# JDigiDoc config file # Signature processor settings #DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.Pkcs12SignatureFactory DIGIDOC_SIGN_IMPL=ee.sk.digidoc.factory.PKCS11SignatureFactory #DIGIDOC_SIGN_IMPL_PKCS11=ee.sk.digidoc.factory.Pkcs12SignatureFactory DIGIDOC_NOTARY_IMPL=ee.sk.digidoc.factory.BouncyCastleNotaryFactory DIGIDOC_FACTORY_IMPL=ee.sk.digidoc.factory.SAXDigiDocFactory DIGIDOC_TIMESTAMP_IMPL=ee.sk.digidoc.factory.BouncyCastleTimestampFactory #CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.factory.DOMCanonicalizationFactory CANONICALIZATION_FACTORY_IMPL=ee.sk.digidoc.c14n.TinyXMLCanonicalizer DIGIDOC_TSLFAC_IMPL=ee.sk.digidoc.tsl.DigiDocTrustServiceFactory CRL_FACTORY_IMPL=ee.sk.digidoc.factory.CRLCheckerFactory ENCRYPTED_DATA_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedDataSAXParser ENCRYPTED_STREAM_PARSER_IMPL=ee.sk.xmlenc.factory.EncryptedStreamSAXParser # Security settings DIGIDOC_SECURITY_PROVIDER=org.bouncycastle.jce.provider.BouncyCastleProvider DIGIDOC_SECURITY_PROVIDER_NAME=BC # Big file handling DIGIDOC_MAX_DATAFILE_CACHED=4096 DIGIDOC_DF_CACHE_DIR=/tmp # PKCS#11 module settings - change this according to your signature device!!! DIGIDOC_SIGN_PKCS11_DRIVER=/usr/lib/opensc-pkcs11.so #DIGIDOC_SIGN_PKCS11_DRIVER=/.10.6/Library/OpenSC/lib/opensc-pkcs11.so #DIGIDOC_SIGN_PKCS11_DRIVER=/Library/OpenSC/lib/opensc-pkcs11.so #DIGIDOC_SIGN_PKCS11_DRIVER=esteid-pkcs11 # VS: this is PKCS#11 driver for AID cards (GPK8000) #DIGIDOC_SIGN_PKCS11_DRIVER=pk2privXAdES-XL.SCOK/SK/ DIGIDOC_SIGN_PKCS11_WRAPPER=PKCS11Wrapper #DIGIDOC_VERIFY_ALGORITHM=RSA//NOPADDING DIGIDOC_VERIFY_ALGORITHM=RSA// DIGIDOC_DRIVER_BASE_URL=http://localhost:8080/XMLSign/ # VS: log4j config file - change this!!! DIGIDOC_LOG4J_CONFIG=../jdigidoc/src/main/resources/SignatureLogging.properties DIGIDOC_TSL_DIR=../jdigidoc/src/main/tsl # OCSP responder URL - change this!!! #DIGIDOC_OCSP_RESPONDER_URL=http://ocsp.sk.ee DIGIDOC_OCSP_RESPONDER_URL=http://www.openxades.org/cgi-bin/ocsp.cgi #DIGIDOC_OCSP_RESPONDER_URL=http://xades-portal.etsi.org/protected/capso/OCSP?ca=LevelBCAOK # your HTTP proxy if necessary - change this!!! #DIGIDOC_PROXY_HOST= #DIGIDOC_PROXY_PORT= # sign OCSP requests or not. Depends on your responder SIGN_OCSP_REQUESTS=false #OCSP_SAVE_DIR=. # The PKCS#12 file used to sign OCSP requests #DIGIDOC_PKCS12_CONTAINER= # password for this key #DIGIDOC_PKCS12_PASSWD= # serial number of your PKCS#12 signature cert. # Use ee.sk.test.OCSPCertFinder to find this #DIGIDOC_OCSP_SIGN_CERT_SERIAL= # Set this to true if you want jdigidoc to use ca certs registered in jdigidoc.cfg # If you want jdigidoc to use only TSL-s set this to false. DIGIDOC_USE_LOCAL_TSL=true # VS: CA certificates. Used to do a prelimenary check of signer. # use jar:// to get certs from classpath # use forward slashes both on your linux and other environments DIGIDOC_CAS=1 DIGIDOC_CA_1_NAME=AS Sertifitseerimiskeskus DIGIDOC_CA_1_TRADENAME=SK DIGIDOC_CA_1_CERTS=7 DIGIDOC_CA_1_CERT1=jar://certs/EID-SK.crt DIGIDOC_CA_1_CERT2=jar://certs/EID-SK 2007.crt DIGIDOC_CA_1_CERT3=jar://certs/ESTEID-SK.crt DIGIDOC_CA_1_CERT4=jar://certs/ESTEID-SK 2007.crt DIGIDOC_CA_1_CERT5=jar://certs/JUUR-SK.crt DIGIDOC_CA_1_CERT6=jar://certs/KLASS3-SK.crt DIGIDOC_CA_1_CERT7=jar://certs/TEST-SK.crt #DIGIDOC_CA_CERT8=jar://certs/RootCAOK.pem #DIGIDOC_CA_CERT8_URI=http://xades-portal.etsi.org/protected/capso/certs/RootCAOK.crt #DIGIDOC_CA_CERT9=jar://certs/LevelACAOK.pem #DIGIDOC_CA_CERT9_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelACAOK.crt #DIGIDOC_CA_CERT10=jar://certs/LevelBCAOK.pem #DIGIDOC_CA_CERT10_URI=http://xades-portal.etsi.org/protected/capso/certs/LevelBCAOK.crt # VS: OCSP responder certificates - change this!!! # Note! if you add or remove some of these certificates you should update the following number # also pay attention to proper naming DIGIDOC_CA_1_OCSPS=12 DIGIDOC_CA_1_OCSP1_CA_CN=EID-SK TEST DIGIDOC_CA_1_OCSP1_CA_CERT=jar://certs/EID-SK.crt DIGIDOC_CA_1_OCSP1_CN=EID-SK OCSP RESPONDER DIGIDOC_CA_1_OCSP1_CERT=jar://certs/EID-SK OCSP 2006.crt DIGIDOC_CA_1_OCSP1_URL=http://www.openxades.org/cgi-bin/ocsp.cgi DIGIDOC_CA_1_OCSP2_CA_CN=EID-SK DIGIDOC_CA_1_OCSP2_CA_CERT=jar://certs/EID-SK 2007.crt DIGIDOC_CA_1_OCSP2_CN=EID-SK 2007 OCSP RESPONDER DIGIDOC_CA_1_OCSP2_CERT=jar://certs/EID-SK 2007 OCSP.crt DIGIDOC_CA_1_OCSP2_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP3_CA_CN=ESTEID-SK TEST DIGIDOC_CA_1_OCSP3_CA_CERT=jar://certs/ESTEID-SK.crt DIGIDOC_CA_1_OCSP3_CN=ESTEID-SK OCSP RESPONDER DIGIDOC_CA_1_OCSP3_CERT=jar://certs/ESTEID-SK OCSP 2005.crt DIGIDOC_CA_1_OCSP3_URL=http://www.openxades.org/cgi-bin/ocsp.cgi DIGIDOC_CA_1_OCSP4_CA_CN=ESTEID-SK DIGIDOC_CA_1_OCSP4_CA_CERT=jar://certs/ESTEID-SK 2007.crt DIGIDOC_CA_1_OCSP4_CN=ESTEID-SK 2007 OCSP RESPONDER DIGIDOC_CA_1_OCSP4_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt DIGIDOC_CA_1_OCSP4_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP5_CA_CN=KLASS3-SK DIGIDOC_CA_1_OCSP5_CA_CERT=jar://certs/KLASS3-SK.crt DIGIDOC_CA_1_OCSP5_CN=KLASS3-SK OCSP RESPONDER DIGIDOC_CA_1_OCSP5_CERT=jar://certs/KLASS3-SK OCSP 2009.crt DIGIDOC_CA_1_OCSP5_URL=http://ocsp.sk.ee # EID certificates (for example Mobile-ID certificates) issued since # 20.01.2007 validity confirmation service DIGIDOC_CA_1_OCSP7_CERT=jar://certs/EID-SK 2007 OCSP.crt DIGIDOC_CA_1_OCSP7_CN=EID-SK OCSP RESPONDER 2007 DIGIDOC_CA_1_OCSP7_CA_CERT=jar://certs/EID-SK 2007.crt DIGIDOC_CA_1_OCSP7_CA_CN=EID-SK 2007 DIGIDOC_CA_1_OCSP7_URL=http://ocsp.sk.ee # Since 20.01.2007 issued ID-card certificates validity confirmation # service DIGIDOC_CA_1_OCSP6_CN=ESTEID-SK 2007 OCSP RESPONDER DIGIDOC_CA_1_OCSP6_CERT=jar://certs/ESTEID-SK 2007 OCSP.crt DIGIDOC_CA_1_OCSP6_CA_CERT=jar://certs/ESTEID-SK 2007.crt DIGIDOC_CA_1_OCSP6_CA_CN=ESTEID-SK 2007 DIGIDOC_CA_1_OCSP6_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP8_CN=ESTEID-SK 2007 OCSP RESPONDER 2010 DIGIDOC_CA_1_OCSP8_CERT=jar://certs/ESTEID-SK 2007 OCSP 2010.crt DIGIDOC_CA_1_OCSP8_CA_CERT=jar://certs/ESTEID-SK 2007.crt DIGIDOC_CA_1_OCSP8_CA_CN=ESTEID-SK 2007 DIGIDOC_CA_1_OCSP8_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP9_CERT=jar://certs/EID-SK 2007 OCSP 2010.crt DIGIDOC_CA_1_OCSP9_CN=EID-SK 2007 OCSP RESPONDER 2010 DIGIDOC_CA_1_OCSP9_CA_CERT=jar://certs/EID-SK 2007.crt DIGIDOC_CA_1_OCSP9_CA_CN=EID-SK 2007 DIGIDOC_CA_1_OCSP9_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP10_CERT=jar://certs/EID-SK 2007 OCSP.crt DIGIDOC_CA_1_OCSP10_CN=EID-SK 2007 OCSP RESPONDER DIGIDOC_CA_1_OCSP10_CA_CERT=jar://certs/EID-SK 2007.crt DIGIDOC_CA_1_OCSP10_CA_CN=EID-SK 2007 DIGIDOC_CA_1_OCSP10_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP11_CERT=jar://certs/ESTEID-SK OCSP 2005.crt DIGIDOC_CA_1_OCSP11_CN=ESTEID-SK OCSP RESPONDER 2005 DIGIDOC_CA_1_OCSP11_CA_CERT=jar://certs/ESTEID-SK.crt DIGIDOC_CA_1_OCSP11_CA_CN=ESTEID-SK DIGIDOC_CA_1_OCSP11_URL=http://ocsp.sk.ee DIGIDOC_CA_1_OCSP12_CERT=jar://certs/TEST-SK OCSP 2005.crt DIGIDOC_CA_1_OCSP12_CN=TEST-SK OCSP RESPONDER 2005 DIGIDOC_CA_1_OCSP12_CA_CERT=jar://certs/TEST-SK.crt DIGIDOC_CA_1_OCSP12_CA_CN=TEST-SK DIGIDOC_CA_1_OCSP12_URL=http://www.openxades.org/cgi-bin/ocsp.cgi # OCSP or CRL selectors DIGIDOC_CERT_VERIFIER=OCSP DIGIDOC_SIGNATURE_VERIFIER=OCSP #DIGIDOC_TSA_URL=http://xades-portal.etsi.org/protected/tsp/TspRequest #DIGIDOC_TSA_URL=http://tsp.iaik.at/tsp DIGIDOC_TSA_URL=http://tsp.iaik.tugraz.at/tsp/TspRequest # VS not required if you don't use CRL-s # CRL settings CRL_USE_LDAP=false CRL_FILE=esteid.crl CRL_URL=http://www.sk.ee/crls/esteid/esteid.crl CRL_SEARCH_BASE=cn=ESTEID-SK,ou=ESTEID,o=AS Sertifitseerimiskeskus,c=EE CRL_FILTER=(certificaterevocationlist;binary=*) CLR_LDAP_DRIVER=com.ibm.jndi.LDAPCtxFactory CRL_LDAP_URL=ldap://194.126.99.76:389 CRL_LDAP_ATTR=certificaterevocationlist;binary CRL_PROXY_HOST=cache.eypsise CRL_PROXY_PORT=8080 # Encryption settings DIGDOC_ENCRYPT_KEY_ALG=AES DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/PKCS7Padding #DIGIDOC_ENCRYPTION_ALOGORITHM=AES/CBC/NOPADDING DIGIDOC_SECRANDOM_ALGORITHM=SHA1PRNG DIGIDOC_KEY_ALOGORITHM=RSA/NONE/PKCS1Padding #DIGIDOC_KEYSTORE_FILE= #DIGIDOC_KEYSTORE_TYPE=PKCS12 #DIGIDOC_KEYSTORE_PASSWD=digidoc #DIGIDOC_OCSP_AUTH=HTTP #DIGIDOC_OCSP_AUTH_USER= #DIGIDOC_OCSP_AUTH_PASSWD=