Create a cryptographic specification
After you create a cryptographic module, create a cryptographic specification to define the module algorithms.
Before you begin
Role required: sn_kmf.cryptographic_manager
Procedure
-
On the Crypto Specifications tab, select New.
-
Complete the Algorithm Definition form.
See Cryptographic specification for details.
The algorithm definition screen opens. Select options for the key generation. Repeat this step to generate multiple keys for the selected crypto module.
Table 1. Algorithm Definition fields Field Crypto module Read only. Name of the selected cryptographic module displays. Crypto purpose Select the purpose of this module. For example, you might use it for data encryption, signature generation, or key wrapping. The available algorithms adjust based on the selected crypto purpose. See Cryptographic specification for details. Algorithm Type of algorithm used to accomplish the crypto purpose. The algorithm also controls the key origin. Adjusts automatically based on the selected crypto purpose. Cryptographic specification for details. Operation mode This field may display based on the selected crypto purpose. Size Select the bit size. Hash This field becomes available based on the algorithm selected. Equality preserving Enables non-deterministic encryption.
This option appears when you select Symmetric Data Encryption/Decryption with AES and in Cipher Block Chaining (CBC) mode.
Selecting this option means that if the same data is encrypted again the encoded data is the same each time. Non-deterministic encryption doesn’t support filtering a list of encrypted data using equality comparison operators.
Integrity GCM operation mode provides Integrity.
What to do next
Perform one of the following operations:
- Select an entry in the Key Lifecycle table to define key lifecycle behavior. See Configure key lifecycle states for details to complete the lifecycle definition for the key.
- Select Next to create a cryptographic key. See one of the following tasks for key generation: