Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-2127

Support for PGP signing with AzureKeyVaultCryptoToken

    Details

      Description

      PGP Signing is not supported with the AzureKeyVaultCryptoToken (DSS-2064) as the PGP implementation uses the dates from the dummy certificate and the AzureCryptoToken currently does not provide such.

      • Perhaps the date can instead be provided some other way from the crypto token? Some kind of attribute that the crypto token implementation fills in? We have something like that already when searching for token entries, can that be used if modified to include the creation/notBefore date? Assuming we also get the creation dates from Azure for the keys?
      • Check if we get a key creation date from Azure KeyVault and if we can use that one
      • Figure out how to get the date to the signer:
        • a) Generate dummy dummy cert on-the-fly
        • b) Change the SPI slightly so that we also get a field with the date some other way

       

      Plan:

      • Modify AzureCryptoToken.getPrivateKey so that the AzurePrivateKey returned also contains the date the key was created.
      • Modify AzureCryptoToken.getPublicKey to an (internal) getPublicKeyWithAttributes() returning a new class PublicKeyWithAttributes containing both the private key and additional attribute(s).
      • Note: The AzureCryptoToken changes needs to be accepted by CESeCore/EJBCA project
      • Modify the ICryptoInstance and DefaultCryptoInstance to have a getCreationDate() method.
      • Finally modify the OpenPGPSigners and BaseOpenPGPSigner to take the date from the cryptoInstance.getCreationDate() if available or otherwise as before from the dummy certificate.
      • Bonus point: The query token operation should also provide the creation date as a field (as the PKCS#12 crypto token already does) so that the date can also be displayed when viewing the key details in Admin Web etc.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markus Markus Kilås
              Reporter:
              markus Markus Kilås
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours Original Estimate - 4 hours
                  4h
                  Remaining:
                  Time Spent - 2 hours Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - 2 hours Remaining Estimate - 4 hours
                  2h