PhenixID Documentation

Signing - com.phenixidentity~phenix-crypto

The com.phenixidentity~phenix-crypto module is responsible for signing and encrypting runtime data . This can be SAML messages, PDF docuements etc.

Basic information

The default configuration is without any settings.

Configuration

Name	Description	Mandatory
name	Name of the module	Yes
id	Unique id of the module	Yes

{
 "name": "com.phenixidentity~phenix-crypto",
 "id": "crypto"
}

Click to copy

Optional settings

The Crypto module can be configured to communicate with a HSM using PKCS#11. https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html.

Not all operations/use cases can leverage the HSM. For more information contact PhenixID support.

Configure HSM connection

{
    "name": "com.phenixidentity~phenix-crypto",
    "id": "crypto",
    "config": {
        "crypto_mode": "hsm",
        "hsmprovider": "<path_to_the_provider>",
        "hsm_password": "<hms_password>"
    }
}

Enable external PDF signing

When leveraging an external sign mechanism, by default, the crypto module needs to activate the option to use signing elsewhere.

Note that this is only available in version 4.1 and later.

{
    "name": "com.phenixidentity~phenix-crypto",
    "id": "crypto",
    "config": {
        "enableexternalsigning": "true",
        "templocation": "<path_to_where_tempfiles_are stored>"
    }
}

PhenixID Documentation

Signing - com.phenixidentity~phenix-crypto

Basic information

Configuration

Optional settings

Configure HSM connection

Enable external PDF signing

Topics

Other Resources

PhenixID Authentication Services

PhenixID Signing Services

PhenixID Password Self Service

PhenixID Signing Workflow