Previous Topic: Conceal Custom Configuration Option

Next Topic: System Properties for Business Workflows

Configuration GuideCA GovernanceMinder System PropertiesFIPS Compliant Encryption

FIPS Compliant Encryption

Use the following properties to configure FIPS-compliant encryption:

pbe.fips.enabled

Specifies if CA GovernanceMinder uses FIPS-compliant encryption algorithms.

Default: False

True—Use FIPS-compliant encryption.

False—Use non-compliant encryption.

pbe.provider

Defines the FIPS-compliant algorithms provider. Leave this property blank to use the RSA JSafeJCE algorithms that CA provides. If you specify another provider, copy that algorithm set to all computers running the CA GovernanceMinder server.

passphrase.getter.class

Defines the Java class that iretrieves the encryption key.

Specify one of the previous options by setting the passphrase.getter.class parameter when you configure FIPS encryption.

Default: com.eurekify.security.SimplePassPhraseGetter

The CSM Password Tool enables you to use a FIPS key in an external file generated by the tool for encryption.

You can access the CSM Password Tool to use this external file.

Follow these steps:

  1. Locate the following ZIP file in the CA GovernanceMinder package: 
    CA-RCM-12.6.00-CSM-Password-Tools.zip.
  2. In the CA GovernanceMinder Portal, navigate to Administration, Settings, Common Property Settings and add the following property: 
    fips.file.location=fips_file_location

    Note: fips_file_location is the location of the external file generated by the CSM Password Tool using double backslashes (\\) in the path. For example:

    c:\\sub_folder1\\sub_folder2\\Fipskey.dat.

    If this property is not set, CA GovernanceMinder generates the FIPS key by default.