aboutsummaryrefslogtreecommitdiff
path: root/moaSig/handbook
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-01-25 15:35:20 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-01-25 15:35:20 +0100
commit8b087b4045eb1bf34a9656801b66f31830da0817 (patch)
tree26a9a028b6ee75c7d47d1b8b22a80f86865818a9 /moaSig/handbook
parentac5470de542bb4a48b5f7c72173dae9efadd7fe1 (diff)
downloadmoa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.gz
moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.tar.bz2
moa-sig-8b087b4045eb1bf34a9656801b66f31830da0817.zip
update iaik_sva.jar and svaconfig.example to solve bug in KeyUsage validation
Diffstat (limited to 'moaSig/handbook')
-rw-r--r--moaSig/handbook/conf/moa-spss/svaconfig.example67
1 files changed, 45 insertions, 22 deletions
diff --git a/moaSig/handbook/conf/moa-spss/svaconfig.example b/moaSig/handbook/conf/moa-spss/svaconfig.example
index f219ea1..7be4541 100644
--- a/moaSig/handbook/conf/moa-spss/svaconfig.example
+++ b/moaSig/handbook/conf/moa-spss/svaconfig.example
@@ -1,5 +1,3 @@
-#Fri Jul 27 14:18:37 CEST 2012
-#
# Format [key]=[value]
#
# Note that if an '=' is used in a key or value it has to be escaped: "\="
@@ -13,36 +11,36 @@
#testdir=/data/sigval/incoming/test/
#The basepath for signature validation
-#basepath=
+#basepath=/data/sigval/incoming
######################################################
#The path prefix for all file system locations
-#pathprefix=/home/afitzek/server/moa-spss/apache-tomcat-8.0.0-RC3/conf/moa-spss/sva/
+pathprefix=/home/user/example/prefix
#The file where the xmldsig core schema is located
-#xmlschemaloc=example/schema/xmldsig-core-schema.xsd
+xmlschemaloc=schema/xmldsig-core-schema.xsd
#The root folder where truststore and certstore are created later on
-#certroot=example/certs
+certroot=certs/example
#The folder containing the trustanchors
-#trustanchorloc=example/keys_and_certs
+trustanchorloc=certs/example/trustanchors
#The folder containing the timestampauthority trustanchors
-#tsttrustanchorloc=example/keys_and_certs
+tsttrustanchorloc=certs/example/tstanchor
#The folder containing alternative revocation information (comment out to use
#infos contained in the certificate)
-#altdp=
+#altdp=certs/example/revocation
#The maximum age of a revocation information of a end user certificate in hours
-#endusercertgrace=4382
+endusercertgrace=4382
#The maximum age of a revocation information for a ca certificate in hours
-#cacertgrace=4382
+cacertgrace=4382
-#tstcoherencetolerance=10
+tstcoherencetolerance=10
#The maximum time difference (in hours) the signing-time property and a
#time stamp
@@ -50,25 +48,50 @@
# Defines the forbidden hashing algorithms and the inception date
# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
-#hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08}
-
-# Defines the forbidden hashing algorithms for CA Certificates and the inception date
-# Format: {<algorithm name>, <inception date>};{<algname 2>, <inc date 2>}...
-#cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05}
+hashconstraint={md5, 2000-08-08};{sha1, 2013-08-08}
# Defines the minimum required key lengths
# Format: {<algorithm name>, <min len>,<inception date>};{...}...
-#keylenconstraint={rsa, 1024, 2000-08-08}
+keylenconstraint={rsa, 1024, 2000-08-08}
# Defines the minimum required key lengths for CA Certificates
-# Format: {<algorithm name>, <min len>,<inception date>};{...}..
-#cakeylenconstraint={rsa,512,2000-08-08}
+# Format: {<algorithm name>, <min len>,<inception date>};{...}...
+cakeylenconstraint={rsa,512,2000-08-08}
# Defines the minimum required key lengths for timestamps
# Format: {<algorithm name>, <min len>,<inception date>};{...}...
-#tstkeylenconstraint={rsa, 1024, 2000-08-08}
+tstkeylenconstraint={rsa, 1024, 2000-08-08}
+
+# Defines the mapping from sub indications to main indications.
+# If a sub indication1 is not present or empty, the default mappings are used.
+# See "Final draft ETSI EN 319 102-1 V1.1.0 (2016-02)"
+# Format: {<sub indication1>, <main indication1>};{...}...
+indicationmapping={FORMAT_FAILURE,INDETERMINATE};{NO_VALID_TIMESTAMPS_FOUND, INDETERMINATE}
# Allows any key usage if set to true, otherwise only dig. signature
allowanykeyusage=false
-chainingmodel=SHELL
+# Defines the chaining model for path validation.
+# possible values are:
+# - All certificates are valid at validationtime (SHELL model). This is the default value.
+# - All certificates are valid at the time they were used for issuing a certificate or signing (CHAIN model).
+chainingmodel=shell
+
+# Defines if the validation of each timestap should be added to the validation report.
+# If set to true, the timestamp validation reports will be added. Default value is true.
+timestampreports=true
+
+# defines the bits which HAS TO be set in the key usage field of the
+# end users certificate. The valid bits (from RFC5280) to set are as follows:
+# (if omitted or empty it defaults to DIGITAL_SIGNATURE):
+# digitalSignature (0),
+# contentCommitment (1)
+# dataEncipherment (3),
+# keyAgreement (4),
+# keyCertSign (5),
+# cRLSign (6),
+# encipherOnly (7),
+# decipherOnly (8)
+
+# Format: {<index of bit to set>; ...}
+keyusage = {0, 1} \ No newline at end of file