Introduction
- GMO Sign Digital Signatures are powered by GlobalSign’s Digital Signing Service (DSS).
- You will request API credentials to access your Digital Signing Service (DSS) Account and then link them to your GMO Sign Account.
- Follow this guide to request DSS API Credentials manually :
Part 1 - Generate a Key Pair
Customer needs to generate an RSA key pair (a public and private key) and share the public key to GlobalSign executive. The public key is used to securely encrypt your Digital Signing Service API credentials while providing them to you. You will then use your private key to decrypt your API Credentials.
There are various methods for generating public/private keys. For the purposes of this example, we used OpenSSL.
Note: You are required to use the OpenSSL version 1.1.1.
- To generate the private key, run the following script:
openssl genrsa -aes256 -out /PATH/TO/privatekey.pem 2048 - To generate the public key using the private key, run the following script:
openssl rsa -in /PATH/TO/privatekey.pem -outform PEM -pubout -out /PATH/TO/publickey.pem
This method will generate the private key in an encrypted file using a user-supplied passcode, which is recommended for most purposes.
Notes:
|
You will need to supply the contents of the publickey.pem file to GlobalSign during the onboarding process. It has the format of:
-----BEGIN PUBLIC KEY-----
MIICIjANBfkqhkiG9w0BAQBFAAOCAg8AMIICCgKCAgEAyNWb1c14iT994U+zC0PS
H7nMaA7nwPswAxxnMSCYYo1sGDjR3WvILiXjpCfIkv9PFNhhJ9MOj/AUqSoWKgzV
jSMsvGMyAHdvZfMF3GLRR05tPA/B8ZZDr0npTP/hP4mFwHCE2Xg+VMpNfn3qUr9x
ZBUtmKrvKoaQoSDbvoZMRiOvs4+wL+yMqWTVsAipiDC0kMKMWiI4RKrqn91euK4Z
xrZUtFtzEX8so+3U9rK/oBX0UW7Zdjp5u3yqGEP84WyGV9qjQqcdh2JAhmBPPSv7
mES9ZApr/4AcLRyZbsMiD7Ihh0+IE6xxfPEaVRRXoa38hA+Bssl2cNLx+CoN5IJ5
qRazPilU+meDWJqf+0QBe2pu0Xdtg29AlVcszjPAoSTNvJseMKjzGkca/dtOoSe3
KxZWQnIjLEGo9+4I/nj7+2JkqFxTMKmMNjVXpR2BTo9m16pncjFDmhFmRm7YEwf2
3ig1pVFou7bpi5+YnYDI+qHbeWgqhS106Fq+vRBOfBsIHWl3gbcS7zTQTW4ykcK5
FSmfhGzUyNb457T8aDKFhH+lgs9VwFfiNUpSzPAVbovA1lNFh0LICRbE9fmVlxrr
8HEGRx2jnjZq8nvRlxvwbO5pcafHaGHMd4CznSzOv3t71D4k++JiPAl0MLy67u9c
rGARZYbI4zSCsFkh//7DIdcCAwEAAQ==
-----END PUBLIC KEY-----
Part 2 - Decrypt the API Credentials
GlobalSign will provide you with your DSS API Credentials in an encrypted file, which you must decrypt to receive the API Key and Secret. If using OpenSSL, you are required to use the OpenSSL version 1.1.1, and follow these steps:
- GlobalSign will email a file named something like: “globalsign.enc”
- Save the file on your computer.
- Run the following command. Note that the privatekey.pem is the private key generated as part of the key generation process discussed above. If you have protected your private key with a passcode, you will be prompted for it during this process step.
openssl pkeyutl -inkey </PATH/TO/PRIVATE_KEY.PEM> -in </PATH/TO/ENCRYPTEDFILE.ENC> -out </PATH/TO/FILETOCREATE.txt> -decrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
- </PATH/TO/ENCRYPTEDFILE.ENC> - This file is being shared by GlobalSign executive.
- The FILETOCREATE.txt element will contain your Key and Secret. You can map these credentials in GMO Sign portal. And for more details visit - https://helpcenter.gmosign.com/hc/en-us/articles/900004853686