Cipher Algorithms

The server supports encryption cipher suites that are compliant with the Java virtual machine (JVM) in which the server is running. When configuring encryption, you must specify the cipher using a key length in bits and either a cipher algorithm name, such as AES, or a full cipher transformation that explicitly specifies the mode and padding to use for the encryption, such as AES/CBC/ PKCS5Padding. If only a cipher algorithm is given, then the default mode and padding for that algorithm is automatically selected.

The following cipher algorithms and key lengths have been tested using the Oracle JVM.

Cipher Algorithm Key Length (bits)

AES

128

Blowfish

128

DES

64

DESede

192

RC4

128
Note:

By default, some JVM implementations come with limited encryption strength, which might restrict the usable key lengths. For example, the Oracle JVM does not allow AES with 192-bit or 256-bit keys unless you download and install the unlimited encryption strength policy files.

For specific reference information about the algorithms and transformations available in all compliant JVM implementations, see the Java Cryptography Architecture Reference Guide and Java Cryptography Architecture Standard Algorithm Name Documentation documentation.

Cipher Stream Providers

server supports the following Cipher Stream Providers, which are used to obtain cipher input and output streams to read and write encrypted data.

Cipher Stream Providers Description

Default

Default cipher stream provider using a hard-coded default key.

File-Based

Reads a specified file in order to obtain a password used to generate cipher streams for reading and writing encrypted data.

Third-Party

Provides cipher stream provider implementations created in third-party code using the Server SDK.

Wait-for-Passphrase

Causes the server to wait for an administrator to enter a passphrase to use to derive the key for cipher streams. To supply the passphrase to the server, run encryption-settings supply-passphrase.