Defining Algorithm Chains

Access the Algorithm Chain page (PeopleTools > Security > Encryption > Encryption Algorithm Chains).

The page changes depending upon whether the algorithm chain is being used by any encryption profile.

This example illustrates the fields and controls on the Algorithm Chain page for an algorithm chain used in an encryption profile.

This example illustrates the fields and controls on the Algorithm Chain page for an algorithm chain not used in an encryption profile.

Field or Control	Description
Algorithm ID	The grid lists the algorithms included in the chain and their sequence number. Click the plus button to add algorithms.
Profiles using this Chain	This grid appears for algorithm chains that are used in an encryption profile. The page displays all encryption profiles that are implemented using this algorithm chain. Select the Encryption Profile ID link to open the Administer Encryption Profile page for the selected profile.
Delete	You can only delete chains that are not used by any encryption profile.

Field or Control

Description

Algorithm ID

The grid lists the algorithms included in the chain and their sequence number. Click the plus button to add algorithms.

Profiles using this Chain

This grid appears for algorithm chains that are used in an encryption profile.

The page displays all encryption profiles that are implemented using this algorithm chain. Select the Encryption Profile ID link to open the Administer Encryption Profile page for the selected profile.

Delete

You can only delete chains that are not used by any encryption profile.

Considerations for Unicode and ASCII Text Formats

Although you can select any sequence of algorithms to define a chain, many possible sequences don't work because the cumulative effect of the algorithms doesn't make any sense. You must define sequences of compatible algorithms.

To apply any of the supported algorithms for symmetric encryption, hashing, encoding, or secure messaging, the input data must be in ASCII text format.

Because PeopleSoft stores data in Unicode format, the first algorithm in most chains must be PSUnicodeToAscii when encrypting Unicode strings, and in most chains the last algorithm must be PSAsciiToUnicode when decrypting Unicode strings. However, chains may work better if you omit the PSUnicodeToAscii algorithm as the first step in the chain when encrypting non-Unicode strings, and omit the PSAsciiToUnicode algorithm as the last step in the chain when outputting non-Unicode strings from a decryption.

The following example shows an encryption string with PSUnicodeToAscii omitted as the first step:

3des_ks168_cbc_encrypt
Base64_encode
PSAsciiToUnicode

The following example shows a decryption string with PSAsciiToUnicode omitted as the last step:

PSUnicodeToAscii
Base64_decode
3des_ks168_cbc_decrypt

See Cross Platform Algorithm Chain Considerations.

Defining an Algorithm Chain

To define an algorithm chain:

Open an existing algorithm chain or create a new one.
Select the algorithm IDs of the algorithms you want to use in your chain.
Add a new row for each algorithm. The available algorithms depend on the encryption libraries you previously loaded. You can select the algorithms in any order.
Specify the operation sequence for your algorithm chain.
Enter a number in the Sequence box for each algorithm. The lowest number designates the first algorithm, and the highest number designates the last. When you save the chain, the rows are resorted according to their sequence numbers.
Save your algorithm chain definition.

Reviewing Delivered Algorithm Chains

PeopleSoft Encryption Technology includes the following predefined algorithm chains:

Algorithm Chain	Algorithms
3DES CBC B64 ENCRYPT	PSUnicodeToAscii 3des_ks168_cbc_encrypt base64_encode PSAsciiToUnicode
3DES CBC B64 DECRYPT	PSUnicodeToAscii base64_decode 3des_ks168_cbc_decrypt PSAsciiToUnicode
3DES CBC HEX ENCRYPT	PSUnicodeToAscii 3des_ks168_cbc_encrypt PSHexEncode PSAsciiToUnicode
3DES CBC HEX DECRYPT	PSUnicodeToAscii PSHexDecode 3des_ks168_cbc_decrypt PSAsciiToUnicode
PKCS7_ENCRYPTED	PSUnicodeToAscii pkcs7_encrypted_encrypt PSAsciiToUnicode
PKCS7_DECRYPTED	PSUnicodeToAscii pkcs7_encrypted_decrypt PSAsciiToUnicode
PKCS7_ENCRYPTED_SIGNED	PSUnicodeToAscii pkcs7_signedandencrypted_signandencrypt PSAsciiToUnicode
PKCS7_DECRYPTED_VERIFY	PSUnicodeToAscii pkcs7_signedandencrypted_decryptandverify PSAsciiToUnicode
SMIME_DECRYPTED	PSUnicodeToAscii smime_encrypted_decrypt PSAsciiToUnicode
SMIME_DECRYPTED_VERIFY	PSUnicodeToAscii smime_signandencrypt_decryptandverify PSAsciiToUnicode
SMIME_ENCRYPTED	PSUnicodeToAscii smime_encrypted_encrypt PSAsciiToUnicode
SMIME_ENCRYPTED_SIGNED	PSUnicodeToAscii smime_signandencrypt_signandencrypt PSAsciiToUnicode
SMIME_VERIFY	PSUnicodeToAscii base64_decode smime_signed_verify PSAsciiToUnicode