Confidentiality Configuration Shared Resource

Confidentiality configuration shared resource provides access to the keystore to fetch the key required to encrypt or decrypt the data by using the encrypt and decrypt XPath functions. The Confidentiality configuration shared resource also provides information of the encryption type and the encryption approach being used.

General

The General tab shows the package that stores the Confidentiality shared resource and the shared resource name. You can also provide a description for the shared resource on this tab.

The following table describes the fields on the General tab of the Confidentiality shared resource:

Field Module Property? Description
Package No The name of the package in which you want to create a shared resource.
Name No The name to be displayed as a label for the shared resource.
Description No A short description of the shared resource.

Keystore Configuration

The following table describes the fields on the Keystore Configuration tab of the Confidentiality shared resource:

Field Module Property? Description
Provider No The name of the security provider. Select a provider from the following list:
  • SunJCE(Sun Java Cryptography Extension)
  • IBMJCE(IBM Java Cryptography Extension)
  • BCFIPS(BouncyCastle Federal Information Processing Standards)
Note: BCFIPS Provider is used in approved mode.
Keystore URL Yes The location of the keystore. You can give the relative path or the absolute path of the URL to select the keystore.
Keystore Type No The type of the keystore. Depending on the provider selected in the Provider field, one of the following keystore types is populated in the Keystore Type field:
  • PKCS12(Public-Key Cryptography Standard)
  • JCEKS(Java Cryptography Extension KeyStore)
  • BCFKS(BouncyCastle FIPS KeyStore)
Keystore Password Yes The password for the keystore
Key Alias Name Yes The name of the alias used to access the key.
Key Alias Password Yes The password for the alias

Confidentiality Configuration

You can provide the information required to encrypt the data.

Field Module Property? Description
Encryption Type No You can either select the Encryption Type field from the drop-down list or enter any other encryption type of your choice:
  • AES/ECB/PKCS5Padding
  • AES/CBC/PKCS5Padding
  • AES/GCM/NoPadding
  • DESede/ECB/PKCS5Padding
  • DESede/CBC/PKCS5Padding
Enable Two-Key Encryption No When you select the Enable Two-Key Encryption check box, two key encryption approach can be used.
Note: For two-key encryption, the master key must have the key size as per the AES algorithm.
Datakey Length No When you select the Enable Two-Key Encryption check box, depending on the algorithm, you can select the Datakey Length from the list:
  • For AES algorithm, the Datakey Length field can be 128, 192, or 256
  • For DESede algorithm, the Datakey Length field can be 168
Note: When you use maximum key size, ensure that the Java Cryptography Extension(JCE) Unlimited Strength Jurisdiction Policy files are installed along with the Java Runtime Environment(JRE).
Note: The same Configuration must be used for encrypt and decrypt XPath functions.