Defining Algorithm Keysets

Access the Algorithm Keyset page (PeopleTools > Security > Encryption > Algorithm Keyset).

Specify an algorithm ID or description to view the keyset of any algorithm in the database.

Each row displays a key value. You can add, modify, or remove key values.

Field or Control	Definition
Keyset ID	Enter a name for the key value in the current row. Each row must have a unique keyset ID for this algorithm.
Use Certificate Store Value	This option enables you to take advantage of key values already stored in the PeopleSoft keystore. Select a certificate alias from the keystore, then indicate whether the alias represents a certificate or a private key. Important! The certificate must be a local node certificate. Warning! Certificates in the PeopleSoft keystore are in standard X.509 format, which is compatible for use with the internal and OpenSSL algorithms, but is not compatible with the PGP encryption library. If you're defining the keyset for a PGP algorithm, you must select the Use Entered Value radio button.
Use Entered Value	Select this option to use key values that aren't in the PeopleSoft keystore. Enter a key value that's formatted appropriately for the algorithm that you're configuring. This value will be entered into the PET keyset table, not the PeopleSoft keystore. The value that you enter has a length that depends on the keysize of the cipher. For triple DES with keysize 112, this is 16 bytes. For a keysize of 168, this is 24 bytes. This value should be represented in hex notation. You must generate the key value that you enter here. You can use any third-party key generation utility capable of producing hex encoded keys of the required length for the algorithm that you are using. Using a key generation utility is not a requirement. You can build a hex encoded string manually by stringing together any combination of the numbers (0-9) and letters (A-F) to the appropriate length. Note: The key value that you enter here is stored in the PET keyset table using a combination of the algorithm ID and the keyset ID as its identifier. Because this combination is unique for each algorithm, you can create identically defined keyset rows for multiple algorithms.

Field or Control

Definition

Keyset ID

Enter a name for the key value in the current row. Each row must have a unique keyset ID for this algorithm.

Use Certificate Store Value

This option enables you to take advantage of key values already stored in the PeopleSoft keystore. Select a certificate alias from the keystore, then indicate whether the alias represents a certificate or a private key.

Important! The certificate must be a local node certificate.

Warning! Certificates in the PeopleSoft keystore are in standard X.509 format, which is compatible for use with the internal and OpenSSL algorithms, but is not compatible with the PGP encryption library. If you're defining the keyset for a PGP algorithm, you must select the Use Entered Value radio button.

Use Entered Value

Select this option to use key values that aren't in the PeopleSoft keystore. Enter a key value that's formatted appropriately for the algorithm that you're configuring. This value will be entered into the PET keyset table, not the PeopleSoft keystore.

The value that you enter has a length that depends on the keysize of the cipher. For triple DES with keysize 112, this is 16 bytes. For a keysize of 168, this is 24 bytes. This value should be represented in hex notation.

You must generate the key value that you enter here. You can use any third-party key generation utility capable of producing hex encoded keys of the required length for the algorithm that you are using.

Using a key generation utility is not a requirement. You can build a hex encoded string manually by stringing together any combination of the numbers (0-9) and letters (A-F) to the appropriate length.

Note: The key value that you enter here is stored in the PET keyset table using a combination of the algorithm ID and the keyset ID as its identifier. Because this combination is unique for each algorithm, you can create identically defined keyset rows for multiple algorithms.