E-Business Server:How to set the Cipher that will be used for key generation and conventional encryption processes

From SDS
Jump to navigation Jump to search



How to set the Cipher that will be used for key generation and conventional encryption processes

Technical Articles ID: SDSKB16


Environment
E-Business Server 8.x and 7.x


Problem
Setting the Cipher that will be used for key generation and conventional encryption processes.


Solution
To set the Cipher used for key generation and conventional encryption processes, edit the PGP.CFG file and modify the Cipher entry:CIPHER=<cipher option>(where <cipher option> is valid Cipher option (see below))The following is an example excerpt from a PGP.CFG file showing the Cipher set to 3DES:

# ------ CIPHER ------
# This setting specifies the symmetric cipher preference stored in
# new keys or on keys when the self-signature or passphrase is
# changed.
#
# This setting is also used during conventional encryption, however
# SDA and PGParchive creation always use CAST5.
#
# This setting does not apply to RSAv3 (RSA-LEGACY) keys - IDEA is
# always used when encrypting to such keys.
#
# Valid options are:
# IDEA
# 3DES
# CAST5
# AES128
# AES192
# AES256
# Twofish
#
CIPHER = 3DES

NOTE: Changing the Cipher in the pgp.cfg file will not change the Cipher on keys that have all ready been created before the modification was made. If you want a keypair using the new Cipher you will need to go through the key generation process after the change has been made to the Cipher entry.