Configuration Reference Home
Oracle Unified Directory - Crypto Manager

Crypto Manager

The Crypto Manager provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations.

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ key-wrapping-transformation ↓ cipher-key-length
↓ ssl-cert-nickname ↓ cipher-transformation
↓ ssl-cipher-suite ↓ digest-algorithm
↓ ssl-encryption ↓ mac-algorithm
↓ ssl-protocol ↓ mac-key-length

Basic Properties

key-wrapping-transformation

Description
The preferred key wrapping transformation for the Directory Server. This value must be the same for all server instances in a replication topology.
Default Value
RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change.
Advanced Property
No
Read-only
No

ssl-cert-nickname

Description
Specifies the nickname (also called the alias) of the certificate that the Crypto Manager should use when performing SSL communication. This is only applicable when the Crypto Manager is configured to use SSL.
Default Value
Let the server decide.
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
The Crypto Manager must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
No
Read-only
No

ssl-cipher-suite

Description
Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.
Default Value
Uses the default set of SSL cipher suites provided by the server's JVM.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.
Advanced Property
No
Read-only
No

ssl-encryption

Description
Specifies whether SSL/TLS is used to provide encrypted communication between two Oracle Unified Directory server components.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.
Advanced Property
No
Read-only
No

ssl-protocol

Description
Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.
Default Value
Uses the default set of SSL protocols provided by the server's JVM.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.
Advanced Property
No
Read-only
No


Advanced Properties

cipher-key-length

Description
Specifies the key length in bits for the preferred cipher.
Default Value
128
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
Advanced Property
Yes
Read-only
No

cipher-transformation

Description
Specifies the cipher for the Directory Server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
Default Value
AES/CBC/PKCS5Padding
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
Advanced Property
Yes
Read-only
No

digest-algorithm

Description
Specifies the preferred message digest algorithm for the Directory Server.
Default Value
SHA-1
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately and only affect cryptographic operations performed after the change.
Advanced Property
Yes
Read-only
No

mac-algorithm

Description
Specifies the preferred MAC algorithm for the Directory Server.
Default Value
HmacSHA1
Allowed Values
A String
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
Advanced Property
Yes
Read-only
No

mac-key-length

Description
Specifies the key length in bits for the preferred MAC algorithm.
Default Value
128
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
Advanced Property
Yes
Read-only
No