Overview

In IBM Cúram Social Program Management cryptography refers broadly to two types of functionality related to keeping your Cúram systems safe and secure:

1. ciphers - for two-way encryption of passwords used at various processing points
2. digests - for one-way hashing (or digesting) of passwords; e.g. used at login

The values for configuring cryptographic behavior are user-selectable via a property file (CryptoConfig.properties) to provide you with the most control and security possible for your Cúram installation. This flexibility provides the capability to adjust to changing security standards. See Customizing Cryptography for details on how to configure and customize cryptography.

For any IBM Cúram Social Program Management users migrating for the first time to a level of Cúram that has this level of cryptographic support, which was introduced in version 6.0.5.0, it is recommended that you upgrade system (new cipher) and user (new digest) passwords from the existing out-of-the-box (OOTB) defaults to improve your security.

Supported cryptographic configurations are:

1. AES: 128, 192, 256 (FIPS 140-2 and SP800-131a compliant);
2. Two-key Triple DES - DESede: 112 (FIPS 140-2 compliant);
3. Three-key Triple DES - DESede: 168 (FIPS 140-2 and SP800-131a compliant);
4. No cryptography configuration, which is configured by removing the CryptoConfig.properties file in which case Cúram will revert to its previous OOTB crypto settings.

In the environment where Cúram runs, the application server, database, and other software (e.g. web server, LDAP, etc.) will have its own cryptographic support and you should refer to the relevant vendor's documentation as is appropriate to you.