Issue/Introduction:
Could you please share additional details on the following items?
- In GT DataMaker and CA TDM Portal, please explain how the connections will be encrypted for each database-type(Oracle, DB2 etc.) connection in the connection profiles?
- Please explain how, where, and what kind of encryption method is used on GT DataMakar and CA TDM Portal for storing the connection credentials?
Cause:Environment:
Release : 4.6
Component : CA Test Data Manager
Resolution
Engineering reviewed the gtrep repository database for TDM. The passwords are stored in the repository using AES-128 encryption. Below is a spreadsheet showing the details of the encryption mechanism used.
ENCRYPTION ALGORITHMS
| Algorithm |
Type |
Proprietary? |
Key Strength (bits) |
Specific Implementations |
Link to Public Domain Code |
Products Using |
Purpose |
Modifications |
| Language |
Details |
| AES-128 |
Symmetric |
N |
128 (code supports 192-bit and 256-bit keys but is a build configuration) |
C++ |
Rijndael, Chained-Block-Cipher (CBC) mode with randomized Initialization Vector (IV) (16-byte blocks) |
http://www.wizardwrx.com/FREEBIES/P6CryptAES.html |
Datamaker |
Authentication (Password storage) |
Inserted into own DLL - aes_dll.dll
Small modifications to handle multi-byte data from PowerBuilder code (char to wchar conversions added) |
| AgileDesigner |
Authentication (Password transmission from Datamaker and to Service Layer (symmetric)) |
| Test Matching |
Authentication (Transmission of credentials to Remote Engine (data source string is symmetrically encrypted)) |
| Service Layer |
Authentication (Password storage and transmission) |
| Remote Engine |
Authentication (Password transmission) |
| Javelin |
Authentication (Password storage in XAML) |
| 128 |
C# |
CBC, PCKS7 Padding, salt according to RFC2898 |
|
Javelin |
Authentication (Password transmission from Subset) |
|
| 128 |
Java |
CBC, PCKS7 Padding, salt according to RFC2898 |
|
Subset |
Authentication (Password transmission to Javelin) |
|
| 128 |
Java |
Rijndael, Chained-Block-Cipher (CBC) mode with randomized Initialization Vector (IV) |
|
None. |
|
Straight conversion from C++ codebase. |
| |
128 |
Java |
Uses sdtandard javax.crypto packages, using algorithm "AES" |
|
FastDataMasker |
Masking of data, and masking of cross-reference table (as an option) |
|
| AES-256 |
Symmetric |
N |
256 |
C++ |
Comes as part of 7Zip. |
|
AgileDesigner |
IP protection (keep file contents and structures secret) |
|
| ElGamal |
Asymmetric |
N |
384 (code supports 8- and 1088-bit keys but only through code changes) |
C# |
Standard ElGamal, using a Diffie-Hellman key exchange process. Random number generation is done using System.Random class. |
|
Service Layer (beta) |
Providing secure authentication between client and service layer. |
Needs adaptation to use a provable prime generator (currently uses pseudoprime generator, causing a 5% residual fault rate) |
| DES |
Symmetric |
N |
56 |
Java |
Uses standard javax.crypto packages, using algorithm "PBEWithMD5AndDES" |
|
Subset |
Authentication (Password storage) |
|
| FastDataMasker |
Masking of data; - user can specify the encryption algorithm to use, as well as the key, by selecting an option when specifying the masking function.r. No key management is done, and secure memory management delegated to Java libraries. |
HASHING ALGORITHMS
| Algorithm |
Proprietary? |
Specific Implementations |
Link to Public Domain Code |
Products Using |
Purpose |
Modifications |
| Language |
Details |
| SHA-1 |
N |
C++ |
Standard SHA-1 |
http://www.packetizer.com/security/sha1/ |
AgileDesigner |
Licensing (legacy option from Datamaker) |
Inserted into module aes_dll.dll |
| DataViz |
Licensing (from Datamaker) |
| DataMaker |
Licensing (uses Datamaker licence by proxy and passes to other products) |
| GTDiagrammer |
Licensing (from Datamaker) |
| Java |
java.security implementation |
|
FastDataMasker |
Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function. |
|
| SHA-256 |
N |
Java |
java.security implementation |
|
FastDataMasker |
Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function. |
|
| SHA-384 |
N |
Java |
java.security implementation |
|
FastDataMasker |
Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function. |
|
| SHA-512 |
N |
Java |
java.security implementation |
|
FastDataMasker |
Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function. |
|
| MD2 |
N |
Java |
java.security implementation |
|
FastDataMasker |
Masking data - user can specify the hashing algorithm to use by selecting an option when specifying the masking function. |
|
------------------------------
Technical Support Engineer III
Broadcom, Inc
------------------------------