GPG environment template

This template provides control around Environment creation. Any Environment that is created from this template must follow all the rules outlined. Otherwise, certificate creation will fail. To see your template, call POST Codesign/GetTemplate.

  • Type: Code Signing GPG Environment Template

  • Object: GPGSignEnvironmentTemplate

GPGTemplate has these values:

  • AllowUserKeyImport: Applies only to PerUser templates. The setting for key import: true: users can import their own signing keys. false: no key import.
  • Description:Appears only if there is a template description.
  • Dn:The Distinguished Name (DN) of the template.
  • Guid: The GUID that uniquely identifies the template.
  • Id: The certificate template identifier.
  • ReadOnly: true: The template cannot be updated. false: The template values can change via VCC or POST Codesign/UpdateTemplate.
  • KeyUseFlowDN: The Distinguished Name (DN) location of the Code Signing Flow. In VCC, the flow shows required approvals, checks, and actions that enable key usage.
  • ObjectNamingPattern: Only appears if PerUser is true. The macros that make the Certificate object unique to the signer's identity. The rendered value appears in the Policy tree. The default is $Sign.Project$\$Sign.Environment$\$Sign.User$.
  • PerUser:  Only appears if the value is true. The mode that supports multiple cryptographic objects and macros to use for signing. This field determines how objects are created for the Environment.

  • Type: This user-defined template originated from the Code Signing GPG Environment Template.
  • VisibleTo: An Items array of identities that can view the template in VCC. If empty, everyone can see this template. Otherwise, it is a restricted array of identities that can use the template to create new Environments. For example: This is useful to limit exposure to templates pointing at public CAs, as those certificates can be very expensive and may not be required.
  • AuthenticationKeyAlgorithm: The GPG template values for the authentication key. Possible values are: NONE: no key is required, RSA1024, RSA2048, RSA3072, RSA4096, RSA8192, ECCP256, ECCP384, ECCP521, ED25519. See Template details.
  • Email: Template values for E-mail addresses of people who are authorized to use the GPG key. See Template details.
  • EncryptionKeyAlgorithm: The GPG template values for the encryption key. Possible values are: NONE: no key is required, RSA1024, RSA2048, RSA3072, RSA4096, RSA8192. See Template details.
  • Expiration: The number of minutes until the GPG key expires. A value of zero 0 means the key will not expire. See Template details.
  • KeyContainerDN: The template values for the Distinguished Name (DN) location of the key container.
  • KeyStorageLocation: The location of the private key. Software or HSM. See Template details.
  • MaxUses: The template values for the maximum number of GPG key uses. See Template details.
  • RealName: Template values for a person using the GPG key. If PerUser is true, the project that consumes this template will use the $RealName$ macro as the Object Naming pattern. See Template details.
  • SigningKeyAlgorithm: The GPG template values for the signing key: Possible values are: RSA1024, RSA2048, RSA3072, RSA4096, RSA8192, ECCP256, ECCP384, ECCP521, ED25519. See Template details.