The algorithm name is added to the encrypted text as a prefix and it informs CA IdentityMinder which algorithm was used for encryption.
In FIPS mode, the prefix is {AES}. For example, if you encrypt the text "password", the encrypted text is similar to the following example:
{AES}:eolQCTq1CGPyg6qe++0asg==
In non-FIPS mode (or JSAFE mode), depending on the algorithm, the prefix (algorithm tag) is {PBES} or {RC2}. For example, if you encrypt the text "password", the encrypted text is similar to this:
{PBES}:gSex2/BhDGzEKWvFmzca4w==
You can create dynamic keys using the Secret Keys task under System. If you define dynamic keys, the Key ID is inserted between an algorithm tag and tag delimiter (‘:’). The absence of a Key ID in the encrypted data indicates that hard-coded key was used for encryption. This can be used for backward compatibility or if no dynamic keys are defined for the given algorithm.
|
Copyright © 2013 CA.
All rights reserved.
|
|