Container Key Renewal
The operation (IContainer.Renew) can be used to renew the container keys without having to perform activation again or interrupting an existing service in the case of expiration. All keys are renewed during this operation.
Key Renewal Trigger
The decision to trigger the keys renewal can be taken by the application based on the following information:
IContainer.IsRenewable() will return a boolean that states if the container can be renewed. A container can be renewed if the:
- HID authentication platform supports this operation
- “Transport Key for Mobile Service communications” key (CT_SMK4 credential type) is still valid
- IContainer.GetRenewalDate() will return the date by which the keys must be renewed for container to be fully functional (support might be limited or not working after this date). This date corresponds to the shortest key from this container.
- The limit date for key renewal is the expiration date of the “Transport Key for Mobile Service communications” key (CT_SMK4 credential type). After this date, key renewal is no longer possible.
It is recommended that the Key Renewal operation happens before the RenewalDate.Announcement.
For further details, see:
ActivID AS Credential Type Parameters
ActivID Appliance Credential Type Parameters
HID Authentication Service Credential Parameters
Key Renewal Processing and Result
- As with container provisioning, key renewal is a time-consuming operation.
- After key renewal, the container remains the same, but all previous keys have been deleted, and new keys have been created for this container just as if this was a brand-new container (created using the current HID authentication platform configuration).
-
A container key renewal operation can be used to apply an update to the protection policy configuration used for the initial container creation (for example, enabling biometrics or updating password complexity requirements). However, these changes will not be enforced for a user's current password and will only be applied after an explicit call to change password. An integrator can choose to wait until password expiration or to trigger the change password immediately after the key renewal operation depending on the desired workflow.
-
The original creation date of the container can be retrieved using IContainer.getOriginalCreationDate()
// check if container is renewable
bool isRenewable = await container.IsRenewable(null);
if( isRenewable )
{
// Container Renewal configuration
var config = new ContainerRenewal()
{
Password = myPassword,
PushId = pushId,
};
// The listener works the same way as the createContainer.
EventListener progressEvent = new EventListener();
// We can proceed to the renew
isRenewSuccessfull = await container.Renew(config, null, progressEvent);
}