Symmetric Cryptography

Deprecated Component

It is recommended you replace all Symmetric Cryptography filters in your configuration with the Asymmetric Cryptography filter.

The Symmetric Cryptography filter encrypts or decrypts messages using a symmetric algorithm.

Configuration Properties

Property	Description
Maximum Concurrency	The maximum level of concurrency for this filter. A setting of `0` (zero) means unlimited. Limiting the level of concurrency limits memory usage. Refer to Maximum Concurrency for details.
Cipher Name	The symmetric algorithm to use (such as AES). For block algorithms you must specify a cipher block mode in the Cipher Mode field and padding scheme in the Padding Scheme field to use with the algorithm. If in doubt as to which to use, CBC block mode with NoPadding is the default. RC4 is a streaming algorithm that does not use a block mode or padding scheme.
Cipher Mode	The name of the cipher block mode to use. All the cipher block modes except ECB require an Initialization Vector (IV), generally of either 8 or 16 bytes (depending on the algorithm being used). This vector is configured as a hex string using the IV parameter; for example, an 8 byte IV could be "d654c2511003931c" or for 16 bytes "718b916cf57feb7ec76f5bdb12c41235". If no initialization vector is specified for an encryption filter when one is needed then it is generated automatically. The same IV is required for decryption as was used for encryption.
Padding Scheme	The cipher block padding scheme to use. The cipher block padding schemes available for use are: NoPadding PKCS7Padding WithCTS X9.23Padding ISO10126Padding Some combinations of cipher block modes and padding schemes are not compatible. In general CTS padding can only be used with the CBC and ECB block modes. Also, if you use NoPadding and the CBC or ECB block modes, your input data must be an exact multiple of the block size for the given algorithm.
Encrypt or Decrypt	Options: `Encrypt`, `Decrypt`. Default: `Encrypt` Identifies whether a file processed by this filter is to be encrypted or decrypted.
Symmetric Key Name	The user-defined name of the key from the Certificate Manager to use for the encryption/decryption. Click the Browse button to display the Symmetric Keys screen, shown in the following screenshot: Select the key you need to use, or click the Generate key... button to generate a new symmetric key. A symmetric key generated in this way is listed on the Symmetric Key tab of the Certificate Manager and can be managed using this tool.
Initialisation Vector	This is required for most cipher modes. This is a string of either 8 or 16 bytes, depending on the selected algorithm. If no initialization vector is specified for an encryption filter when one is required, one will be generated automatically. The initialization vector is a hex coded vector used to initialize the cipher.

Key and Block Sizes

The key and block sizes for the various algorithms are shown in the following table.

Algorithm	Key Size (bits)	Block Size
AES	0 .. 256 (192)	128 bit
Blowfish	0 .. 448 (448)	64 bit
CAST5	0 .. 128(128)	64 bit
CAST6	0 .. 256(256)	128 bit
DES	64	64 bit
DESede	128, 192	64 bit
IDEA	128 (128)	64 bit
RC2	0 .. 1024 (128)	64 bit
RC5	0 .. 128 (128)	64 bit
RC6	0 .. 256 (128)	128 bit
Rijndael	0 .. 256 (192)	128 bit
Skipjack	0 .. 128 (128)	64 bit
Twofish	128, 192, 256 (256)	128 bit
Serpent	128, 192, 256 (256)	128 bit
RC4	40 .. 2048 bits (128)	N/A