Skip to main content
Skip table of contents

FortanixCryptoToken

ENTERPRISE

Overview

Fortanix Data Security Manager (DSM) HSM is a cloud-based HSM service provided by Fortanix. Keys are stored in the FIPS 140-2 Level 3 certified HSM and cryptographic operations are securely executed within the module.

The Fortanix Crypto Token implements support for Fortanix DSM via its REST API and is authenticated using an API key.

CRYPTOTOKEN_IMPLEMENTATION=org.signserver.server.enterprise.cryptotokens.FortanixCryptoToken

Available Properties

Property

Description

DEFAULTKEY

The key alias of the private key to be used for testing that this crypto token is working.

Since SignServer 7.4.0, the DEFAULTKEY property is no longer a required property for this worker.

If no default key is set, the connection between this worker and the Fortanix instance will be performed to determine if the Worker is ACTIVE or OFFLINE.

If a default key is set, a test signing will be performed to determine if the Worker is ACTIVE or OFFLINE.

A property with this name is typically accepted by the worker using this crypto token and will then be the key to use for actual signing.

FORTANIX_BASE_ADDRESS

Optional base URL for the Fortanix DSM REST endpoint.

Default: https://apps.smartkey.io

NEXTCERTSIGNKEY

A property with this name is typically configured in the worker using this crypto token to hold the name of the next key to use.  Certificate signing requests (CSR) can be made for this key while the current key (DEFAULTKEY) is still in production. After uploading the new certificate, the value of NEXTCERTSIGNKEY can be moved to DEFAULTKEY.

PIN

Authentication code for activation. Use the API key as the authentication code.

Only required for auto-activation and is not required when the token is manually activated.

Known Limitations

The following lists limitations of the current implementation.

  • Import of certificate in token is not supported for this crypto token.

  • The Fortanix Crypto Token does not provide any certificates and cannot be used with signers that require a certificate from the token such as OpenPGP-based signers. For details on PGP signing support, refer to DSS-2127.

For information on supported algorithms, see FortanixCryptoToken Algorithm Support.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close