The data types Crypto and CryptoX are used to encrypt passwords and other types of confidential information. You use security properties to specify security levels for your organization, such as the data that must be encrypted and can be decrypted.
Parameters identified as mxe.security.crypto are for the CRYPTO maxtype. These parameters identify the attributes that can be encrypted and decrypted.
Parameters identified as mxe.security.cryptox are for the CRYPTOX maxtype. These parameters identify the attributes that can be encrypted, but not decrypted. These maxtypes have their own means of encryption, the parameters for which are defined in the properties file.
Property | Description | Default value |
---|---|---|
mxe.sec.adduser.maxsets | Represents the maximum number of concurrent sets allowed for user self registration. |
20 |
mxe.sec.allowedIP | A comma-delimited list of IP addresses that must not be blocked. |
|
mxe.sec.forgotpassword.maxsets | Represents the maximum number of concurrent sets allowed for a forgotten password. |
20 |
mxe.sec.IPblock | Performs security checks related to IP blocking. |
1 |
mxe.sec.IPblock.MatchBoth | Matches both the client host and the client address when you check for clients that are blocked. |
1 |
mxe.sec.IPblock.num | Represents the maximum number of incorrect login attempts allowed per number of seconds. |
50 |
mxe.sec.IPblock.sec | Represents the time in seconds required for the IP blocking limit check. |
30 |
mxe.security.crypto.algorithm | Identifies the attributes that can be encrypted and decrypted. Algorithm is the basic type of encryption that is used. This property can override the algorithm default value DESed. |
|
mxe.security.crypto.key | Identifies the attributes that can be encrypted and decrypted. The length of this property must be a multiple of 24. |
|
mxe.security.crypto.mode | Identifies the attributes that can be encrypted and decrypted. The following mode components are valid:
|
|
mxe.security.crypto.modulus | Identifies the attributes that can be encrypted and decrypted. Modulus is used only for the RSA algorithm. |
|
mxe.security.crypto.padding | Identifies the attributes that can be encrypted and decrypted. The following padding components are valid:
|
|
mxe.security.crypto.spec | Identifies the attributes that can be encrypted and decrypted. The length of this property must be a multiple of 8. |
|
mxe.security.cryptox.algorithm | Identify the attributes that can be encrypted, but not decrypted. Algorithm is the basic type of encryption that is used. This property can override the algorithm default value (DESede). |
|
mxe.security.cryptox.key | Identify the attributes that can be encrypted, but not decrypted. The length of this property must be a multiple of 24. |
|
mxe.security.cryptox.mode | Identify the attributes that can be encrypted, but not decrypted. The following mode components are valid:
|
|
mxe.security.cryptox.modulus | Identify the attributes that can be encrypted, but not decrypted. Modulus is used only for the RSA algorithm. |
|
mxe.security.cryptox.padding | Identify the attributes that can be encrypted, but not decrypted. The following padding components are valid:
|
|
mxe.security.cryptox.spec | Identify the attributes that can be encrypted, but not decrypted. The length of this property must be a multiple of 8. |
|
mxe.security.provider | Represents the security provider which is obtained from the policy file. The security provider is usually com.ibm.crypto.provider.IBMJCE. To use a different provider, you can specify a value for this parameter. |