Configuration

The server is configured via a file named secrets.json. This file is included in the root of the distribution package that you have received and was automatically used when you started the server. You can, however, customize the values in this file. The default file (if you opted to generate the isssuer's private key looks like the following):

{
  "api_key": "wfMIgreFfMxDXySTU/MqNaFPJBIZcc40BQ62uQMwwd0=",
  "mobile_api_key": "S+ILGn9HOYKvgbt6MbqwJHknYajIeVn/bJJBjyLffFQ=",
  "jwt_secret": "ujfj1hiaiwaMsWnoiMDE1uKNHaD45Yu8hpscRggql5s=",
  "issuers_private_key": "v1ScMMYqPLUbFU5N6A4a+H9znA9+fi/WHWf61yivPts="
}

The following keys can be defined in the JSON:

1. api_key - this value defines a secret API key that you can use to make a server-to-server call to an end-point on the SenseCrypt server. The api-key is not meant for use with the mobile SDKs.

2. mobile_api_key - this value defines a secret API key that you can use to make a mobile to server call from the SenseCrypt Online Mobile SDK. The mobile_api_key must be used only with the mobile SDK. It cannot be used to make a server-to-server call to any of the end-points on the SenseCrypt server.

3. issuers_private_key (optional) - this value defines the key that will be used to enable the Face PKI functionality of the server. Once it is set, the server will provide a Root Certificate end-point that can be used to retrieve the Root Certificate for the SenseCrypt server operating as a Certificate Authority. This mode of operation of the server (when the issuers_private_key is set) is known as Certificate Authority mode. This value was automatically set to a random key if you selected yes to generating issuer's public/private key pair while starting the server. You should not change this value manually unless you know how to generate a key-pair using the Secp256k1 elliptic curve. As has been discussed earlier, the root certificate can be used to verify the signature of any issued Face Certificate. Furthermore, when it is set, generated SensePrints are signed using this key. Thus, for the SenseCrypt Offline Mobile SDK, correspondingly, the issuers_public_key must be set in the constants so that the offline mobile SDK can verify that SensePrints are issued by the correct issuer.

4. app_thumbprints_android (optional) - For the SenseCrypt Online Mobile SDK Online, a thumbprint is displayed in the app's settings and is also available as a mobile SDK API call. Your app may have different thumbprints while in development and in production (on the Play Store). If you set these thumbprints as comma separated values for this configuration, the server will not accept requests from any app that is not legitimate (has a different thumbprint).

5. jwt_secret (optional) - this value defines the secret used for JWT token generated on the /gen-jwt endpoint. See the Using a JWT Token for Mobile Authorization section for more information.

6. jwt_expire_seconds (optional) - this value defines the lifetime of JWT tokens generated by the /gen-jwt endpoint. The default value is 300 = 5 minutes.

If you change the values in secrets.json, you will need to stop the container and restart it again.

First list the containers:

> docker ps

After observing the value for CONTAINER ID, you can stop it using:

> docker stop 336180357b1d

Once the docker is stopped, you can start it again using the process described in Starting the server.