Package net.jsign

Enum KeyStoreType

    • Enum Constant Detail

      • NONE

        public static final KeyStoreType NONE
        Not a keystore, a private key file and a certificate file are provided separately and assembled into an in-memory keystore

      • OPENPGP

        public static final KeyStoreType OPENPGP
        OpenPGP card. OpenPGP cards contain up to 3 keys, one for signing, one for encryption, and one for authentication. All of them can be used for code signing (except encryption keys based on an elliptic curve). The alias to select the key is either, SIGNATURE, ENCRYPTION or AUTHENTICATION. This keystore can be used with a Nitrokey (non-HSM models) or a Yubikey. It doesn't require any external library to be installed.

      • OPENSC

        public static final KeyStoreType OPENSC
        OpenSC supported smart card. This keystore requires the installation of OpenSC. If multiple devices are connected, the keystore parameter can be used to specify the name of the one to use.

      • NITROKEY

        public static final KeyStoreType NITROKEY
        Nitrokey HSM. This keystore requires the installation of OpenSC. Other Nitrokeys based on the OpenPGP card standard are also supported with this storetype, but an X.509 certificate must be imported into the Nitrokey (using the gnupg writecert command). Keys without certificates are ignored. Otherwise the OPENPGP type should be used.

      • YUBIKEY

        public static final KeyStoreType YUBIKEY
        YubiKey PIV. This keystore requires the ykcs11 library from the Yubico PIV Tool to be installed at the default location. On Windows, the path to the library must be specified in the PATH environment variable.

      • AWS

        public static final KeyStoreType AWS
        AWS Key Management Service (KMS). AWS KMS stores only the private key, the certificate must be provided separately. The keystore parameter references the AWS region.

        The AWS access key, secret key, and optionally the session token, are concatenated and used as the storepass parameter; if the latter is not provided, Jsign attempts to fetch the credentials from the environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) or from the IMDSv2 service when running on an AWS EC2 instance.

        In any case, the credentials must allow the following actions: kms:ListKeys, kms:DescribeKey and kms:Sign.

      • AZUREKEYVAULT

        public static final KeyStoreType AZUREKEYVAULT
        Azure Key Vault. The keystore parameter specifies the name of the key vault, either the short name (e.g. myvault), or the full URL (e.g. https://myvault.vault.azure.net). The Azure API access token is used as the keystore password.

      • DIGICERTONE

        public static final KeyStoreType DIGICERTONE
        DigiCert ONE. Certificates and keys stored in the DigiCert ONE Secure Software Manager can be used directly without installing the DigiCert client tools. The API key, the PKCS#12 keystore holding the client certificate and its password are combined to form the storepass parameter: <api-key>|<keystore>|<password>.

      • ESIGNER

        public static final KeyStoreType ESIGNER
        SSL.com eSigner. The SSL.com username and password are used as the keystore password (<username>|<password>), and the base64 encoded TOTP secret is used as the key password.

      • GOOGLECLOUD

        public static final KeyStoreType GOOGLECLOUD
        Google Cloud KMS. Google Cloud KMS stores only the private key, the certificate must be provided separately. The keystore parameter references the path of the keyring. The alias can specify either the full path of the key, or only the short name. If the version is omitted the most recent one will be picked automatically.

      • HASHICORPVAULT

        public static final KeyStoreType HASHICORPVAULT
        HashiCorp Vault secrets engine (GCP only). Since Google Cloud KMS stores only the private key, the certificate must be provided separately. The keystore parameter references the URL of the HashiCorp Vault secrets engine (https://vault.example.com/v1/gcpkms). The alias specifies the name of the key in Vault and the key version in Google Cloud separated by a colon character (mykey:1).

    • Method Detail

      • values

        public static KeyStoreType[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (KeyStoreType c : KeyStoreType.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static KeyStoreType valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null