public enum KeyStoreType extends Enum<KeyStoreType>
| Enum Constant and Description |
|---|
AWS
AWS Key Management Service (KMS).
|
AZUREKEYVAULT
Azure Key Vault.
|
CRYPTOCERTUM
CryptoCertum card.
|
DIGICERTONE
DigiCert ONE.
|
ESIGNER
SSL.com eSigner.
|
ETOKEN
SafeNet eToken
This keystore requires the installation of the SafeNet Authentication Client.
|
GARASIGN |
GOOGLECLOUD
Google Cloud KMS.
|
HASHICORPVAULT
HashiCorp Vault secrets engine (Transit or GCPKMS).
|
JCEKS
JCE keystore
|
JKS
Java keystore
|
NITROKEY
Nitrokey HSM.
|
NONE
Not a keystore, a private key file and a certificate file are provided separately and assembled into an in-memory keystore
|
OPENPGP
OpenPGP card.
|
OPENSC
OpenSC supported smart card.
|
ORACLECLOUD
Oracle Cloud Infrastructure Key Management Service.
|
PIV
PIV card.
|
PKCS11
PKCS#11 hardware token.
|
PKCS12
PKCS#12 keystore
|
SIGNPATH
SignPath.
|
SIGNSERVER
Keyfactor SignServer.
|
TRUSTEDSIGNING
Azure Trusted Signing Service.
|
YUBIKEY
YubiKey PIV.
|
| Modifier and Type | Method and Description |
|---|---|
static KeyStoreType |
valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static KeyStoreType[] |
values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
public static final KeyStoreType AWS
The AWS access key, secret key, and optionally the session token, are concatenated and used as
the storepass parameter; if the latter is not provided, Jsign attempts to fetch the credentials from
the environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
AWS_SESSION_TOKEN), from the ECS container credentials endpoint, or from the IMDSv2
service when running on an AWS EC2 instance.
In any case, the credentials must allow the following actions: kms:ListKeys,
kms:DescribeKey and kms:Sign.
public static final KeyStoreType AZUREKEYVAULT
myvault), or the full URL (e.g. https://myvault.vault.azure.net).
The Azure API access token is used as the keystore password.public static final KeyStoreType CRYPTOCERTUM
public static final KeyStoreType DIGICERTONE
<api-key>|<keystore>|<password>.public static final KeyStoreType ESIGNER
<username>|<password>),
and the base64 encoded TOTP secret is used as the key password.public static final KeyStoreType ETOKEN
public static final KeyStoreType GARASIGN
public static final KeyStoreType GOOGLECLOUD
public static final KeyStoreType HASHICORPVAULT
https://vault.example.com/v1/gcpkms).
The alias parameter specifies the name of the key in Vault. For the Google Cloud KMS secrets engine, the version
of the Google Cloud key is appended to the key name, separated by a colon character. (mykey:1).public static final KeyStoreType JCEKS
public static final KeyStoreType JKS
public static final KeyStoreType NITROKEY
OPENPGP type should be used.public static final KeyStoreType NONE
public static final KeyStoreType OPENPGP
SIGNATURE, ENCRYPTION or AUTHENTICATION.
This keystore can be used with a Nitrokey (non-HSM models) or a Yubikey. If multiple devices are connected,
the keystore parameter can be used to specify the name of the one to use. This keystore type doesn't require
any external library to be installed.public static final KeyStoreType OPENSC
public static final KeyStoreType ORACLECLOUD
~/.oci/config by default). If the configuration file contains multiple profiles, the name of the
non-default profile to use is appended to the storepass (for example ~/.oci/config|PROFILE).
The keypass parameter may be used to specify the passphrase of the key file used for signing the requests to
the OCI API if it isn't set in the configuration file.
The certificate must be provided separately using the certfile parameter. The alias specifies the OCID of the key.
public static final KeyStoreType PIV
AUTHENTICATION, SIGNATURE, KEY_MANAGEMENT, CARD_AUTHENTICATION,
or RETIRED<1-20>. Slot numbers are also accepted (for example 9c for the digital
signature key). If multiple devices are connected, the keystore parameter can be used to specify the name
of the one to use. This keystore type doesn't require any external library to be installed.public static final KeyStoreType PKCS11
jre/lib/security/java.security or the path to the
SunPKCS11 configuration file.public static final KeyStoreType PKCS12
public static final KeyStoreType SIGNPATH
myproject/mypolicy).public static final KeyStoreType SIGNSERVER
CLIENTSIDEHASHING or ALLOW_CLIENTSIDEHASHING_OVERRIDE set
to true), and the SIGNATUREALGORITHM property set to NONEwithRSA or NONEwithECDSA.
The worker may be configured with server-side hashing (i.e. with CLIENTSIDEHASHING and
ALLOW_CLIENTSIDEHASHING_OVERRIDE set to false, and a proper SIGNATUREALGORITHM
set), in this case the worker name or id in the alias has to be suffixed with |serverside.
If necessary the authentication is performed by specifying the username/password or the TLS client certificate in the storepass parameter. If the TLS client certificate is stored in a password protected keystore, the password is specified in the keypass parameter. The keystore parameter references the URL of the SignServer REST API. The alias parameter specifies the id or the name of the worker.
public static final KeyStoreType TRUSTEDSIGNING
weu.codesigning.azure.net). The Azure API access token is used as the keystore password,
it can be obtained using the Azure CLI with:
az account get-access-token --resource https://codesigning.azure.net
public static final KeyStoreType YUBIKEY
PATH environment variable.public static KeyStoreType valueOf(String name)
name - the name of the enum constant to be returned.IllegalArgumentException - if this enum type has no constant with the specified nameNullPointerException - if the argument is nullpublic static KeyStoreType[] values()
for (KeyStoreType c : KeyStoreType.values()) System.out.println(c);
Copyright © 2012–2025. All rights reserved.