Cryptography

 uses the following cryptographic algorithms and protocols:
capam32
Privileged Access Manager
 uses the following cryptographic algorithms and protocols:
  • Symmetric Encryption
    : Advanced Encryption Standard (AES) Symmetric keys of 256 bit key length, defined in NIST FIPS PUB 197 and ISO/IEC 18033-3.
  • Asymmetric Encryption
    : Transport Layer Security protocol follows IETF RFC 5246 version 1.2 (TLS 1.2) including optional Perfect Forward Secrecy Diffie Hellman key exchange elliptic curve (P-256 and P-384 supported).
  • Cryptographically secure entropy source
    : For symmetric key generation Intel RDRAND (on PAM hardware or if present in the hypervisor hardware for OVF) which meets NIST SP800 90B.
  • Digital Signature
    : Digital Signature Standard (compliant to FIPS 186-4) Elliptic Curve Digital Signature Algorithm (ECDSA) (P-256 and P-384 supported).
  • Hash Functions
    : For integrity checks and comparison of User specific login credentials, SHA-2 hash is used either with 512 or 256 bits. In SSH-2 communication, HMAC can support either SHA 256 or 512
  • Digital Certificates
    : 2048 or 4096 bits may be used for digital certificates on the
    PAM
    server.