CSP Environment
The Venafi Cryptographic Service Provider (CSP) object shows values that allow a CSP client to sign software. CSP information includes signing key algorithms and key locations that originate from the CSP template.
Information can originate from a VCC environment template. You can set these values via POST Codesign/GetEnvironment.
-
CSPEnvironment: has these values:
- AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
- Disabled: A value of true indicates the environment is in use. Otherwise, false.
- Dn: The Distinguished Name (DN) of the environment.
- Guid: The GUID that uniquely identifies the environment.
- IPAddressRestriction: An Items array of trusted client IP addresses.
- Id: The environment ID.
- KeyTimeConstraints: An Items array of signing Time Constraints from VCC.
- KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
- PerUser: Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.
- TemplateDN: The location of the template.
- CSPTemplate: The values from a CSP environment template.
- EncryptionKeyAlgorithm: The template values for the signing key algorithm. See Environment details.
- EncryptionKeyDN: The location of the CSP encryption key.
- Expiration The expiration time from the template. The number of minutes until the CSP key expires. A value of zero 0 means the key will not expire. See Environment details.
- KeyStorageLocation: The location of the private key. Software or HSM. See Environment details.
- MaxUses The maximum number of CSP key uses. See Environment details.
- SigningKeyAlgorithm The code signing algorithm settings from the Environment Template. See Environment details.
- SigningKeyDN: The Distinguished Name (DN) location and name of the signing key.
- Error: Appears only when Success is false. An error message that accompanies the Result. Check your payload input values.
- Result: The Result code of this API call. For more information, see Sign Result Codes.
- Success: The result of this API call: A value of false indicates the request failed due to an Error. Otherwise, true.
Sample CSP Environment
{
"CSPEnvironment":{
"AllowUserKeyImport":true,
"CustomFieldAttributes":{
"Items":[
]
},
"Disabled":true,
"Dn":"\\VED\\Code Signing\\Projects\\Sample\\CSPEnv",
"Guid":"{2b6ff239-7c7c-46e3-afa2-89cfb37355fe}",
"IPAddressRestriction":{
"Items":[
]
},
"Id":1527,
"KeyTimeConstraints":{
"Items":[
]
},
"PerUser":true,
"TemplateDN":"\\VED\\Code Signing\\Environment Templates\\CSP",
"Type":"Code Signing CSP Environment",
"CSPTemplate":{
"AllowUserKeyImport":true,
"Dirty":true,
"Dn":"\\VED\\Code Signing\\Environment Templates\\CSP",
"Guid":"{edc2f89e-ef8c-4641-b1f2-ac44778c0b20}",
"Id":1521,
"ObjectNamingPattern":"$Sign.Project$\\$Sign.Environment$\\$Sign.User$",
"PerUser":true,
"Type":"Code Signing CSP Environment Template",
"VisibleTo":{
"Dirty":true,
"Items":[
]
},
"EncryptionKeyAlgorithm":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"Expiration":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"KeyStorageLocation":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"MaxUses":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
},
"SigningKeyAlgorithm":{
"Info":1,
"Value":{
"Dirty":true,
"Items":[
]
}
}
},
"EncryptionKeyAlgorithm":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"EncryptionKeyDN":"\\VED\\Policy\\Code Signing\\Certificates\\Sample CSPEnv - Encryption Key",
"Expiration":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"KeyStorageLocation":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"MaxUses":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"SigningKeyAlgorithm":{
"Info":1,
"TemplateValues":null,
"Value":null
},
"SigningKeyDN":"\\VED\\Policy\\Code Signing\\Certificates\\Sample CSPEnv - Signing Key"
}
}