Crypto Manager

The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

Dependencies

Crypto Managers depend on the following objects:

Basic Properties

key-manager-provider

SynopsisThe name of the key manager containing the master key-pair and any deprecated master key.
DescriptionThe master key, which is identified using the "master-key-alias" property, will be used for encrypting secrets that are generated and distributed across the deployment. Master keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The alias must correspond to a PrivateKeyEntry in the keystore and is typically an RSA key-pair.
Default Value

None

Allowed Values

The name of an existing Key Manager Provider .

The referenced key manager provider must be enabled.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

key-wrapping-transformation

SynopsisThe preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.
Default Value

RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

Allowed Values

A string.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change.

Advanced

No

Read-Only

No

master-key-alias

SynopsisThe alias of the master key-pair which should be used for encrypting secrets that are generated and distributed across the deployment.
DescriptionMaster keys may be periodically rotated, but should never be removed from the referenced key manager because they may still be needed for decryption. The master key alias reference a PrivateKeyEntry in the keystore which is typically an RSA key-pair.
Default Value

None

Allowed Values

A string.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

Advanced Properties

Use the --advanced option to access advanced properties.

cipher-key-length

SynopsisSpecifies the key length in bits for the preferred cipher.
Default Value

128

Allowed Values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-Only

No

cipher-transformation

SynopsisSpecifies the cipher for the directory server using the syntax algorithm/mode/padding.
DescriptionThe full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
Default Value

AES/CBC/PKCS5Padding

Allowed Values

A string.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-Only

No

digest-algorithm

SynopsisSpecifies the preferred message digest algorithm for the directory server.
Default Value

SHA-256

Allowed Values

A string.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately and only affect cryptographic operations performed after the change.

Advanced

Yes

Read-Only

No

mac-algorithm

SynopsisSpecifies the preferred MAC algorithm for the directory server.
Default Value

HmacSHA256

Allowed Values

A string.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-Only

No

mac-key-length

SynopsisSpecifies the key length in bits for the preferred MAC algorithm.
Default Value

128

Allowed Values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-Only

No

Read a different version of :