Configure properties for customer-supplied key

Yokohama Platform security

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Configure properties for customer-supplied key

Release version: Yokohama

Updated January 31, 2025

1 minute to read

Review the system properties for the ephemeral public wrapping key that your instance uses to unwrap customer-supplied keys.

Before you begin

Role required: KMF Admin or KMF Cryptographic Operator

About this task

You must wrap your symmetric data encryption key with a ServiceNow ephemeral public wrapping key before you can upload it to your instance.

When your key is uploaded to your instance, the instance unwraps it using the private side of the public key.

You can use system properties on your instance to define key padding, ephemeral key pair size, and a key validity period for this ephemeral public key.


System Property	Description	Default value
glide.kmf.ephemeral_key.key_padding	Key padding scheme for the ephemeral key.	`OAEPWithSHA256AndMGF1Padding` OAEP SHA256, but SHA1 is supported.
glide.kmf.ephemeral.key_size	Key size of the ephemeral key pair.	`4096` 4096 bits, but 2048 bits are also supported.
Glide.kmf.ephemeral_key.key_validity_period	Period for which the ephemeral key pair is valid.	`02:00:00` 2 Hours

Procedure

Contact ServiceNow Support if you need to change any of these properties.

Note:

These system properties are not visible to admins, and do not appear in the System properties [sys_properties] list. Use the table above to see their default values.

What to do next

Once your properties are configured to your needs, proceed to Wrap your customer-supplied key.