It depends on what your business objective is.
If the objective is to ensure that specific objects are signed by
specific individuals (and none other) then you need to create distinct
keystores. Bear in mind that there are many other issues involved if
your goal is non-repudiation.
If the objective is to just maintain the data integrity of the object,
then just a single generic key on the server should suffice.
Arshad Noor
StrongAuth, Inc.
m2 r2sj wrote:
I am looking for efficient way to use the keystore to create a private
key to sign the XML document for one or more persons . When the person
signs the document , Lets assume 10 persons want to sign the document .
Should We
1)Get the each person details and create a key store for each person on
their local computer and then generate a private key and then sign the
document as follows
keytool -genkey -alias test -keyalg RSA -dname "CN=Geuer, OU=FB12NUE,
O=Uni, C=DE" -keypass xmlsecurity -storepass xmlsecurity -keystore
keystoreRSA.jks -validity 2000
Or
2)Keep the keystore on a server and use common user name and password to
get the private key for all the persons
Can any one suggest me the efficient way to do this.
