Signing - com.phenixidentity~phenix-crypto

The com.phenixidentity~phenix-crypto module is responsible for signing and encrypting runtime data . This can be SAML messages, PDF docuements etc.

Basic information

The default configuration is without any settings.


Configuration

Name
Description Mandatory
name
Name of the module Yes
id Unique id of the module Yes
{
 "name": "com.phenixidentity~phenix-crypto",
 "id": "crypto"
}

Optional settings

The Crypto module can be configured to communicate with a HSM using PKCS#11. https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html.

 Not all operations/use cases can leverage the HSM. For more information contact PhenixID support.

Configure HSM connection

{
    "name": "com.phenixidentity~phenix-crypto",
    "id": "crypto",
    "config": {
        "crypto_mode": "hsm",
        "hsmprovider": "<path_to_the_provider>",
        "hsm_password": "<hms_password>"
    }
}

Enable external PDF signing

When leveraging an external sign mechanism, by default, the crypto module needs to activate the option to use signing elsewhere.

Note that this is only available in version 4.1 and later.

{
    "name": "com.phenixidentity~phenix-crypto",
    "id": "crypto",
    "config": {
        "enableexternalsigning": "true",
        "templocation": "<path_to_where_tempfiles_are stored>"
    }
}