How to setup the algorithm suite for a Governance Control (GC) in TIBCO ActiveMatrix® Policy Director(PD).
Article ID: KB0085999
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Policy Director | - |
| Not Applicable | - |
Description
Resolution:
Description
=======
The algorithm suite cannot be setup while configuring a Governance Control via the UI. By default, PD always uses SHA-256 for signatures. Note that the Certificate's signature is irrelevant since it is signed by someone else (the CA). The reason for the default (SHA-256) is NIST's http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf of January 2011 at pg. 13.
SHA1's use for
Digital signature generation.
Acceptable through 2010.
Deprecated from 2011 through 2013.
Disallowed after 2013.
And
Digital signature verification.
Acceptable through 2010 Legacy-use after 201.Resolution
===========
Use the CLI (Command Line Interface) to create the policy and select the algorithm suite you prefer. In the case of an embedded policy, set the algorithm suite to use, for example, <wssp:AlgorithmSuite><wssp:Basic256Rsa15/></wssp:AlgorithmSuite>
Issue/Introduction
How to setup the algorithm suite for a Governance Control (GC) in TIBCO ActiveMatrix® Policy Director(PD).
Feedback
Yes
No
Powered by
