GPG Environment
The GPGProjectEnvironment object shows certificate information that originates from a signing project. The values describe Gnu Privacy Guard (GPG) settings. GPG uses three keypairs for signing, encryption, and authentication.
TIP If you need help finding or confirming GPG signing keys, call POST API/GetGPGPublicKey from Key Server. Additional cURL commands are available for doing WKD or PCS lookups.
Information can originate from a VCC environment template. You can set these values via POST Codesign/GetEnvironment.
GPGEnvironment:has these values:
- AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
-
CustomFieldAttributes: Values for this environment:
Dirty: A value of true indicates the data changed. Otherwise, false.
Items array:
- FieldName: A defined Custom Field name. In the UI, the definition is a Code Signing Environment with a Field Type of List or String . For example:
-
Values: An array of Custom Field values.
- FieldName: A defined Custom Field name. In the UI, the definition is a Code Signing Environment with a Field Type of List or String . For example:
- Dn: The Distinguished Name (DN) of the environment.
- Guid: The GUID that uniquely identifies the environment.
- IPAddressRestriction: An Items array of trusted client IP addresses.
- Id: The project environment ID.
- KeyTimeConstraints: An Items array of signing Time Constraints from VCC.
- KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
-
PerUser: Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
- ReadOnly: true: The template cannot be updated. false: The template values can change via VCC or POST Codesign/UpdateTemplate.
- Status: 1.
- TemplateDN:The DN of template.
- Type: The environment category: Code Signing GPG Environment.
- AuthenticationKeyAlgorithm: The authentication key algorithm from the Environment Template. See Environment details.
- Email: E-mail addresses for users of the GPG key from the Environment Template. See Environment details.
- EncryptionKeyAlgorithm: Encryption algorithms for the the GPG key from the Environment Template. See Environment details.
- Expiration: The expiration time from the template. The number of minutes until the GPG key expires. A value of zero 0 means the key will not expire. See Environment details.
- GPGTemplate: The setting from the GPG environment template.
- KeyStorageLocation The location of the key; either HSM or Software. See Environment details.
- MaxUses The maximum number of GPG key uses. See Environment details.
- RealName The set of people who are authorized to use the GPG key. See Environment details.
- SigningKeyAlgorithm The code signing algorithm settings from the Environment Template. See Environment details.
Sample GPG environment
{
"GPGEnvironment":{
"AllowUserKeyImport":true,
"CustomFieldAttributes":{
"Items":[
]
},
"Disabled":true,
"Dn":"\\VED\\Code Signing\\Projects\\Sample\\GPGEnv",
"Guid":"{3688f702-7276-43c7-b3c2-04533e131a2c}",
"IPAddressRestriction":{
"Items":[
]
},
"Id":1532,
"KeyTimeConstraints":{
"Items":[
]
},
"KeyUseFlowDN":"\\VED\\Code Signing\\Flows\\No Restrictions",
"TemplateDN":"\\VED\\Code Signing\\Environment Templates\\GPG",
"Type":"Code Signing GPG Environment",
"AuthenticationKeyAlgorithm":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"AuthenticationKeyDN":"\\VED\\Policy\\Code Signing\\...\\GPGEnv - Authentication Key",
"Email":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"EncryptionKeyAlgorithm":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"EncryptionKeyDN":"\\VED\\Policy\\Code Signing\\...\\GPGEnv - Encryption Key",
"Expiration":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"GPGTemplate":{
"AllowUserKeyImport":true,
"Dirty":true,
"Dn":"\\VED\\Code Signing\\Environment Templates\\GPG",
"Guid":"{18627a67-6b52-4072-990e-142b936b4fbf}",
"Id":1455,
"KeyUseFlowDN":"\\VED\\Code Signing\\Flows\\No Restrictions",
"Type":"Code Signing GPG Environment Template",
"VisibleTo":{
"Dirty":true,
"Items":[
]
},
"AuthenticationKeyAlgorithm":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
"RSA1024"
]
}
},
"Email":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"EncryptionKeyAlgorithm":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
"RSA1024"
]
}
},
"Expiration":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
"86400"
]
}
},
"KeyStorageLocation":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"MaxUses":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"RealName":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"SigningKeyAlgorithm":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
"RSA2048",
"ECCP521",
"ECCP384",
"ECCP256"
]
}
}
},
"KeyStorageLocation":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"MaxUses":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"RealName":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"SigningKeyAlgorithm":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"SigningKeyDN":"\\VED\\Policy\\Code Signing\\...\\GPGEnv - Signing Key"
}
}