Confidentiality configuration shared resource provides access to the keystore to fetch the key required to encrypt or decrypt the data by using the
encrypt and
decrypt XPath functions. The Confidentiality configuration shared resource also provides information of the encryption type and the encryption approach being used.
General
The
General tab shows the package that stores the Confidentiality shared resource and the shared resource name. You can also provide a description for the shared resource on this tab.
The following table describes the fields on the
General tab of the Confidentiality shared resource:
| Field
|
Module Property?
|
Description
|
| Package
|
No
|
The name of the package in which you want to create a shared resource.
|
| Name
|
No
|
The name to be displayed as a label for the shared resource.
|
| Description
|
No
|
A short description of the shared resource.
|
Keystore Configuration
The following table describes the fields on the
Keystore Configuration tab of the Confidentiality shared resource:
| Field
|
Module Property?
|
Description
|
| Provider
|
No
|
The name of the security provider. Select a provider from the following list:
- SunJCE(Sun Java Cryptography Extension)
- IBMJCE(IBM Java Cryptography Extension)
- BCFIPS(BouncyCastle Federal Information Processing Standards)
Note: BCFIPS Provider is used in approved mode.
|
| Keystore URL
|
Yes
|
The location of the keystore. You can give the relative path or the absolute path of the URL to select the keystore.
|
| Keystore Type
|
No
|
The type of the keystore. Depending on the provider selected in the
Provider field, one of the following keystore types is populated in the
Keystore Type field:
- PKCS12(Public-Key Cryptography Standard)
- JCEKS(Java Cryptography Extension KeyStore)
- BCFKS(BouncyCastle FIPS KeyStore)
|
| Keystore Password
|
Yes
|
The password for the keystore
|
| Key Alias Name
|
Yes
|
The name of the alias used to access the key.
|
| Key Alias Password
|
Yes
|
The password for the alias
|
Confidentiality Configuration
You can provide the information required to encrypt the data.
| Field
|
Module Property?
|
Description
|
| Encryption Type
|
No
|
You can either select the
Encryption Type field from the drop-down list or enter any other encryption type of your choice:
- AES/ECB/PKCS5Padding
- AES/CBC/PKCS5Padding
- AES/GCM/NoPadding
- DESede/ECB/PKCS5Padding
- DESede/CBC/PKCS5Padding
|
| Enable Two-Key Encryption
|
No
|
When you select the
Enable Two-Key Encryption check box, two key encryption approach can be used.
Note: For two-key encryption, the master key must have the key size as per the AES algorithm.
|
| Datakey Length
|
No
|
When you select the
Enable Two-Key Encryption check box, depending on the algorithm, you can select the
Datakey Length from the list:
- For AES algorithm, the
Datakey Length field can be 128, 192, or 256
- For DESede algorithm, the
Datakey Length field can be 168
Note: When you use maximum key size, ensure that the Java Cryptography Extension(JCE) Unlimited Strength Jurisdiction Policy files are installed along with the Java Runtime Environment(JRE).
|
Note: The same Configuration must be used for
encrypt and
decrypt XPath functions.
Copyright © Cloud Software Group, Inc. All rights reserved.
