APIs available for encrypting certificates in scoped applications.

Use these methods to generate a hash for the certificate, sign data using a private key, and generate a message authentication code.

CertificateEncryption - CertificateEncryption()

Instantiates a CertificateEncryption object in a scoped application.

Table 1. Parameters
Name Type Description
None

CertificateEncryption - generateMac(String key, String algorithm, String data)

Generates the Message Authentication Code (MAC), which is used to authenticate a message.

Table 2. Parameters
Name Type Description
key String Key to use to sign the message. Must be Base64 encoded.
algorithm String Algorithm to use to generate the MAC: HmacSHA256, HmacSHA1, HmacMD5, and so on.
data String Data to process.
Table 3. Returns
Type Description
String MAC in base64 format.

Example

This example shows how to a MAC using sample_key as the data and HmacSHA256 as the algorithm.

var mac = new CertificateEncryption;
var key = "sample_key"; 
key = gs.base64Encode(key);
mac.generateMac(key, "HmacSHA256", "sample_data");

CertificateEncryption - getThumbPrint(String certificateID, String algorithm)

Generates a hash (SHA-1, SHA-256, and so on) for the certificate from Trust Store Cert.

Table 4. Parameters
Name Type Description
certificateID String Sys_id of the certificate record in the X.509 Certificate [sys_certificate] table.
algorithm String Algorithm to use to create the hash, such as SHA-1, SHA-256, and so on.
Table 5. Returns
Type Description
String Thumbprint in base64 format.

Example

This example shows how to generate the thumbprint (hash) for the AzureAAD certificate.

//Create a GlideRecord to the certificate table
var x509GR = new GlideRecord('sys_certificate');

//If there is a certificate of a name of AzureAAD, get the certificate thumbprint
if(x509GR.get('name', 'AzureAAD')){

//Use the sys_id and algorithm we want to create a thumbprint
var thumbPrint = CertificateEncryption.getThumbPrint(x509GR.getUniqueValue(), "SHA-1");

//Print the created thumbprint
gs.print("Thumbprint for " + x509GR.getDisplayValue() + " is " + thumbPrint);
}

Output:

V1X+aguDBTZVVbWMGTXxdzJLmaY=

CertificateEncryption - getThumbPrintFromKeyStore(String certificateID, String alias, String algorithm)

Generates a hash (SHA-1, SHA-256, and so on) for the certificate from the keystore entry.

Table 6. Parameters
Name Type Description
certificateID String Sys_id of the certificate record in the X.509 Certificate [sys_certificate] table.
alias String Alias name for the certificate.
algorithm String Algorithm to use to create the hash, such as SHA-1, SHA-256, and so on.
Table 7. Returns
Type Description
String Thumbprint in base64 format.

CertificateEncryption - sign(String certificateID, String alias, String aliaspassword, String algorithm, String datatosign)

Signs the data using the private key and the specified algorithm.

Table 8. Parameters
NameTypeDescription
certificateID String sys_id of the certificate record in the X.509 Certificate [sys_certificate] table.
alias String Private key name.
aliaspassword String Password for the private key.
algorithm String Algorithm to use. Must be one of the following values:
  • NONEwithRSA
  • MD2withRSA
  • MD5withRSA
  • SHA1withRSA
  • SHA224withRSA
  • SHA256withRSA
  • SHA384withRSA
  • SHA512withRSA
  • NONEwithDSA
  • SHA1withDSA
  • SHA224withDSA
  • SHA256withDSA
  • NONEwithECDSA
  • SHA1withECDSA
  • SHA224withECDSA
  • SHA256withECDSA
  • SHA384withECDSA
  • SHA512withECDSA
datatosign String Data to sign.
Table 9. Returns
Type Description
String Signed data in base64 format.

Example

var ce = new CertificateEncryption;
ce.sign("recordID", "alias", "password", "SHA1withRSA", "sign this data");