Users Guide

Customization Using the System and Security Properties 5

RSA BSAFE Cert-J 6.2.4 Troubleshooting Guide

Customization Using the System and Security Properties

System and security properties in Cert-J are used to statically register the JCE provider

and to configure the toolkit and FIPS-140 mode behavior.

The following list details the main system and security properties according to the

functions in which they are involved:

• Set the Default Random Algorithm:

com.rsa.crypto.default.random

• Configure OCSP:

ocsp.*

• Specify the location of the Cryptographic Module configuration file:

com.rsa.cryptoj.configfile

• Set the Event Handler to run at start-up:

com.rsa.cryptoj.eventhandler

• Set or change the initial FIPS mode of operation:

com.rsa.cryptoj.fips140initialmode

• Set FIPS role authentication:

com.rsa.cryptoj.fips140auth

• Set the iteration count to be used for PBKDF2 algorithms:

com.rsa.cryptoj.jce.pkcs15.iterationcount

• Set the algorithm to use to encrypt the keystore, when exporting PKCS #12 files.

com.rsa.cryptoj.pkcs12.defaultpbe

• Set a MAC to be output when saving a PKCS #12 key store to disk.

com.rsa.cryptoj.pkcs12.outputmac

• Activate CRLDP checking during certificate path validation:

com.sun.security.enableCRLDP OR

com.ibm.security.enableCRLDP

• Activate debug for security operations:

java.security.debug

• Set an event listener for logging crypto object creation:

com.rsa.crypto.logger

For further detail, see the Welcome to the Cert-J Toolkit -> Introduction To Cert-J

-> System and Security Properties section of the RSA BSAFE Cert-J Developers

Guide.

The following property is no longer required:

• com.rsa.cryptoj.jce.kat.strategy