Concepts
Application
An application contains necessary configurations that are required for an application client to function smoothly. The application includes:
Configuration parameters: required to initialize and configure the application client.
CSR parameters: required to create or renew client certificates and key.
NAE port: port number on which NAE communication is to be done.
Policies: defines collection of rules that govern cryptographic operation. Refer to Managing Applications for details.
DPG policy
DPG policy is a set of rules that determines when and how to protect/reveal sensitive data moving through DPG. DPG can protect/reveal any data that is transferred through HTTP with REST architecture in the JSON format. The sensitive data is specified at JSON path or in URL parameters. DPG allows you to configure on which data cryptographic operations is to be performed in HTTP methods. Protection of the sensitive data is governed by the Protection Policy associated with the DPG policy. DPG policy is created at the time of configuring Application.
Protection Policy
Protection policy defines a set of rules that govern the cryptographic operation. The protection policy includes entities such as algorithm, key, mode, and character set. Refer to Managing Protection Policy for details.
Heartbeat
Heartbeat is a mechanism that notifies DPG about any change in policies and configurations. Refer to Heartbeat Configuration for details.
Key Caching
The key caching feature enables you to export symmetric keys from the CipherTrust Manager using the NAE XML protocol, and store them on the client for a limited time to perform cryptographic operations locally. Keys cached on the client are stored in process memory only; they are not stored on disk. Only symmetric keys that are marked exportable can be cached.
To export keys, the following criteria must be met:
You must be the key owner.
You must be part of a group with permissions on the key and should only perform those operations that have been configured for that group.
