Skip to main content
Skip table of contents



The Crypto Worker is a worker not performing any operations on its own and instead only hosts a Crypto Token that can be referenced by other workers.

Note that the JackNJI11KeyWrappingCryptoWorker has been renamed P11NGKeyWrappingCryptoWorker as of SignServer 6.0.

This crypto worker internally implements a P11NGKeyWrappingCryptoToken and requires a P11NGCryptoToken referenced by the CRYPTOTOKEN property to use as the source crypto token.

Fully qualified class name: org.signserver.p11ng.common.cryptotoken.P11NGKeyWrappingCryptoWorker

Worker Properties



CRYPTOTOKENName of (crypto) worker holding the P11NGCryptoToken to use as the source crypto token.
DEFAULTKEYKey alias of the secret/symmetric wrapping key in the token that should be used to wrap and unwrap keys. Required.
WRAPPED_TESTKEYKey alias of wrapped key stored in the database that can be used to test that unwrapping is working. If specified, the worker will be offline if a test signing cannot be performed with this key. Optional.

Cipher algorithm used to wrap the keys by secret/symmetric key. The value can be provided as PKCS#11 mechanism name, long constant value, or hexadecimal constant value. For more information on the Wrapping Cipher Algorithm, see P11NGKeyWrappingCryptoToken. Optional.

Default value is CKM_AES_CBC_PAD.

Note that all crypto token features are not supported by this worker if running in NoDB mode. For more information, see NoDB Mode in P11NGKeyWrappingCryptoToken.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.