IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Password-based encryption

Web API uses a password-based encryption process to encrypt all application passwords, which are returned in the RequestSecurityTokenCollection.

The encryption process generates a secret key from the ISAM ESSO password. The encryption process uses a collection of random bytes called salt when generating the secret key. The secret key encrypts the application passwords by using an AES-128 bit encryption algorithm. The algorithm generates a key according to the following process:

  1. Append the salt to the password and generate a hash by using the SHA-256 algorithm.
  2. Append the salt to the digest and generate the hash by using the SHA-256 algorithm. Repeat this process 1000 times.

The key is the first 16 bytes of the final digest.

Parent topic: Web API for Credential Management Guide

Feedback