Confidentiality Configuration Shared Resource

Confidentiality configuration shared resource provides access to the keystore to fetch the key required to encrypt or decrypt the data by using the encrypt and decrypt XPath functions. The Confidentiality configuration shared resource also provides information of the encryption type and the encryption approach being used.

General

The General tab shows the package that stores the Confidentiality shared resource and the shared resource name. You can also provide a description for the shared resource on this tab.

The following table describes the fields on the General tab of the Confidentiality shared resource:

Field Module Property? Description
Package No The name of the package in which you want to create a shared resource.
Name No The name to be displayed as a label for the shared resource.
Description No A short description of the shared resource.

Keystore Configuration

The following table describes the fields on the Keystore Configuration tab of the Confidentiality shared resource:

Field Module Property? Description
Provider No The name of the security provider. Select a provider from the following list:
  • SunJCE(Sun Java Cryptography Extension)
  • IBMJCE(IBM Java Cryptography Extension)
  • BCFIPS(BouncyCastle Federal Information Processing Standards)
Note: BCFIPS provider is used in approved mode. RSA (Rivest-Shamir-Adleman) algorithm has a public key and private key cipher that is not supported with BCFIPS provider in approved mode.
Keystore Provider as Truststore No

Select Keystore Provider as Truststore to configure the RSA public key. The truststore with the imported RSA public key must be provided in the Keystore URL field.

Note: The Keystore Provider as Truststore field is not available for BCFIPS provider.
Keystore URL Yes The location of the keystore. You can give the relative path or the absolute path of the URL to select the keystore.
Keystore Type No The type of the keystore. Depending on the provider selected in the Provider field, one of the following keystore types is populated in the Keystore Type field:
  • PKCS12(Public-Key Cryptography Standard)
  • JCEKS(Java Cryptography Extension KeyStore)
  • BCFKS(BouncyCastle FIPS KeyStore)
Keystore Password Yes The password for the keystore
Key Alias Name Yes The name of the alias used to access the key.
Key Alias Password Yes The password for the alias. The Key Alias Password field is not needed when the Keystore Provider as Truststore option is selected.

Confidentiality Configuration

You can provide the information required to encrypt the data.

Field Module Property? Description
Encryption Type No You can either select the Encryption Type field from the drop-down list or enter any other encryption type of your choice:
  • AES/ECB/PKCS5Padding
  • AES/CBC/PKCS5Padding
  • AES/GCM/NoPadding
  • DESede/ECB/PKCS5Padding
  • DESede/CBC/PKCS5Padding
  • RSA/ECB/PKCS1Padding
Note: RSA cipher encrypts and decrypts only small amount of data. The length of the data that can be encrypted and decrypted depends on the key size being used. For example, for 1024 bit RSA keys (128 bytes) and PKCS1 V1.5 padding (11 bytes), you can encrypt 117 bytes (128-11). Approximately, the length of the bytes that can be encrypted is equal to the key size minus any padding and header data length.
Enable Two-Key Encryption No When you select the Enable Two-Key Encryption check box, two key encryption approach can be used. Enable Two-Key Encryption is not available with RSA encryption.
Note: For two-key encryption, the master key must have the key size as per the AES algorithm.
Datakey Length No When you select the Enable Two-Key Encryption check box, depending on the algorithm, you can select the Datakey Length from the list:
  • For AES algorithm, the Datakey Length field can be 128, 192, or 256
  • For DESede algorithm, the Datakey Length field can be 168
Note: When you use maximum key size, ensure that the Java Cryptography Extension(JCE) Unlimited Strength Jurisdiction Policy files are installed along with the Java Runtime Environment(JRE).
Note: The same Configuration must be used for encrypt and decrypt XPath functions.