ENTERPRISE EDITION This is a SignServer Enterprise Edition (EE) feature.

The Crypto Worker is a worker not performing any operations on its own and instead only hosts a Crypto Token that can be referenced by other workers.

This crypto worker internally implements a JackNJI11KeyWrappingCryptoToken and requires a JackNJI11CryptoToken referenced by the CRYPTOTOKEN property to use as the source crypto token.

Fully qualified class name: org.signserver.p11ng.common.cryptotoken.JackNJI11KeyWrappingCryptoWorker

Worker Properties




Name of (crypto) worker holding the JackNJI11CryptoToken to use as the source crypto token.


Key alias of the secret/symmetric wrapping key in the token that should be used to wrap and unwrap keys. Required.


Key alias of wrapped key stored in the database that can be used to test that unwrapping is working. If specified, the worker will be offline if a test signing cannot be performed with this key. Optional.


Cipher algorithm used to wrap the keys by secret/symmetric key. The value can be provided as PKCS#11 mechanism name, long constant value, or hexadecimal constant value. For more information on the Wrapping Cipher Algorithm, see JackNJI11KeyWrappingCryptoToken. Optional.

Default value is CKM_AES_CBC_PAD.

Note that all crypto token features are not supported by this worker if running in NoDB mode. For more information, see NoDB Mode in JackNJI11KeyWrappingCryptoToken.