Decryption Service
The following configurations relating to the Decryption Service can be made within Client Manager:
-
Allow the client to access the ADSS Decryption Service
-
Assign the Decryption Profiles which can be accessed by this client
-
Configure a default Decryption Profile for this client
-
Configure the document decryption keys which can be accessed by this client
Once a client is registered, permissions to access the Decryption Service tab can be granted by editing this client. On edit screen clicking on the Decryption Service link at the top of the page shows the following screen:
Select the Allow this client to access the ADSS Decryption Service checkbox. If the application also needs to access other ADSS services (e.g. verifying signed documents or generating and certifying user signing keys) then the relevant links should be followed to allow permissions for these services.
Decryption profiles are server configurations that define the details of how an encrypted document will be decrypted by the ADSS Server. Client applications simply reference the Decryption profile to be used within their request messages to the ADSS Server rather than specifying each attribute of the Decryption profile individually.
This means by default a client can use any of the Decryption profiles configured within the ADSS Service when making Decryption requests to the server. If you wish to disallow any profiles from being accessed by the client simply use the “<<” button to move the relevant profile to the left-hand box. The Profile Usage Map button gives you an overview of which profiles are being used by which clients. If there no decryption files are defined then these boxes will be empty and it will be necessary to first define a decryption profile as explained in the next chapter.
The lower half of the screen, allows you to define which decryption keys the client can access. By default the client application will be able to access any decryption key held within the ADSS Key Manager. The ADSS Key Manager is a central repository of all operator generated/imported keys. Only those keys will be shown which are for the purposes of document encryption/decryption. Again simply move any keys that are not to be allowed for this client to the left-hand box. The Certificate Usage Map button provides an overview of which keys/certificates are being used by which clients.
Whenever configurations are updated on this page remember to restart the Decryption Service and have the changes take effect
The lower half of the screen, allows you to define which decryption keys the client can access. By default the client application will be able to access any decryption key held within the ADSS Key Manager. The ADSS Key Manager is a central repository of all operator generated/imported keys. Only those keys will be shown which are for the purposes of document encryption/decryption. Again simply move any keys that are not to be allowed for this client to the left-hand box. The Certificate Usage Map button provides an overview of which keys/certificates are being used by which clients.
Whenever configurations are updated on this page remember to restart the Decryption Service and have the changes take effect
See also