Supported Encryption Ciphers and Transformations - PingDirectory

Supported Encryption Ciphers and Transformations - PingDirectory - 8.3

PingDirectory

bundle

pingdirectory-83

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 8.3

Cipher Algorithms

The Directory Server supports encryption cipher suites that are compliant with the Java virtual machine (JVM) in which the server is running. When configuring encryption, you must specify the cipher using a key length in bits and either a cipher algorithm name, such as AES, or a full cipher transformation that explicitly specifies the mode and padding to use for the encryption, such as AES/CBC/ PKCS5Padding. If only a cipher algorithm is given, then the default mode and padding for that algorithm is automatically selected.

The following cipher algorithms and key lengths have been tested using the Oracle JVM.

Cipher Algorithms and key length
Cipher Algorithm	Key Length (bits)
AES	128
Blowfish	128
DES	64
DESede	192
RC4	128

Note:

By default, some JVM implementations come with limited encryption strength, which might restrict the usable key lengths. For example, the Oracle JVM does not allow AES with 192-bit or 256-bit keys unless you download and install the unlimited encryption strength policy files.

For specific reference information about the algorithms and transformations available in all compliant JVM implementations, see the Java Cryptography Architecture Reference Guide and Java Cryptography Architecture Standard Algorithm Name Documentation documentation.

Cipher Stream Providers

Directory Server supports the following Cipher Stream Providers, which are used to obtain cipher input and output streams to read and write encrypted data.

Cipher Stream Providers and their descriptions
Cipher Stream Providers	Description
Default	Default cipher stream provider using a hard-coded default key.
File-Based	Reads a specified file in order to obtain a password used to generate cipher streams for reading and writing encrypted data.
Third-Party	Provides cipher stream provider implementations created in third-party code using the Server SDK.
Wait-for-Passphrase	Causes the server to wait for an administrator to enter a passphrase to use to derive the key for cipher streams. To supply the passphrase to the server, run encryption-settings supply-passphrase.