- SignServer Introduction
- SignServer Installation
- SignServer Operations
- SignServer Integration
-
SignServer Reference
- Deploy-time Configuration
-
SignServer Workers
- Common Configuration
-
SignServer Signers
- Common Properties
- Time Stamp Signer
- MS Authenticode Time Stamp Signer
- Extended Time Stamp Signer
- MRTD Signer
- MRTD SOD Signer
- PDF Signer
- ODF Signer
- XML Signer
- XAdES Signer
- OOXML Signer
- CMS Signer
- Extended CMS Signer
- MS Authenticode Signer
- MS Authenticode CMS Signer
- JArchive Signer
- JArchive CMS Signer
- Master List Signer
- Plain Signer
- OpenPGP Signer
- Debian Dpkg-sig Signer
- OpenPGPPlain Signer
- SignServer Document Validators
- SignServer Dispatchers
- SignServer Validation Service Framework
- SignServer Timed Services
- Other Workers
- SignServer Components
- Logging
- SignServer Authentication and Authorization
- Status Repository
- Health Check
- SignServer TimeMonitor Application
-
SignServer User Interfaces
- Administration CLI
- Administration GUI
-
Administration Web
- Main Page
- Workers Page
- Global Configuration Page
- Administrators Page
- Audit Log Page
- Archive Page
- Database CLI
- Internationalization
- Peer Systems
- Client-Side Hashing
- Key Wrapping
- Developer Reference
- SignServer Release Information
- Code Signing How-to Guides
Workers Key Generation Page
A new key-pair can be generated and its name stored as the next key in the configuration.
Make sure that each worker that should have a new key-pair generated is selected.
Work from left to right for each worker and specify the required information.
Renew Keys
| Column | Description |
|---|---|
| Signer | Name of the worker. Click the link to view the worker's page. |
| Old Key Alias | The name of the current key (if any). This is stored in the configuration as the DEFAULTKEY property. |
| Key Algorithm | Name of the key algorithm to use for the new key. By default, key algorithms can be selected from a drop-down list with the common options (RSA, DSA, ECDSA, and AES). To manually specify another value, click >. Examples: RSA, DSA, ECDSA, AES. The value will be preselected with the value of the KEYALG property specified in the worker.
If the worker references the JackNJI11CryptoToken, the algorithm name can be specified as a long or hexadecimal constant value. For more information, see Secret Key generation in JackNJI11CryptoToken. |
| Key Specification | Parameters for the key generation process. By default, the key specification can be selected from a drop-down list with common values, depending on the key algorithm selected. To manually specify another value, click >. Note that some key specifications presented might not be supported by the crypto token being used. For RSA and DSA, this should be the key length and for ECDSA the name of the curve. Examples: 2048, 3072, secp256r1. The value is already set if the worker has a KEYSPEC property specified. |
| New Key Alias | The name for the new key to generate. |
If generating a symmetric (secret) key and the specified key algorithm name is not present in the predefined list of known secret key algorithms, the key algorithm name must be specified with the prefix "SEC:", for example: SEC:Blowfish. Currently, the secret key list contains the algorithms AES and DES.Actions
| Action | Description |
|---|---|
| Generate | Performs the key generation for each selected worker. The result of the key generation is written out in the Result column. If all key generations was successful the page is automatically switched back to the previous otherwise the page remains and the user has the ability to try again. |
| Cancel | Returns to the previous page. |