PGP Signing is not supported with the AzureKeyVaultCryptoToken (
DSS-2064) as the PGP implementation uses the dates from the dummy certificate and the AzureCryptoToken currently does not provide such.
- Perhaps the date can instead be provided some other way from the crypto token? Some kind of attribute that the crypto token implementation fills in? We have something like that already when searching for token entries, can that be used if modified to include the creation/notBefore date? Assuming we also get the creation dates from Azure for the keys?
- Check if we get a key creation date from Azure KeyVault and if we can use that one
- Figure out how to get the date to the signer:
- a) Generate dummy dummy cert on-the-fly
- b) Change the SPI slightly so that we also get a field with the date some other way
- Modify AzureCryptoToken.getPrivateKey so that the AzurePrivateKey returned also contains the date the key was created.
- Modify AzureCryptoToken.getPublicKey to an (internal) getPublicKeyWithAttributes() returning a new class PublicKeyWithAttributes containing both the private key and additional attribute(s).
- Note: The AzureCryptoToken changes needs to be accepted by CESeCore/EJBCA project
- Modify the ICryptoInstance and DefaultCryptoInstance to have a getCreationDate() method.
- Finally modify the OpenPGPSigners and BaseOpenPGPSigner to take the date from the cryptoInstance.getCreationDate() if available or otherwise as before from the dummy certificate.
- Bonus point: The query token operation should also provide the creation date as a field (as the PKCS#12 crypto token already does) so that the date can also be displayed when viewing the key details in Admin Web etc.