Layer7 API Management

  • Private Community

  • 1.  Implement PBE

    Posted Oct 24, 2017 04:42 AM

    How implement PBE(Password based encrypt) in API Gateway?Does this need one of the tactical encryption assertions to be used?



  • 2.  Re: Implement PBE
    Best Answer

    Broadcom Employee
    Posted Oct 24, 2017 09:00 PM

    Hello Sonalee ,

    You should be able to use Encode JSON Web Token Assertion to do it, just ignore the JWS tab, put source on General tab, on JWT tab you can use secret(password) when select a symmetric key,

    Encode JSON Web Token Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Regards,

    Mark



  • 3.  Re: Implement PBE

    Posted Oct 25, 2017 01:39 AM

    Thanks Mark,but i do not see option for 3DES with MD5 which is the requirement for us



  • 4.  Re: Implement PBE

    Posted Oct 25, 2017 02:27 AM

    also password should be used to generate a key (for PBE )and not used directly as secret as it may not match the key length as well 



  • 5.  Re: Implement PBE

    Broadcom Employee
    Posted Nov 15, 2017 06:45 PM

    Another assertion to do encryption with a key is called - Symmetric Key Encryption / Decryption Assertion. This assertion needs to be requested through CA Support.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 6.  Re: Implement PBE

    Posted Nov 20, 2017 06:06 AM

    Hi Stephen,

     

    Is Symmetric Key Encryption / Decryption Assertion capable to do something similar to this - Password-based encryption .

    Also what encryption algorithms are supported by this assertion.We need 3DES with MD5

     

    Regards,

    Sonalee Shyam



  • 7.  Re: Implement PBE

    Broadcom Employee
    Posted Nov 22, 2017 06:45 PM

    Sonalee,

     

     

    Excerpt from the documentation around Algorithms used in the assertion:

     

    AES/CBC/PKCS5Padding

    • AES algorithm (either 128, 192 or 256 depending on the size of the key) with CBC block mode and PKCS5Padding

    AES/GCM/NoPadding

    • AES algorithm (either 128, 192 or 256 depending on the size of the key) with GCM mode and NoPadding.

    DES/CBC/PKCS5Padding

    • DES algorithm with CBC block mode and PKCS5Padding

    DESede/CBC/PKCS5Padding

    • Triple DES algorithm with CBC block mode and PKCS5Padding

    PGP

    • Encryption:
      • Key Generation: SHA-512 (Iterated and Salted)
      • Encryption: AES 256 bit
      • Integrity: enabled and using SHA-1 algorithm
      • ASCII Armor: Can be enabled only if encrypting using PGP Public Key
    • Decryption:
      • If the user specifies a Key, the Key is treated as a PGP Private Key and it along with the PGP Pass Phrase are utilized to decrypt the Text.
      • If the integrity bit has been enabled on the encrypted text and it fails verification during the decryption process, the entire process will fail.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 8.  Re: Implement PBE

    Broadcom Employee
    Posted Nov 27, 2017 11:42 AM

    Sonalee,

     

    Did you have any other questions?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support