# Sample configuration of an XAdESSigner demonstrating key wrapping with a fixed key.
#
# This configuration assumes there exists a crypto worker called 
# "CryptoTokenP11NG1KeyWrapping".
# See p11ng-crypto.properties and p11ng-keywrapping-crypto.properties.
#

## General properties
WORKERGENID1.TYPE=PROCESSABLE
WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.xades.signer.XAdESSigner
WORKERGENID1.NAME=XAdESSignerUnwrappingKeys

# Uses username to select which key to use
# For user "foobar" the key should have alias "userkey_foobar"
WORKERGENID1.AUTHTYPE=org.signserver.server.UsernameAuthorizer
WORKERGENID1.ACCEPT_ALL_USERNAMES=true
WORKERGENID1.ALIASSELECTOR=org.signserver.server.aliasselectors.AuthorizedUsernameAliasSelector
WORKERGENID1.ALIAS_PREFIX=userkey_

# Crypto token
WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1KeyWrapping

# Using one key-pair in the above crypto token
WORKERGENID1.DEFAULTKEY=wrappedkey001

## XAdESSigner properties
WORKERGENID1.XADESFORM = BES
WORKERGENID1.INCLUDE_CERTIFICATE_LEVELS=1
WORKERGENID1.COMMITMENT_TYPES = NONE
WORKERGENID1.SIGNATUREALGORITHM = SHA256withRSA

# If the key usage counter is disabled 
WORKERGENID1.DISABLEKEYUSAGECOUNTER=true