigner WORKERGENID1.TSA_WORKER= # URL of external (RFC#3161) timestamp authority # Default: none #WORKERGENID1.TSA_URL=http://tsa.example.com/TimeStampSigner WORKERGENID1.TSA_URL= # Username for authentication with the TSA # Default: none WORKERGENID1.TSA_USERNAME= # Password for authentication with the TSA # Default: none WORKERGENID1.TSA_PASSWORD= # Time-stamping policy OID to request from the TSA # Default: none WORKERGENID1.TSA_POLICYOID= # Digest algorithm to use for timestamps # Default: SHA-256 WORKERGENID1.TSA_DIGESTALGORITHM= # If the key usage counter is disabled WORKERGENID1.DISABLEKEYUSAGECOUNTER=true # Mode to use when signing. # Setting to APPEND allows re-signing, expected unput is CMS structure. # Default: NEW WORKERGENID1.SIGNING_MODE= #WORKERGENID1.SIGNING_MODE=NEW #WORKERGENID1.SIGNING_MODE=APPEND # Excluded signed attributes # Setting a comma-separated OIDs for signed attributes to exclude from the signature WORKERGENID1.EXCLUDE_SIGNED_ATTRIBUTES= #WORKERGENID1.EXCLUDE_SIGNED_ATTRIBUTES=1.2.840.113549.1.9.52 #WORKERGENID1.EXCLUDE_SIGNED_ATTRIBUTES=1.2.840.113549.1.9.52,1.2.840.113549.1.9.5 # Include signing time attribute WORKERGENID1.INCLUDESIGNINGTIMEATTRIBUTE= #WORKERGENID1.INCLUDESIGNINGTIMEATTRIBUTE=false #WORKERGENID1.INCLUDESIGNINGTIMEATTRIBUTE=true # Include CMS algorithm protect attribute WORKERGENID1.INCLUDECMSALGORITHMPROTECTATTRIBUTE= #WORKERGENID1.INCLUDECMSALGORITHMPROTECTATTRIBUTE=false #WORKERGENID1.INCLUDECMSALGORITHMPROTECTATTRIBUTE=true