Question
new jersey courts
US
Last activity: 12 Sep 2017 16:30 EDT
Didnt see Pega provided sample Cipher choices in our JVM environment
we have run below command in our environment & it's giving the available choices with JVM, but I didn't see the pega provided default choices with my environment except keylength.
runPega.bat --driver D:\Shared\CipherMechanisam\WEB-INF\lib\ojdbc6.jar --prweb
D:\Shared\CipherMechanisam\ --propfile D:\Shared\CipherMechanisam\WEB-
INF\classes\prbootstrap.properties com.pega.pegarules.exec.internal.util.crypto.JCECapabilities none
-
transform [DESede] :SKIPJACK/ECB/PKCS7Padding
-
key length [112] : 128
-
provider [null] :BC
Even the 1 & 3 arguments not existed in our environment, if I pass them, it works. could you please assist us brief how it works.
Actually we are in the preparation of create new cipher implementation for our environments, in that case what should be the values for these arguments ?
please help.
Thanks,
Rohith
***Moderator Edit: Vidyaranjan | Updated Categories***
Accepted Solution
Infosys Technologies
NL
Hi Rohit,
If you follow the above steps, you will generate a ".java" file, after which you would be
1. Generating a class file and package that into a JAR file and Load it to the database.
2. Once the class which is part of the JAR file is loaded to the database, you will configure that class to be your "Custom" cipher, by using prconfig / DSS settings.
All the above steps are to generate a custom cipher, which can be used to encrypt "TextEncrypted" properties.
Infosys Technologies
NL
Hi Rohit,
You may use AES and 256 as the 1st and 2nd arguments and you may ignore the last argument.
AES 256 is the strongest available site specific cipher supported by Pega. Please let me know if you need anymore information.
new jersey courts
US
Thanks for your quick response.
So if I can follow the below steps, in 1st step, I will get available options with the JVM and at 2, will provide the 1st and 2nd argument then it will generate a java script. the generated java script is still sample which pega providing ?, can we use this in PROD
Step 1:
runPega.bat --driver D:\Shared\CipherMechanisam\WEB-INF\lib\ojdbc6.jar --prweb
D:\Shared\CipherMechanisam\ --propfile D:\Shared\CipherMechanisam\WEB-
INF\classes\prbootstrap.properties com.pega.pegarules.exec.internal.util.crypto.JCECapabilities none
Step 2:
runPega.bat --driver D:\Shared\CipherMechanisam\WEB-INF\lib\ojdbc6.jar --prweb
D:\Shared\CipherMechanisam\ --propfile D:\Shared\CipherMechanisam\WEB-
INF\classes\prbootstrap.properties com.pega.pegarules.exec.internal.util.crypto.PRCipherGenerator
Accepted Solution
Infosys Technologies
NL
Hi Rohit,
If you follow the above steps, you will generate a ".java" file, after which you would be
1. Generating a class file and package that into a JAR file and Load it to the database.
2. Once the class which is part of the JAR file is loaded to the database, you will configure that class to be your "Custom" cipher, by using prconfig / DSS settings.
All the above steps are to generate a custom cipher, which can be used to encrypt "TextEncrypted" properties.
new jersey courts
US
And also, reg: 256 bit, I can see in my environment available options " AES/256bit key failed - unrestricted policy files have not been installed"
Can you also let me know how we can place this mechanism as this is missed
Infosys Technologies
NL
Hi Rohit,
Please refer the below article on how to install the policy files.
You may download the files for JRE7 from the link below.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
new jersey courts
US
Thanks Habeeb. screen shots was very helpful for us. If we want to place our own cipher in the environment, what is the process which I need to follow.
please suggest.
new jersey courts
US
Thanks Sudhakar for quick response. we have a new project coming up & in this project cases will be having confidential information, so they want more efficient cipher mechanism in place. what will be the pega suggestion to generate own cipher, we need inputs in generating cipher for on our own. Even if we want to apply our own cypher still command execution is same.
Sorry, if I am not getting you here, am very new to this area.
JPMorgan Chase & Company
US
Hi,
I would recommend to you go through below pdn article, this can used in irrespective of the environment.
https://pdn.pega.com/implementing-encryption-pega-platform/implementing-encryption-pega-platform