KeyPair environment template

The KeyPair environment template has default settings for code signing with just a public and private key pair. No certificate is necessary.

This template provides control around Environment creation. Any Environment that is created from this template must follow all the rules outlined. Otherwise, certificate creation will fail. To see your template, call POST Codesign/GetTemplate.

  • Type: Code Signing Key Pair Environment Template

  • Object: KeyPairSignEnvironmentTemplate

KeyPairTemplate has these values:

  • AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
  • Description:Appears only if there is a template description.
  • Dn:The Distinguished Name (DN) of the template.
  • Guid: The GUID that uniquely identifies the template.
  • Id: The template identifier.
  • ObjectNamingPattern: Only appears if PerUser is true. The macros that make the Certificate object unique to the signer's identity. The rendered value appears in the Policy tree. The default is $Sign.Project$\$Sign.Environment$\$Sign.User$

  • PerUser:  Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.

  • Type:This user-defined template originated from the Code Signing Key Pair Environment Template.
  • VisibleTo: An Items array of GUIDs that represent Venafi identities who can view the template in VCC. If empty, everyone can see this template. Otherwise it is a restricted array of identities that can use the template to create new Environments. This is useful to limit exposure to templates pointing at public CAs, as those certificates can be very expensive and may not be required.

  • Expiration: The number of minutes until the key pair expires. A value of zero 0 means the key will not expire. See Template details.

  • KeyAlgorithm: The acceptable key algorithms for the certificate. See Template details.

  • KeyContainerDN: The template values for the Key Container Distinguished Name (DN) attribute.

  • KeyStorageLocation: The template values for the Secret Store or the HSM that stores the key. See Template details.

  • MaxUses: Template values for the maximum number of key pair uses. See Template details. 

   {
   "KeyPairTemplate":[
      {
         "AllowUserKeyImport":true,
         "Description":"Template Description",
         "Dn":"\\VED\\Code Signing\\Environment Templates\\KeyPairTemplateSingle",
         "Guid":"{7d4fe053-ed6e-43ab-8d69-f23a71708ebe}",
         "Id":858182,
         "Type":"Code Signing Key Pair Environment Template",
         "VisibleTo":{
            "Items":[
               "local:{308b6b0f-983e-4a76-b969-24fe71ee7a6c}"
            ]
         },
         "Expiration":{
            "Info":1,
            "Value":{
               "Items":[
                  "43200"
               ]
            }
         },
         "KeyAlgorithm":{
            "Info":1,
            "Value":{
               "Items":[
                  "RSA1024",
                  "RSA2048",
                  "RSA3072",
                  "RSA4096",
                  "RSA8192",
                  "ECCP256",
                  "ECCP384",
                  "ECCP521",
                  "ED25519"
               ]
            }
         },
         "KeyContainerDN":"\\VED\\Policy\\Code Signing\\Certificates",
         "KeyStorageLocation":{
            "Info":1,
            "Value":{
               "Items":[
                  "Software"
               ]
            }
         },
         "MaxUses":{
            "Info":1,
            "Value":{
               "Items":[
                  
               ]
            }
         }
      }
   ]
}