Local Encryption Configuration Parameters
| Parameter | Default | Description |
|---|---|---|
| Symmetric_Key_Cache_Enabled | no | Enables the symmetric key caching. If enabled, the client can use the symmetric keys locally. Only symmetric keys can be cached. Possible settings: • no - disables symmetric key caching. Remote encryption (encryption performed on the CipherTrust Manager) is available as normal. This is the default and recommended setting. To disable the feature, set Symmetric_Key_Cache_Enabled=no.• yes - Key caching is enabled and the NAE XML protocol is used to export keys. Protocol must be set to ssl. To enable key caching and use NAE XML protocol for exporting keys, set Symmetric_Key_Cache_Enabled=yes. • kmip_yes - (Applicable to CADP CAPI only) Key caching is enabled and the KMIP protocol is used to export keys. Protocol must be set to ssl. To enable key caching and use KMIP protocol for exporting keys, set Symmetric_Key_Cache_Enabled=kmip_yes. • tcp_ok - Key caching is enabled over both tcp and ssl connections. The NAE XML protocol is used to export keys. To enable key caching over both tcp and ssl connections, set Symmetric_Key_Cache_Enabled=tcp_ok. |
| Symmetric_Key_Cache_Expiry | 43200 (12 hours) | Time period after which a cached symmetric key can be removed from the cache. If set to 0, the key will never be removed from the client cache.Note: It is highly recommended to keep short expiry time for the keys in the cache. |
Note
While configuring local mode, make sure the group policy user mapped to a database must have the export permissions on the key.
