XCOMENCR question on cipher used

book

Article ID: 196195

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Windows CA XCOM Data Transport - Linux PC XCOM - SUPPORT

Issue/Introduction

1- What cipher is used with the #!ENCRYPT to encryt the password and how much stronger is it.
2- I know there is a global parameter that are related to the above, can we use another method instead of XCOM?
3- If we change this parameter the remote site must also support it, correct?
4- Does the product provide any way to decrypt the password


Environment

Release : 11.6

Component : CA XCOM Data Transport for Windows

Resolution

In XCOM, Password encryption happens in two types. 


   • Password encryption in rest - This is when the password is saved in the configuration files and the XCOMENCR utility is used to encrypt the password in those configuration files.
   • Password encryption in transmission - This is when XCOM communicates password details with its XCOM partner.

By default, XCOM uses its proprietary encryption mechanism for both encryption scenarios. Starting with XCOM r11.6, we have introduced TRNENCR* parameters that allow our customers to configure industry-standard encryption ciphers to encrypt the passwords during transmissions. In this case, the cipher algorithm negotiated between the XCOM partners and the encryption key gets generated dynamically for each transfer.

There is no utility to decrypt the password. This would be a vulnerability.