Key Store Settings
This page is used to configure the key store settings from where the key will be picked to compute the signatures.
The configuration items are as follows:
Items
|
Description
|
Client Type Settings
|
- Go>Sign Desktop
Go>Sign Desktop is a middleware application that offers an alternative approach to Go>Sign Applet. It must be installed on end users desktops and avoids all the restrictions and user experience issues that are associated with signed Java applets on Chrome, Edge and other browsers. Go>Sign Desktop works with any HTML5 browser and communicates via JavaScript.
The Go>Sign Desktop is used for signing a hash of the user's data using locally-held signing keys held on a smartcard, on a secure USB token or in a Windows or Mac Keychain store. It can use a native API (Windows CAPI/CNG or Mac Keychain) or a PKCS#11 interface. (NOTE: Mac Keychain will be supported in a near-term release)
As a special option it can also generate a local key pair and handle a PKCS#10 certificate signing request interaction with ADSS Server.
- Go>Sign Applet
Go>Sign Applet is a signed Java applet used for client-side signing a hash of the user's data using locally-held signing keys held on a smartcard, on a secure USB token or in a Windows or Mac Keychain store. It can use a native API (Windows CAPI/CNG or Mac Keychain) or a PKCS#11 interface. digital signature solution.
NOTE: New Java security warnings and controls have negatively impacted the user experience with signed applets such as Go>Sign Applet. Chrome (and soon other browsers) no longer support the NPAPI used by Go>Sign Applet. Existing Go>Sign Applet users are therefore advised to migrate to use Go>Sign Desktop or to change approach and use centrally held keys and certificates or those held on a mobile device. ADSS Server supports all three types.
|
Keystore Settings
|
- OS Native API
Select this option if you want to utilize the signing key from the operating system native API keystore (Windows CAPI/CNG or Mac Keychain).
- PKSCS#11 Settings
Select this option to address the key store using a PKCS#11 interface. Provide the name of the device in the Device Name field, e.g. Aladdin Provide the PKCS#11 driver library name in the Library Name field, e.g. eTPKCS11.dll
- Use hardware vendor native dialog for PIN/Passphrase prompt: Enabling this option will ensure the hardware vendor native PIN/Passphrase dialog is used to prompt the user. Uncheck this checkbox to use the custom ADSS Server user interface.
|
When this option is enabled and the user is doing the signing in the same session then user have to input the password each time.
If this option is disabled then Ascertia's custom dialog will be presented for the password input and for bulk signing you have to enter the password only once in the same session.
|
- Roaming Key
Select this option if the signing key uses a software roaming key container held on ADSS Server.
|
Clicking the Next button displays the Certificate Filter Criteria page.
See also
Signature Settings
Viewer Settings
Certificate Filter Criteria
Service Settings
Advanced Settings