Local Encryption Configuration Parameters
Parameter | Default | Description |
---|---|---|
Symmetric_Key_Cache_Enabled | tcp_ok | The Symmetric_Key_Cache_Enabled parameter determines if the symmetric key caching feature is enabled. This parameter allows symmetric keys to be cached and perform cryptographic operations within the utility.Possible settings —no–Key caching is disabled. Remote encryption is available as normal. yes–Key caching is enabled. The Protocol parameter must be set to ssl, and ssl must be configured. —tcp_ok–Key caching is enabled over both tcp and ssl connections. Note: It is recommended to enable the symmetric key caching parameter to overcome the network delay encountered during cryptographic operations. |
Symmetric_Key_Cache_Expiry | 43200 seconds (12 hours) | The Symmetric_Key_Cache_Expiry parameter determines the minimum amount of time that a key remains in the client key cache. The cache holds both symmetric and asymmetric keys. The name of this property retains the word symmetric for backwards compatibility.Possible settings —0–This is the infinite timeout setting. Keys are never purged from the client cache. —A positive integer– At the end of this interval, the key is purged from the cache the next time the library is called. |
Local_Cipher_Cache_Expiry | 0 | The Local_Cipher_Cache_Expiry parameter specifies the minimum amount of time after which the local cipher initialized with cached key expires and is reinitialized with the cached key. This parameter is set only when symmetric key cache is enabled.Possible setting —-1- cipher will never expire. —0-cipher will expire after each operation. —Any positive integer-At the end of this interval, the local cipher initialized with cached key will expire and reinitialize. This number must be less than the value mentioned in Symmetric_Key_Cache_Expiry . |
Local_Crypto_Provider | SunJCE or IBMJCE | The Local_Crypto_Provider parameter specifies the name of the JCE provider that will perform local cryptography if symmetric key caching, or persistent key caching is enabled. The default value is SunJCE or IBMJCE, depending on your JVM. SunJCE provider is the default on Sun JVM; IBMJCE provider is the default on IBM JVM. |
Key_non_exportable_policy | no | The Key_non_exportable_policy specifies the protocol used to perform the cipher operation remotely when local cache is enabled and the key is non exportable.Pssible settings —yes- Enables the feature. The non exportable key in local caching mode can perform the cipher operation remotely. —no-Disables the feature.No cipher operation could be performed as the key is non exportable. |