diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-01-25 15:35:20 +0100 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2018-01-25 15:35:20 +0100 |
| commit | 8b087b4045eb1bf34a9656801b66f31830da0817 (patch) | |
| tree | 26a9a028b6ee75c7d47d1b8b22a80f86865818a9 /moaSig/handbook | |
| parent | ac5470de542bb4a48b5f7c72173dae9efadd7fe1 (diff) | |
| download | moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.gz moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.bz2 moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.zip | |
update iaik_sva.jar and svaconfig.example to solve bug in KeyUsage validation
Diffstat (limited to 'moaSig/handbook')
| -rw-r--r-- | moaSig/handbook/conf/moa-spss/svaconfig.example | 67 |
1 files changed, 45 insertions, 22 deletions
diff --git a/moaSig/handbook/conf/moa-spss/svaconfig.example b/moaSig/handbook/conf/moa-spss/svaconfig.example index f219ea1..7be4541 100644 --- a/moaSig/handbook/conf/moa-spss/svaconfig.example +++ b/moaSig/handbook/conf/moa-spss/svaconfig.example @@ -1,5 +1,3 @@ -#Fri Jul 27 14:18:37 CEST 2012 -# # Format [key]=[value] # # Note that if an '=' is used in a key or value it has to be escaped: "\=" @@ -13,36 +11,36 @@ #testdir=/data/sigval/incoming/test/ #The basepath for signature validation -#basepath= +#basepath=/data/sigval/incoming ###################################################### #The path prefix for all file system locations -#pathprefix=/home/afitzek/server/moa-spss/apache-tomcat-8.0.0-RC3/conf/moa-spss/sva/ +pathprefix=/home/user/example/prefix #The file where the xmldsig core schema is located -#xmlschemaloc=example/schema/xmldsig-core-schema.xsd +xmlschemaloc=schema/xmldsig-core-schema.xsd #The root folder where truststore and certstore are created later on -#certroot=example/certs +certroot=certs/example #The folder containing the trustanchors -#trustanchorloc=example/keys_and_certs +trustanchorloc=certs/example/trustanchors #The folder containing the timestampauthority trustanchors -#tsttrustanchorloc=example/keys_and_certs +tsttrustanchorloc=certs/example/tstanchor #The folder containing alternative revocation information (comment out to use #infos contained in the certificate) -#altdp= +#altdp=certs/example/revocation #The maximum age of a revocation information of a end user certificate in hours -#endusercertgrace=4382 +endusercertgrace=4382 #The maximum age of a revocation information for a ca certificate in hours -#cacertgrace=4382 +cacertgrace=4382 -#tstcoherencetolerance=10 +tstcoherencetolerance=10 #The maximum time difference (in hours) the signing-time property and a #time stamp @@ -50,25 +48,50 @@ # Defines the forbidden hashing algorithms and the inception date # Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}... -#hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08} - -# Defines the forbidden hashing algorithms for CA Certificates and the inception date -# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}... -#cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05} +hashconstraint={md5, 2000-08-08};{sha1, 2013-08-08} # Defines the minimum required key lengths # Format: {<algorithm name>, <min len>,<inception date>};{...}... -#keylenconstraint={rsa, 1024, 2000-08-08} +keylenconstraint={rsa, 1024, 2000-08-08} # Defines the minimum required key lengths for CA Certificates -# Format: {<algorithm name>, <min len>,<inception date>};{...}.. -#cakeylenconstraint={rsa,512,2000-08-08} +# Format: {<algorithm name>, <min len>,<inception date>};{...}... +cakeylenconstraint={rsa,512,2000-08-08} # Defines the minimum required key lengths for timestamps # Format: {<algorithm name>, <min len>,<inception date>};{...}... -#tstkeylenconstraint={rsa, 1024, 2000-08-08} +tstkeylenconstraint={rsa, 1024, 2000-08-08} + +# Defines the mapping from sub indications to main indications. +# If a sub indication1 is not present or empty, the default mappings are used. +# See "Final draft ETSI EN 319 102-1 V1.1.0 (2016-02)" +# Format: {<sub indication1>, <main indication1>};{...}... +indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE} # Allows any key usage if set to true, otherwise only dig. signature allowanykeyusage=false -chainingmodel=SHELL +# Defines the chaining model for path validation. +# possible values are: +# - All certificates are valid at validationtime (SHELL model). This is the default value. +# - All certificates are valid at the time they were used for issuing a certificate or signing (CHAIN model). +chainingmodel=shell + +# Defines if the validation of each timestap should be added to the validation report. +# If set to true, the timestamp validation reports will be added. Default value is true. +timestampreports=true + +# defines the bits which HAS TO be set in the key usage field of the +# end users certificate. The valid bits (from RFC5280) to set are as follows: +# (if omitted or empty it defaults to DIGITAL_SIGNATURE): +# digitalSignature (0), +# contentCommitment (1) +# dataEncipherment (3), +# keyAgreement (4), +# keyCertSign (5), +# cRLSign (6), +# encipherOnly (7), +# decipherOnly (8) + +# Format: {<index of bit to set>; ...} +keyusage = {0, 1}
\ No newline at end of file |