# # ProtectDB.properties 09/07/21 16:30:15 SafeNet, Inc. # # SafeNet Network-Attached Encryption (NAE) properties file # # Release Version: 5.4.0.000008 # # NOTE: Do not use quotes when specifying values in this file. # #[Version] # Version of the properties file for the SafeNet PKCS#11/ICAPI/MSCAPI/.NET # providers. # # Do not modify this property. # Version=2.5 #[Network Configuration] # [NAE Server IP] # The IP address and port of the NAE server. # # Multiple IPs can be specified when load balancing is used. The port must # be the same on all NAE servers. You can configure up to three tiers of # NAE servers. Tiers are numbered 1-3. If all servers in the primary tier 1 # become unreachable, the client will switch to tier 2. If all servers # in tier 2 become unrechable, the client will switch to tier 3. When # using an alternatate tier, the client will periodically try to switch # back to tier 1 (after Connection_Retry_Interval has expired). # # For all tier-aware parameters, the tier is indicated with a trailing # .n after the parameter name, i.e. NAE_IP.1=127.0.0.1 # Setting the parameter with no tier sets the default value for all tiers. # i.e. Connection_Timeout=600000 sets Connection_Timeout for all tiers while # Connection_Timeout.1=700000 sets Connection_Timeout for tier 1. # A tier-specic setting will override # # For NAE_IP, IPs are separated by colons, e.g., # 192.168.1.10:192.168.1.11:192.168.1.12 # NAE_IP=10.10.10.86 # #[Network Configuration] # [NAE Server Port] # NAE_Port is tier-aware # Do not set the port value to 9443 because this is the port typically used # to connect to the management console. NAE_Port=9000 #[Network Configuration] # [Protocol] # The protocol used between the client and the NAE server. # # If you are load balancing across multiple NAE servers, the protocol must # be the same for each server. # Protocol is tier-aware. # # Valid values: tcp, ssl. # Default: tcp # Recommended: ssl # Protocol=tcp #[Connection Configuration] # [Persistent Connections] # Enable or disable persistent connections. # # If enabled, the client will use a pool of persistent connections to the # NAE server. If disabled, a new connection will be created and then # closed for each request. # # Valid values: yes, no. # Default: yes # Recommended: yes # Use_Persistent_Connections=yes #[Connection Configuration] # [Connection Pooling] # The maximum number of connections in the persistent connection pool. # # This value is used only when persistent connections are enabled. # Size_of_Connection_Pool is tier-aware. # # Default: 300 # Size_of_Connection_Pool=300 #[Connection Configuration] # [Connection Timeout] # The timeout when connecting to the NAE server. # # The timeout is specified in milliseconds. The client will wait for the # specified number of milliseconds when trying to connect to each NAE # server. # # Setting this value to 0 uses the system connect() timeout. # # Caution: Setting this value too low may cause connections to fail when # the NAE servers and/or network are under load. Do not change it unless # you really need to. # Connection_Timeout is tier-aware. # # Default: 60000 # Connection_Timeout=60000 #[Connection Configuration] # [Connection Idle Timeout] # The time a connection is allowed to be idle in the connection pool # before it gets closed automatically by the client. # # The timeout is specified in milliseconds. The client will check how long # each connection has been idle for. If the time has passed the value # specified here, the client will close the connection and remove it from # the connection pool. To be effective, this setting must be less than the # Connection Timeout setting in the NAE Server Settings section in the # Management Console of the NAE server. # # Setting this value to 0 is equivalent to an infinite timeout. # Connection_Idle_Timeout is tier-aware. # # Default: 600000 # Connection_Idle_Timeout=600000 #[Connection Configuration] # [Connection Retry] # The amount of time to wait before trying to reconnect to a disabled # server. # # The retry interval is specified in milliseconds. If one of the NAE # servers in a load balanced configuration is not reachable, the client # will disable this server, and then wait for the specified number of # milliseconds before trying to connect to it again. # # Setting this value to 0 is equivalent to an infinite retry interval # (meaning the disabled server will never be brought back into use). # Connection_Retry_Interval is tier-aware. # # Default: 600000 # Connection_Retry_Interval=600000 #[Connection Configuration] # [Cluster_Synchronization_Delay] # The total amount of time to spend trying to make requests on keys # go to the same device the key create or latest key modify went to. # # A device tries to replicate key information to other devices in the # cluster after it completes a key create or modify request. Until # that replication completes, requests on the key need to go to the # device pushing the replication. # # If replication fails, the device waits for 30 seconds, then # tries again. If three replications fail, the device stops trying # to replicate data. # # The default is 100 seconds: 3 times 30 seconds plus a few extra # seconds per try for network latency. For larger clusters additional # time may be needed. # # Disable the function: 0 seconds # # Default: 100 seconds # Cluster_Synchronization_Delay=100 #[Connection Configuration] # [EdgeSecure Name] # Name of device or file containing the name of an EdgeSecure device. # # The name of an EdgeSecure device is a unique value assigned # by the administrator to define a single device. # # If the name refers to a readable file, then the first line in the file # defines the name of an EdgeSecure device. This allows all properties # files stored on different platforms to be the same and still allow # each platform to refer to a different EdgeSecure device. # # EdgeSecure_Name is tier-aware. # # Default: none # #EdgeSecure_Name= #[SSL/TLS Configuration] # [Cipherspec] # The SSL/TLS protocol and encryption algorithms to use. # # Default is "HIGH:!ADH:!DH:!DSA:!EXPORT:RSA+RC4:RSA+DES:RSA+AES" # which translates to high-strength RSA key exchange and RC4, triple DES, # or AES. # Cipher_Spec is tier-aware. # # Default: HIGH:!ADH:!DH:!DSA:!EXPORT:RSA+RC4:RSA+DES:RSA+AES # #Cipher_Spec=HIGH:!ADH:!DH:!DSA:!EXPORT:RSA+RC4:RSA+DES:RSA+AES #[SSL/TLS Configuration] # [CA Certificate for Server Authentication] # The CA certificate that signed the NAE server certificate presented to # clients to establish SSL connections. # # If you are using SSL between the client and server, you must specify a # path to the CA certificate that signed the NAE server certificate. If # the client cannot validate the certificate presented by the NAE server, # the client will not be able to establish an SSL connection with the NAE # server. # # You should provide the path and file name of the CA certificate. The # path can be absolute or relative to the application. Do not use quotes # when specifying the path, even if it contains spaces. # CA_File is tier-aware. # # No default. # CA_File= #[SSL/TLS Configuration] # [Client Certificate] # The client certificate to present to the NAE server. # # This value is required when client certificate authentication is enabled # on the NAE server. The certificate must be in PEM format. If this value # is set, the certificate and private key must be present even if the NAE # server is not configured to request a client certificate. # # You should provide the path and file name of the client certificate. The # path can be absolute or relative to the application. Do not use quotes # when specifying the path, even if it contains spaces. # Cert_File is tier-aware. # # No default. # Cert_File= #[SSL/TLS Configuration] # [Client Private Key] # The private key associated with the client certificate specified in # Cert_File. # # This value is required when client certificate authentication is enabled # on the NAE server. The client private key must be in PEM-encoded PKCS#12 # format. If this value is set, a correctly formatted key and certificate # must be present. # # You should provide the path and file name of the private key. The path # can be absolute or relative to the application. Do not use quotes when # specifying the path, even if it contains spaces. # Key_File is tier-aware. # # No default. # Key_File= #[SSL/TLS Configuration] # [Client Private Key Passphrase] # The passphrase to unlock the client private key specified in Key_File. # # This value is required when client certificate authentication is enabled # on the NAE server. Since the value is in the clear, this properties file # must have its permission restricted so that it can be read only by the # applications that are to have legitimate access to it. # Passphrase is tier-aware. # # No default. # Passphrase= #[Local Encryption Configuration] # [Symmetric Key Caching] # Enables key caching. # # If enabled, the client will be able to use symmetric keys to encrypt # data locally. If disabled, only remote encryption will be supported. # Should only be enabled with Protocol set to ssl. To allow key caching # over unsecured communication, set the this variable to tcp_ok # # Valid values: yes, no, tcp_ok # Default: no # Recommended: no # Symmetric_Key_Cache_Enabled=no #[Local Encryption Configuration] # [Symmetric Key Cache Expiry] # Seconds after which a key may be removed from cache. # # The expiration interval is specified in seconds. If the time expires # and the key is referenced, it will be erased from the cache and # imported from the NAE server. # # This value has to be greater than or equal to 0 for key caching to work. # # Setting this value to 0 is equivalent to an infinite timeout. # # Default: 43200 (12 hours) # Symmetric_Key_Cache_Expiry=43200 # [Persistent Key Caching] # [Persistent_Cache_Enabled] # Enables persistent key caching during local encryption. # # To persist symmetric keys Symmetric_Key_Cache_Enabled must be set to # "yes" or "tcp_ok", Persistent_Cache_Enabled must be set to "yes", # Persistent_Cache_Expiry set to a zero or positive value, and # Persistent_Cache_Directory set to an existing directory. # If Symmetric_Key_Cache_Enabled or Public_Key_Cache_Enabled is set # to "no", all Persistent_Cache_* properties will be ignored. # # Valid values: yes, no # Default: no # Recommended: no # Persistent_Cache_Enabled=no # [Persistent Key Caching] # [Persistent Cache Directory] # The location of the directory which will contain the persistent key caches. # # Provide just the path to a directory where the provider will create the # persistent cache file. The value can be absolute or relative to the # application. Do not use quotes when specifying the path, even if it contains spaces. # On Windows platforms, the value must not equal just a backslash (\) or end # with a backslash if not a root directory (e.g., C:\ is okay, however C:\TEMP\ # is not). # # default: none # Persistent_Cache_Directory= # [Persistent Key Caching] # [Persistent Key Cache Expiry Keys] # Seconds after which a key may be removed from cache. # # The expiration interval is specified in seconds. If the time expires # and the key is referenced, it will be erased from the cache and # imported from the NAE server. # # This value has to be greater than or equal to 0 for key caching to work. # # Setting this value to 0 is equivalent to an infinite timeout. # # Default: 43200 (12 hours) # Persistent_Cache_Expiry_Keys=43200 # [Persistent Key Caching] # [Persistent Cache Maximum Size] # Maximum number of elements in the Persistent Cache. # # This value has to be greater than 0 for key caching to work. # # Default: 100 # Persistent_Cache_Max_Size=100 #[Logging Configuration] # [Log Level] # The level of logging that will be performed by the client. # # The log level determines how verbose your client logs are. You can # disable logging by selecting NONE; however, it is recommended that you # set the log level to MEDIUM. A log level of HIGH can create a very large # log file. Set the log level to HIGH to troubleshoot configuration # problems. # # Valid values: # NONE - nothing is logged # LOW - only essential events are logged # MEDIUM - some events are logged # HIGH - many events are logged # # Default: MEDIUM # Log_Level=MEDIUM #[logging configuration] # [log file] # the location of the log file the client will create. # # you should provide the path and file name of the log file. the path can # be absolute or relative to the application. do not use quotes when # specifying the path, even if it contains spaces. # # default: logfile (created in the current directory) # Log_File=/opt/oracle/11g/lib/safenet/protectdb.log #[Logging Configuration] # [Log Rotation] # The log rotation method. # # This value specifies how frequently the log file is rotated. # # Valid values: # Daily - log file is rotated once a day # Size - log file is rotated when it exceeds Log_Size_Limit # # Default: Daily # Log_Rotation=Daily #[Logging Configuration] # [Log Size] # The maximum log file size. # # If Log_Rotation=Size, the log will be rotated after it reaches the # specified size. This value is only used when Log_Rotation=Size. # # The size may be specified in bytes, kilobytes (using 'k' or 'K'), or # megabytes (using 'm' or 'M'). One kilobyte is 1024 bytes, and one # megabyte is 1048576 bytes. # # Default: 100k # Log_Size_Limit=100k