Defining Algorithm Chains
Access the Algorithm Chain page ().
Image: Algorithm Chain page
This example illustrates the fields and controls on the Algorithm Chain page.
Although you can select any sequence of algorithms to define a chain, many possible sequences don't work because the cumulative effect of the algorithms doesn't make any sense. You must define sequences of compatible algorithms.
To apply any of the supported algorithms for symmetric encryption, hashing, encoding, or secure messaging, the input data must be in ASCII text format.
Because PeopleSoft stores data in Unicode format, the first algorithm in most chains must be PSUnicodeToAscii when encrypting Unicode strings, and in most chains the last algorithm must be PSAsciiToUnicode when decrypting Unicode strings. However, Unicode chains may work better if you omit the PSUnicodeToAscii algorithm as the first step in the chain when encrypting Unicode strings, and omit the PSAsciiToUnicode algorithm as the last step in the chain when decrypting Unicode strings.
The following example shows a Unicode encryption string with PSAsciiToAscii omitted as the first step:
3des_ks168_cbc_encrypt
Base64_encode
PSAsciiToUnicodeThe following example shows a Unicode decryption string with PSAsciiToUnicode omitted as the last step:
PSUnicodeToAscii
Base64_decode
3des_ks168_cbc_decryptSee Cross Platform Algorithm Chain Considerations.
To define an algorithm chain:
Open an existing algorithm chain or create a new one.
Select the algorithm IDs of the algorithms you want to use in your chain.
Add a new row for each algorithm. The available algorithms depend on the encryption libraries you previously loaded. You can select the algorithms in any order.
Specify the operation sequence for your algorithm chain.
Enter a number in the Sequence box for each algorithm. The lowest number designates the first algorithm, and the highest number designates the last. When you save the chain, the rows are resorted according to their sequence numbers.
Save your algorithm chain definition.
Delivered Algorithm Chains
PeopleSoft Encryption Technology includes the following predefined algorithm chains:
|
Algorithm Chain |
Algorithms |
|---|---|
|
3DES CBC B64 ENCRYPT |
PSUnicodeToAscii 3des_ks168_cbc_encrypt base64_encode PSAsciiToUnicode |
|
3DES CBC B64 DECRYPT |
PSUnicodeToAscii base64_decode 3des_ks168_cbc_decrypt PSAsciiToUnicode |
|
3DES CBC HEX ENCRYPT |
PSUnicodeToAscii 3des_ks168_cbc_encrypt PSHexEncode PSAsciiToUnicode |
|
3DES CBC HEX DECRYPT |
PSUnicodeToAscii PSHexDecode 3des_ks168_cbc_decrypt PSAsciiToUnicode |
|
PKCS7_ENCRYPTED |
PSUnicodeToAscii pkcs7_encrypted_encrypt PSAsciiToUnicode |
|
PKCS7_DECRYPTED |
PSUnicodeToAscii pkcs7_encrypted_decrypt PSAsciiToUnicode |
|
PKCS7_ENCRYPTED_SIGNED |
PSUnicodeToAscii pkcs7_signedandencrypted_signandencrypt PSAsciiToUnicode |
|
PKCS7_DECRYPTED_VERIFY |
PSUnicodeToAscii pkcs7_signedandencrypted_decryptandverify PSAsciiToUnicode |
|
PGP_ENCRYPTED |
PSUnicodeToAscii pgp_encrypted_encrypt PSAsciiToUnicode |
|
PGP_DECRYPTED |
PSUnicodeToAscii pgp_encrypted_decrypt PSAsciiToUnicode |
|
PGP_ENCRYPTED_SIGNED |
PSUnicodeToAscii pgp_signedandencrypted_signandencrypt PSAsciiToUnicode |
|
PGP_DECRYPTED_VERIFY |
PSUnicodeToAscii pgp_signedandencrypted_decryptandverify PSAsciiToUnicode |
|
SMIME_DECRYPTED |
PSUnicodeToAscii smime_encrypted_decrypt PSAsciiToUnicode |
|
SMIME_DECRYPTED_VERIFY |
PSUnicodeToAscii smime_signandencrypt_decryptandverify PSAsciiToUnicode |
|
SMIME_ENCRYPTED |
PSUnicodeToAscii smime_encrypted_encrypt PSAsciiToUnicode |
|
SMIME_ENCRYPTED_SIGNED |
PSUnicodeToAscii smime_signandencrypt_signandencrypt PSAsciiToUnicode |