#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright 2013-2015 ForgeRock AS.
#
# The contents of this file are subject to the terms
# of the Common Development and Distribution License
# (the License). You may not use this file except in
# compliance with the License.
#
# You can obtain a copy of the License at
# See the License for the specific language governing
# permission and limitations under the License.
#
# When distributing Covered Code, include this CDDL
# Header Notice in each file and include the License file
# If applicable, add the following below the CDDL Header,
# with the fields enclosed by brackets [] replaced by
# your own identifying information:
# "Portions copyright [year] [name of copyright owner]"
#
# Portions Copyrighted 2016 Nomura Research Institute, Ltd.
forgerock-auth-authenticator-oath-service-description=ForgeRock Authenticator (OATH) Service
a100=Profile Storage Attribute
a100.help=The user's attribute in which to store Two Step Verification profiles.
a100.help.txt=A specific field has been generated by OpenAM to handle these profiles, and in most cases the default \
value will work without further configuration. However, administrators are free to alter this. The new attribute \
must be able to handle Strings and be stored directly on the user's profile. LDAP User Attributes (accessible in the \
Realm -> Data Stores tab of the Administrator console) must also be configured to allow for any new attribute used.
a101=Device Profile Encryption Scheme
a101.help=Encryption scheme to use to secure device profiles stored on the server.
a101.help.txt=If enabled, each device profile is encrypted using a unique random secret key using the given strength \
of AES encryption in CBC mode with PKCS#5 padding. A HMAC-SHA of the given strength (truncated to half-size) is \
used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given \
RSA key-pair and stored with the device profile. NB: AES-256 may require installation of JCE Unlimited Strength.
a102=Encryption Key Store
a102.help=Key Store to load encryption keys from.
a103=Key Store Type
a103.help=Type of KeyStore to load.
a103.help.txt=Note: PKCS#11 keystores require hardware support such as a security device or smart card and is not \
available by default in most JVM installations. See the <a \
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" target="_blank">JDK 8 PKCS#11 \
Reference Guide</a> for more details.
a104=Key Store Password
a104.help=Password to unlock the keystore. This password will be encrypted.
a105=Key-Pair Alias
a105.help=Alias of the Certificate/PrivateKey in the keystore to use to encrypt/decrypt device profiles.
a106=Private Key Password
a106.help=Password to unlock the private key.
RSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
RSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
None=No encryption of device settings.
JKS=Java Key Store (JKS).
JCEKS=Java Cryptography Extension Key Store (JCEKS).
PKCS11=PKCS#11 Hardware Crypto Storage.
PKCS12=PKCS#12 Key Store.
a107=ForgeRock Authenticator (OATH) Device Skippable Attribute Name
a107.help=Name of the attribute on a user's profile used to store their selection of whether to \
skip ForgeRock Authenticator (OATH) 2FA modules.