AnsweredAssumed Answered

PBE algorithm deprecation question

Question asked by gerald jones on Jul 25, 2018

I need to know which Password-based Encryption (PBE) algorithms have been deprecated between BSAFE MES 4.0.8 and 4.0.10.


For the Unity product, I am upgrading the BSAFE MES used with KTP from 4.0.8 to 4.0.10. As part of the KTP configuration, an (array) client key and certificate PKCS12 package is used. At least one PBE algorithm - pbeWithSHA1And40BitRC2-CBC - was supported by BSAFE 4.0.8 that is not supported by BSAFE 4.0.10.


This list of deprecated algorithms is needed to support Unity software release upgrades, when KMIP (and KTP) are already configured. Unity has Pre-Upgrade Health Checks (PUHC) which are run before upgrading from one software release to another. I need to add checks to that processing to examine which PBE algorithm being used for the current client key and certificate PKCS12 package, and warn the user they must 'repackage' or regenerate the client key and certificate if a deprecated PBE algorithm was used. If this check is not done, KTP configuration may fail after the software release is upgraded, and the Unity array will not be able to connect to the KMIP servers, seriously impacting the array functionality.


I went through the documentation available on this site, but was not able to determine which PBE algorithms have been deprecated.