Local Encryption Configuration Parameters
| Parameter | Default | Description |
|---|---|---|
| Symmetric_Key_Cache_Enabled | tcp_ok | Determines if the symmetric key caching feature is enabled. Symmetric keys can be cached. Possible settings: — no: Key caching for symmetric keys is disabled. Crypto operations for symmetric key are performed on the Key Manager). — yes: Key caching for symmetric keys is enabled. Protocol must be set to ssl. (And ssl must be configured.) —tcp_ok: Key caching for symmetric keys is enabled over both tcp and ssl connections. |
| Asymmetric_Key_Cache_Enabled | Determines if the asymmetric key caching feature is enabled. Asymmetric keys can be cached. Possible settings: — no: Key caching for symmetric keys is disabled. Crypto operations for symmetric key are performed on the Key Manager). — yes: Key caching for symmetric keys is enabled. Protocol must be set to ssl. (And ssl must be configured.) —tcp_ok: Key caching for symmetric keys is enabled over both tcp and ssl connections. | |
| Symmetric_Key_Cache_Expiry | 43200s | The minimum amount of time that a key will remain in the client key cache. The cache holds both symmetric and asymmetric keys. The name of this property retains the word symmetric for backwards compatibility. Possible settings: — 0: This is the infinite timeout setting. Keys are never purged from the client cache. — A positive integer: At the end of this interval, the key will be purged from the cache the next time the library is called. |
| Symmetric_Key_Cache_AutoRefresh_Interval | It is the time after which the cached key becomes eligible for refresh. The actual refresh operation occurs only when a cached key is queried from the cache before the key expires. It can be specified in any time unit; the default is seconds. If the eligible key is not queried from the symmetric cache, it is removed from the cache after its expiry. This parameter is applicable only if the symmetric key cache is enabled. — 0: Auto refresh feature is disabled. — Any positive integer: The time after which the cached key is eligible for refresh. | |
| Local_Cipher_Cache_Expiry | 0 | The time after which the local cipher initialized with cached keys expires and then reinitialized with cached keys. The default unit is milliseconds. This parameter is applicable only if the symmetric key cache is enabled. The following table shows the possible configurations of Symmetric_Key_Cache_AutoRefresh_Interval, Symmetric_Key_Cache_Expiry, Local_Cipher_Cache_Expiry and their impact on the local cipher expiry time. |
| Local_Crypto_Provider | SunJCE or IBMJCE | The name of the JCE provider that will perform local cryptography if symmetric key caching is enabled. |
| Persistent_Cache_Enabled | no | Enables and disables the persistent key caching feature. To enable this feature, you must also enable either symmetric or asymmetric key caching or both. Possible settings: — yes: Enables this feature. — no: Disables the feature. |
| Persistent_Cache_Expiry_Keys | 43200s | Duration after which a key will expire from the persistent cache. This value must be greater than zero. |
| Persistent_Cache_Directory | no default | Location of the persistent cache file. The directory must already exist. The path can be absolute or relative to your application. |
| Persistent_Cache_Max_Size | 100 keys | The maximum number of keys that can be stored in the persistent cache. Possible settings: — Any positive integer — -1: allows infinite number of keys to be stored in persistent cache. |
| Key_non_exportable_policy | no | This parameter is used to perform the crypto operations remotely when symmetric/asymmetric cache is enabled and the key is non exportable. Possible settings: — yes: Enables the feature. — no: Disables the feature. |
