Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Signing hash algorithm and encryption strength used to create the envelope z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|||||||||
Both the signing hash algorithm and encryption strength are configurable attributes. Use application data (APPLDATA) in the RACFEVNT resource profiles to specify the signing hash algorithm that signs the PKCS #7 envelope, and the encryption strength used when encrypting the envelope. The syntax of the APPLDATA string consists of a character string indicating the signing hash algorithm, followed by a forward slash (/), followed by a string indicating the encryption strength. Examples:
Allowable values for the signing hash algorithm:
Note: Strong encryption might not be available at all installations
based on government export regulations. See z/OS Cryptographic Services System SSL Programming for
more information.
If the APPLDATA is not specified in the profile, the defaults are taken as noted above. If an empty qualifier exists in the APPLDATA, then the default value is used for that qualifier. For example, if the APPLDATA is specified as SHA1, then SHA1 is used as the signing hash algorithm, and triple DES is used as the encryption algorithm. If the APPLDATA is specified as /MEDIUM, then MD5 is used as the signing hash algorithm, and DES is used as the encryption algorithm. If the APPLDATA is specified incorrectly, an error message is issued to the console. Thereafter, the default values are used whenever users who are eligible for enveloping change their passwords or password phrases, or whenever an application requests the retrieval of an envelope. The APPLDATA can be changed at any time. |
Copyright IBM Corporation 1990, 2014
|