Defining Algorithm Chains

Access the Algorithm Chain page (PeopleTools > Security > Encryption > Encryption Algorithm Chains).

This example illustrates the fields and controls on the Algorithm Chain page.

 Algorithm Chain page

Although you can select any sequence of algorithms to define a chain, many possible sequences don't work because the cumulative effect of the algorithms doesn't make any sense. You must define sequences of compatible algorithms.

To apply any of the supported algorithms for symmetric encryption, hashing, encoding, or secure messaging, the input data must be in ASCII text format.

Because PeopleSoft stores data in Unicode format, the first algorithm in most chains must be PSUnicodeToAscii when encrypting Unicode strings, and in most chains the last algorithm must be PSAsciiToUnicode when decrypting Unicode strings. However, chains may work better if you omit the PSUnicodeToAscii algorithm as the first step in the chain when encrypting non-Unicode strings, and omit the PSAsciiToUnicode algorithm as the last step in the chain when outputting non-Unicode strings from a decryption.

The following example shows an encryption string with PSUnicodeToAscii omitted as the first step:

3des_ks168_cbc_encrypt
Base64_encode
PSAsciiToUnicode

The following example shows a decryption string with PSAsciiToUnicode omitted as the last step:

PSUnicodeToAscii
Base64_decode
3des_ks168_cbc_decrypt

See Cross Platform Algorithm Chain Considerations.

To define an algorithm chain:

  1. Open an existing algorithm chain or create a new one.

  2. Select the algorithm IDs of the algorithms you want to use in your chain.

    Add a new row for each algorithm. The available algorithms depend on the encryption libraries you previously loaded. You can select the algorithms in any order.

  3. Specify the operation sequence for your algorithm chain.

    Enter a number in the Sequence box for each algorithm. The lowest number designates the first algorithm, and the highest number designates the last. When you save the chain, the rows are resorted according to their sequence numbers.

  4. Save your algorithm chain definition.

Delivered Algorithm Chains

PeopleSoft Encryption Technology includes the following predefined algorithm chains:

Algorithm Chain

Algorithms

3DES CBC B64 ENCRYPT

PSUnicodeToAscii

3des_ks168_cbc_encrypt

base64_encode

PSAsciiToUnicode

3DES CBC B64 DECRYPT

PSUnicodeToAscii

base64_decode

3des_ks168_cbc_decrypt

PSAsciiToUnicode

3DES CBC HEX ENCRYPT

PSUnicodeToAscii

3des_ks168_cbc_encrypt

PSHexEncode

PSAsciiToUnicode

3DES CBC HEX DECRYPT

PSUnicodeToAscii

PSHexDecode

3des_ks168_cbc_decrypt

PSAsciiToUnicode

PKCS7_ENCRYPTED

PSUnicodeToAscii

pkcs7_encrypted_encrypt

PSAsciiToUnicode

PKCS7_DECRYPTED

PSUnicodeToAscii

pkcs7_encrypted_decrypt

PSAsciiToUnicode

PKCS7_ENCRYPTED_SIGNED

PSUnicodeToAscii

pkcs7_signedandencrypted_signandencrypt

PSAsciiToUnicode

PKCS7_DECRYPTED_VERIFY

PSUnicodeToAscii

pkcs7_signedandencrypted_decryptandverify

PSAsciiToUnicode

PGP_ENCRYPTED

PSUnicodeToAscii

pgp_encrypted_encrypt

PSAsciiToUnicode

PGP_DECRYPTED

PSUnicodeToAscii

pgp_encrypted_decrypt

PSAsciiToUnicode

PGP_ENCRYPTED_SIGNED

PSUnicodeToAscii

pgp_signedandencrypted_signandencrypt

PSAsciiToUnicode

PGP_DECRYPTED_VERIFY

PSUnicodeToAscii

pgp_signedandencrypted_decryptandverify

PSAsciiToUnicode

SMIME_DECRYPTED

PSUnicodeToAscii

smime_encrypted_decrypt

PSAsciiToUnicode

SMIME_DECRYPTED_VERIFY

PSUnicodeToAscii

smime_signandencrypt_decryptandverify

PSAsciiToUnicode

SMIME_ENCRYPTED

PSUnicodeToAscii

smime_encrypted_encrypt

PSAsciiToUnicode

SMIME_ENCRYPTED_SIGNED

PSUnicodeToAscii

smime_signandencrypt_signandencrypt

PSAsciiToUnicode