.png){kind=logo}
P11NGKeyWrappingCryptoWorker
ENTERPRISE
The Crypto Worker is a worker not performing any operations on its own and instead only hosts a Crypto Token that can be referenced by other workers.
Note that the JackNJI11KeyWrappingCryptoWorker has been renamed P11NGKeyWrappingCryptoWorker as of SignServer 6.0.
This crypto worker internally implements a P11NGKeyWrappingCryptoToken and requires a P11NGCryptoToken referenced by the CRYPTOTOKEN property to use as the source crypto token.
Fully qualified class name: org.signserver.p11ng.common.cryptotoken.P11NGKeyWrappingCryptoWorker
Worker Properties
Property | Description |
|---|---|
CRYPTOTOKEN | Specifies the name of (crypto) worker holding the P11NGCryptoToken to use as the source crypto token. |
DEFAULTKEY | Specifies the key alias of the secret/symmetric wrapping key in the token that should be used to wrap and unwrap keys. Required. |
WRAPPED_TESTKEY | (Optional) Specifies the key alias of wrapped key stored in the database that can be used to test that unwrapping is working. If specified, the worker will be offline if a test signing cannot be performed with this key. |
WRAPPING_CIPHER_ALGORITHM | (Optional) Specifies the cipher algorithm used to wrap the keys by secret/symmetric key. The value can be provided as a PKCS#11 mechanism name, a long constant value, or a hexadecimal constant value. For more information on the Wrapping Cipher Algorithm, see P11NGKeyWrappingCryptoToken. Default: CKM_AES_CBC_PAD. |
All crypto token features are not supported by this worker if running in NoDB mode. For more information, see NoDB Mode in P11NGKeyWrappingCryptoToken.