Digital Signing Configuration (ttaad2655m000)
Use this session to configure the storage of the keys, and the trusted certificates.
Keys can be stored on a Hardware Security Module (HSM) and accessed through a vendor-provided PKCS #11 (Cryptoki) library. Alternatively, you can use PKCS #12 key store files, that are accessed through the file system on the LN server. The management of keys and key stores is not done by LN directly.
This session contains these satellites:
- Keys by User (ttaad2556m000)
- Seals (ttaad2559m000)
- Trusted Lists (ttaad2557m000)
- Timestamp Providers (ttaad2558m000)
- PKCS11 Implementation Library
-
The path to the native library that is used to access the HSM.
- User Key Store Path
-
The directory in which the key store for each user is stored. The filename of the key store must be equal to the user name followed by a “p12” extension.
- Digest Algorithm
-
The digest algorithm to calculate the fingerprint for the timestamp signature. This algorithm must be supported by all timestamp providers.
- Certificate Store
-
The path to the certificate store that contains additional trusted certificates.
If you do not use trusted lists, this store must contain the root certificate of the authority that issued the user certificates. This also applies if the certificate authority is not present in any trusted list.
- Password
-
The password that is required to access the certificate store with trusted certificates.
- Update Interval
-
The number of days after which the trusted lists should be retrieved again. The result of the trusted lists is stored in a cached certificate store. To update this store, use the Refresh Trusted Lists (ttaad2257m000) session.