Versions Compared

Version Old Version 80 New Version 81
Changes made by

Paul Zachos

David Banz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • use-case: Encryption of the configuration files

  • required: always

  • configured in these applications

    • Identity Manager Admin / (earlier know as PRIME Designer)

    • Identity Manager Operator / (earlier known as PRIME Explorer)

  • storage: pkcs12, HSM (recommended)

  • versioning: not supported, always uses version 1

  • supported asymClipher values:

    • for HSM

      • RSA/ECB/OAEPWithSHA-384AndMGF1Padding

      • RSA/ECB/OAEPWithSHA-512AndMGF1Padding

    • for PKCS#12

      • RSA/None/OAEPWithSHA384AndMGF1Padding

      • RSA/None/OAEPWithSHA512AndMGF1Padding

    • NOTE: but you cannot reconfigure the asymCipher after exporting an encrypted ZIP, as config import of such a ZIP will fail

  • general requirements:

    • placeholder allowed only if config ZIP encryption is disabled

      • after changing the key you cannot decrypt previously exported config ZIPs that use encryption

  • key requirements:

    • supported types:

      • RSA 2048

      • RSA 3072

      • RSA 4096 (recommended)

  • certificate requirements:

    • no special requirements, as only the key-pair is used

      • may be self-signed

      • key usage is not checked (recommended for informational purposes: set dataEncipherment + keyEncipherment)

      • validity is ignored

      • certificate does not need to be trusted

...