Configure properties for customer-supplied keys
If the Column Level Encryption Enterprise plugin is enabled, you can use system properties to define key padding, ephemeral key pair size, and a key validity period of your customer-supplied keys.
Column Level Encryption Enterprise with Key Management lets you manage the full key lifecycle of your data encryption keys. Optionally, you can securely exchange data encryption keys generated within your environment.
Note:
After the data encryption
key is imported to the instance, a secure wrapping key protects new module keys on the instance.
The wrapping key is an instance key encryption key (IKEK) generated by a hardware security
module (HSM) on SafeNet KeySecure. See Instance level keys in the Key Management Framework for details in key
types.This properties in this topic only apply to Column Level Encryption Enterprise
functionality. Column Level Encryption Enterprise functionality is available only when the
com.glide.now.platform.encryption plugin is active. See Activate Column Level Encryption Enterprise for more
information on obtaining Column Level Encryption Enterprise.
When you provide your own key, you must wrap it with the RSA public key. Three properties
define the size, padding algorithm, and validity period of the wrapping RSA key pair:
- glide.kmf.ephemeral_key.key_padding controls the key padding scheme for the ephemeral key. The default scheme is OAEP SHA256, but SHA1 is also supported.
- glide.kmf.ephemeral_key.key_size controls the key size of the ephemeral key pair. The default is 4096 bits, but 2048 bits are also supported.
- glide.kmf.ephemeral_key.key_validity_period defines the period for which the ephemeral key pair is valid. The default value is two hours.
Continue to Wrap your customer-supplied key.