Crypto-Agility for Data Storage

Several of the cores now support crypto agility.

Each core uses a set of parameters in the [corename].properties file.

#############################

# Crypto-agility - keystore #

#############################

#Key Generator (example AES)

crypto.keygenType = AES

#Cipher Type (example AES/GCM/NoPadding)

crypto.cipherType = AES/GCM/NoPadding

#KeySize

crypto.keySize = 128

#No of iterations in keystore

crypto.iterations = 100000

This currently applies to Cayan, Ocius Sentinel, Paybylink, Paypal, and Tenderretail cores.

Currently shipping with the default settings above. The main improvement over existing default settings are to increase the number of iterations of encryption.

A mechanism has been provided to change the algorithm by running a command from the prompt with parameters including keystore location and encryption properties to use. Full details of crypto-agility commends for each core is included in the Oracle Retail EFTLink Core Configuration Guide.