Step 5 - Configuring Signature Quality
The term “signature quality” refers to the degree to which you can trust a signature once it has been cryptographically verified as authentic. The ADSS Server Quality Module associates ratings for signature or certificate quality based on rules defined in the PEPPOL trust ratings document. By using the Key Algorithm Quality and Hash Algorithm Quality buttons you can define the quality levels for these:
Clicking on the Key Algorithm Quality button shows the following screen:
In the above screen a list of already configured key algorithm quality ratings is displayed. Click on the Add button to configure quality ratings for other public key algorithms:
Key lengths values may be in the range from 1024-bit to 4096-bit for RSA keys and 160-bit to 521-bit for ECDSA keys. Use the ADSS Server configuration options to define a quality rating for a particular algorithm and key length combination. When verifying a signature ADSS Server compares the algorithm and key length against the settings defined above and thus determines the signature quality rating.
In a similar way, Clicking on the Hash Algorithm Quality button shows the following screen:
The above table shows a list of already configured Hash algorithm quality ratings. You can add quality ratings for more algorithms by clicking the Add button and entering the details as shown below:
The Public Key Algorithm Name, Public Key Algorithm OID, Hash Algorithm and Hash Algorithm OID are only configurable from the algorithm.properties file located at <ADSS Installation Directory>/conf/console/algorithm.properties. Make sure you restart the ADSS Server after making any change in this file. |
Note that the ADSS Server GUI shows hash algorithms individually as well as hash algorithms combined with public key algorithms. This is done because different signature standards have different ways of identifying the hash algorithms. To cater for this ADSS Server must have a quality rating for these different combinations in the algorithm.properties file as explained above. |
See also
Step 1 - Generating Keys and Certificates
Step 2 - Registering CAs
Step 3 - Configuring CRL Monitor
Step 4 - Configuring Verification Profile
Step 6 - Registering Business Application
Step 7 - Using the Service Manager