TridentSAMCryptoToken implements the Trident SAM and requires access to Trident QSCD.
Once configured, it can be used to create remote signatures on behalf of the users. The
TridentSAMCryptoToken can be attached to any
TridentSAMCryptoToken can be operated in 2 modes:
- Signing-only mode: To support only remote signing operations (the user and key management is handled by different component in the solution)
- Key Management mode: To support signing, user, and key management operations (in this case, it is a single point of SAM key management)
- User Management mode: To suppord additional user management functions, such as create user, configure authorization, or remove user.
The implementation class of the
TridentSAMCryotoToken Worker is:
The Worker seamlessly integrates with the Trident SAM interface. The
TridentSAMCryptoToken Worker will check the following configuration properties.
|TRIDENT_URL||URL to access the Trident SAM.||NONE||YES|
|TRIDENT_CEISK||Infrastructural certificate for encryption, represented as PEM encoded string.||NONE||YES|
|TRIDENT_CSISK||Infrastructural certificate for digital signature, represented as PEM encoded string.||NONE||YES|
|CERT_STORAGE_IMPLEMENTATION_CLASS||Implementation class for certificate storage. Certificates issued for assigned signing keys will be stored according the implementation provided. Each implementation may have additional properties that needs to be configured.||NONE|
See Certificate Storage Providers for more information.
|SAP_PROVIDER_IMPLEMENTATION_CLASS||Implementation class for Signature Activation Protocol handling between the Signature Integration Component and the Signature Activation Module. This is the interface for providing the Signature Activation Data to be used in order to execute signing operation.||NONE|
See Signature SAP Providers for more information.
For the Key Management mode, the same properties as for the Signing-only mode must be configured. Additional properties are defined in order to support the management of the users and assigned keys. The following properties are optional for the Signing-only mode, but mandatory for Key Management mode:
|TRIDENT_KEY_ADMIN||Identification of the key administrator.||NONE||NO|
|TRIDENT_KEY_ADMIN_PASSWORD||Password associated with the key administrator.||NONE||NO|
|TRIDENT_KEY_ADMIN_TOTP_SEED||TOTP seed associated with the key administrator, in HEX format.||NONE||NO|
|TRIDENT_KEY_ADMIN_TOTP_STEP||TOTP step for generating correct codes for TOTP authentication. TOPS step is represented in seconds.||NONE||NO|
|TRIDENT_KEY_ADMIN_TOTP_REFRESH_INTERVAL||Refresh interval of the key administrator session based on the TOTP authentication. Interval is represented in number of seconds.||NONE||NO|
|KM_SAP_PROVIDER_IMPLEMENTATION_CLASS||Implementation class for the key management operations handling through the Signature Activation Protocol. This interface provides ability for user to activate and manage assigned private keys.||NONE|
See Key Management SAP Providers for more information.
|TRIDENT_KEYGEN_MDOE||Mode of the key generation based on the configuration of the Trident HSM. Allowed values are:||NONE||YES|
In order to enable MANUAL or HYBRID key generation mode, additional configuration properties must be available. These are not mandatory in case of AUTO key generation mode:
|TRIDENT_CM_URL||URL to access the Trident CM API.||NONE||NO|
|TRIDENT_CM_ADMIN_UID||Identification of the CM administrator.||NONE||NO|
|TRIDENT_CM_ADMIN_PASSWORD||Password associated with the CM administrator.||NONE||NO|
|TRIDENT_CM_ADMIN_SESSION_REFRESH_INTERVAL||Refresh interval of the CM administrator session. Interval is represented in number of seconds.||NONE||NO|
User Management mode is an extension of the Key Management mode allowing you to manage SAM users. The Key Management Mode must be configured in order to use the User Management mode. This mode allows you to manage users independently of the key management operations. The following properties are optional for other modes, but mandatory for User Management mode:
|UM_SAP_PROVIDER_IMPLEMENTATION_CLASS||Implementation class for the user management operations handling through the Signature Activation Protocol. This interface provides ability to manage users and the authorisation configuration.||NONE|
See User Management SAP Providers for more information.