Details on Database Authentication Encryption

book

Article ID: 186066

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

Could you please share additional details on the following items?

  1. In GT DataMaker and CA TDM Portal,  please explain how the connections will be encrypted for each database-type(Oracle, DB2 etc.) connection in the connection profiles?
  2. Please explain how, where, and what kind of encryption method is used on GT DataMakar and CA TDM Portal for storing the connection credentials?

 

Environment

Release : 4.6

Component : CA Test Data Manager

Resolution

Engineering reviewed the gtrep repository database for TDM. The passwords are stored in the repository using AES-128 encryption. Below is a spreadsheet showing the details of the encryption mechanism used.

ENCRYPTION ALGORITHMS
Algorithm Type Proprietary? Key Strength (bits) Specific Implementations Link to Public Domain Code Products Using Purpose Modifications
Language Details
AES-128 Symmetric N 128 (code supports 192-bit and 256-bit keys but is a build configuration) C++ Rijndael, Chained-Block-Cipher (CBC) mode with randomized Initialization Vector (IV) (16-byte blocks) http://www.wizardwrx.com/FREEBIES/P6CryptAES.html Datamaker Authentication (Password storage) Inserted into own DLL - aes_dll.dll
Small modifications to handle multi-byte data from PowerBuilder code (char to wchar conversions added)
AgileDesigner Authentication (Password transmission from Datamaker and to Service Layer (symmetric))
Test Matching Authentication (Transmission of credentials to Remote Engine (data source string is symmetrically encrypted))
Service Layer Authentication (Password storage and transmission)
Remote Engine Authentication (Password transmission)
Javelin Authentication (Password storage in XAML)
128 C# CBC, PCKS7 Padding, salt according to RFC2898   Javelin Authentication (Password transmission from Subset)  
128 Java CBC, PCKS7 Padding, salt according to RFC2898   Subset Authentication (Password transmission to Javelin)  
128 Java Rijndael, Chained-Block-Cipher (CBC) mode with randomized Initialization Vector (IV)   None.   Straight conversion from C++ codebase.
  128 Java Uses sdtandard javax.crypto packages, using algorithm "AES"   FastDataMasker Masking of data, and masking of cross-reference table (as an option)  
AES-256 Symmetric N 256 C++ Comes as part of 7Zip.   AgileDesigner IP protection (keep file contents and structures secret)  
ElGamal Asymmetric N 384 (code supports 8- and 1088-bit keys but only through code changes) C# Standard ElGamal, using a Diffie-Hellman key exchange process. Random number generation is done using System.Random class.   Service Layer (beta) Providing secure authentication between client and service layer. Needs adaptation to use a provable prime generator (currently uses pseudoprime generator, causing a 5% residual fault rate)
DES Symmetric N 56 Java Uses standard javax.crypto packages, using algorithm "PBEWithMD5AndDES"   Subset Authentication (Password storage)  
FastDataMasker Masking of data; - user can specify the encryption algorithm to use, as well as the key, by selecting an option when specifying the masking function.r. No key management is done, and secure memory management delegated to Java libraries. 

HASHING ALGORITHMS
Algorithm Proprietary? Specific Implementations Link to Public Domain Code Products Using Purpose Modifications
Language Details
SHA-1 N C++ Standard SHA-1 http://www.packetizer.com/security/sha1/ AgileDesigner Licensing (legacy option from Datamaker) Inserted into module aes_dll.dll
DataViz Licensing (from Datamaker)
DataMaker Licensing (uses Datamaker licence by proxy and passes to other products)
GTDiagrammer Licensing (from Datamaker)
Java java.security implementation   FastDataMasker Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function.  
SHA-256 N Java java.security implementation   FastDataMasker Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function.  
SHA-384 N Java java.security implementation   FastDataMasker Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function.  
SHA-512 N Java java.security implementation   FastDataMasker Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function.  
MD2 N Java java.security implementation   FastDataMasker Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function.