Overview

In IBM Cúram Social Program Management cryptography refers broadly to two types of functionality related to keeping your Cúram systems safe and secure:

1. ciphers - for two-way encryption of passwords used at various processing points
2. digests - for one-way hashing (or digesting) of passwords; e.g. used at login

The values for configuring cryptographic behavior are user-selectable via a property file (CryptoConfig.properties) to provide you with the most control and security possible for your Cúram installation. This flexibility provides the capability to adjust to changing security standards. See Customizing Cryptography for details on how to configure and customize cryptography.

For existing users of IBM Cúram Social Program Management it is recommended that you upgrade system (new cipher) and user (new digest) passwords from the existing out-of-the-box (OOTB) defaults to improve your security. Since upgrading user passwords is a more substantial change; you can make these two changes independently as described in the related topics. You can, if you are willing to accept a reduced level of security, at your own risk, choose to leave existing system and user passwords as-is, but this is not recommended.

Supported cryptographic configurations are:

1. AES: 128, 192, 256 (FIPS 140-2 and SP800-131a compliant);
2. Two-key Triple DES - DESede: 112 (FIPS 140-2 compliant);
3. Three-key Triple DES - DESede: 168 (FIPS 140-2 and SP800-131a compliant);
4. No cryptography configuration, which is configured by removing the CryptoConfig.properties file in which case Cúram will revert to its previous OOTB crypto settings.

In the environment where Cúram runs, the application server, database, and other software (e.g. web server, LDAP, etc.) will have its own cryptographic support and you should refer to the relevant vendor's documentation as is appropriate to you.