Configure properties for customer-supplied keys

Versão de lançamento: Australia

Atualizado 12 de mar. de 2026

1 min. de leitura

If the Field Encryption Enterprise plugin is enabled, you can use system properties to define key padding, ephemeral key pair size, and a key validity period of your customer-supplied keys.

Field Encryption Enterprise with Key Management lets you manage the full key lifecycle of your data encryption keys. Optionally, you can securely exchange data encryption keys generated within your environment.

Platform Encryption with Key Management lets you manage the full key life cycle of your data encryption keys. Optionally, you can securely exchange data encryption keys generated within your environment.

System properties for defining key-pair attributes

When you provide your own key, you must wrap it with the RSA public key. Three properties define the size, padding algorithm, and validity period of the wrapping RSA key pair:

glide.kmf.ephemeral_key.key_padding controls the key padding scheme for the ephemeral key. The default scheme is OAEP SHA256, but SHA1 is also supported.
glide.kmf.ephemeral_key.key_size controls the key size of the ephemeral key pair. The default is 4096 bits, but 2048 bits are also supported.
glide.kmf.ephemeral_key.key_validity_period defines the period for which the ephemeral key pair is valid. The default value is two hours.

After the data encryption key is imported to the instance, a secure wrapping key protects new module keys on the instance. The wrapping key is an instance key encryption key (IKEK) generated by a hardware security module (HSM) on SafeNet KeySecure. See Instance level keys in the Key Management Framework for details in key types.

Continue to Wrap your customer-supplied key.