9e20026ee2defa33ee5175d93139414793419181David Luna# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
9e20026ee2defa33ee5175d93139414793419181David Luna# Copyright 2016 ForgeRock AS.
9e20026ee2defa33ee5175d93139414793419181David Luna# The contents of this file are subject to the terms
9e20026ee2defa33ee5175d93139414793419181David Luna# of the Common Development and Distribution License
9e20026ee2defa33ee5175d93139414793419181David Luna# (the License). You may not use this file except in
9e20026ee2defa33ee5175d93139414793419181David Luna# compliance with the License.
9e20026ee2defa33ee5175d93139414793419181David Luna# You can obtain a copy of the License at
9e20026ee2defa33ee5175d93139414793419181David Luna# See the License for the specific language governing
9e20026ee2defa33ee5175d93139414793419181David Luna# permission and limitations under the License.
9e20026ee2defa33ee5175d93139414793419181David Luna# When distributing Covered Code, include this CDDL
9e20026ee2defa33ee5175d93139414793419181David Luna# Header Notice in each file and include the License file
9e20026ee2defa33ee5175d93139414793419181David Luna# If applicable, add the following below the CDDL Header,
9e20026ee2defa33ee5175d93139414793419181David Luna# with the fields enclosed by brackets [] replaced by
9e20026ee2defa33ee5175d93139414793419181David Luna# your own identifying information:
9e20026ee2defa33ee5175d93139414793419181David Luna# "Portions copyright [year] [name of copyright owner]"
dba6264e760052e4f42a5114d2690f1e188cb767Kohei Tamura# Portions Copyrighted 2016 Nomura Research Institute, Ltd.
9e20026ee2defa33ee5175d93139414793419181David Lunaforgerock-auth-authenticator-push-service-description=ForgeRock Authenticator (Push) Service
9e20026ee2defa33ee5175d93139414793419181David Lunaa100=Profile Storage Attribute
9e20026ee2defa33ee5175d93139414793419181David Lunaa100.help=The user's attribute in which to store Push Notification profiles.
9e20026ee2defa33ee5175d93139414793419181David Lunaa100.help.txt=A specific field has been generated by OpenAM to handle these profiles, and in most cases the default \
9e20026ee2defa33ee5175d93139414793419181David Luna value will work without further configuration. However, administrators are free to alter this. The new attribute \
9e20026ee2defa33ee5175d93139414793419181David Luna must be able to handle Strings and be stored directly on the user's profile. LDAP User Attributes (accessible in the \
9e20026ee2defa33ee5175d93139414793419181David Luna Realm -> Data Stores tab of the Administrator console) must also be configured to allow for any new attribute used.
9e20026ee2defa33ee5175d93139414793419181David Lunaa101=Device Profile Encryption Scheme
9e20026ee2defa33ee5175d93139414793419181David Lunaa101.help=Encryption scheme to use to secure device profiles stored on the server.
9e20026ee2defa33ee5175d93139414793419181David Lunaa101.help.txt=If enabled, each device profile is encrypted using a unique random secret key using the given strength \
9e20026ee2defa33ee5175d93139414793419181David Luna of AES encryption in CBC mode with PKCS#5 padding. A HMAC-SHA of the given strength (truncated to half-size) is \
dba6264e760052e4f42a5114d2690f1e188cb767Kohei Tamura used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given \
9e20026ee2defa33ee5175d93139414793419181David Luna RSA key-pair and stored with the device profile. NB: AES-256 may require installation of JCE Unlimited Strength.
9e20026ee2defa33ee5175d93139414793419181David Lunaa102=Encryption Key Store
9e20026ee2defa33ee5175d93139414793419181David Lunaa102.help=Key Store to load encryption keys from.
9e20026ee2defa33ee5175d93139414793419181David Lunaa103=Key Store Type
9e20026ee2defa33ee5175d93139414793419181David Lunaa103.help=Type of KeyStore to load.
9e20026ee2defa33ee5175d93139414793419181David Lunaa103.help.txt=Note: PKCS#11 keystores require hardware support such as a security device or smart card and is not \
9e20026ee2defa33ee5175d93139414793419181David Luna available by default in most JVM installations. See the <a \
9e20026ee2defa33ee5175d93139414793419181David Luna href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html" target="_blank">JDK 8 PKCS#11 \
9e20026ee2defa33ee5175d93139414793419181David Luna Reference Guide</a> for more details.
9e20026ee2defa33ee5175d93139414793419181David Lunaa104=Key Store Password
9e20026ee2defa33ee5175d93139414793419181David Lunaa104.help=Password to unlock the keystore. This password will be encrypted.
9e20026ee2defa33ee5175d93139414793419181David Lunaa105=Key-Pair Alias
9e20026ee2defa33ee5175d93139414793419181David Lunaa105.help=Alias of the Certificate/PrivateKey in the keystore to use to encrypt/decrypt device profiles.
9e20026ee2defa33ee5175d93139414793419181David Lunaa106=Private Key Password
9e20026ee2defa33ee5175d93139414793419181David Lunaa106.help=Password to unlock the private key.
9e20026ee2defa33ee5175d93139414793419181David LunaRSAES_AES128CBC_HS256=AES-128/HMAC-SHA-256 with RSA Key Wrapping
9e20026ee2defa33ee5175d93139414793419181David LunaRSAES_AES256CBC_HS512=AES-256/HMAC-SHA-512 with RSA Key Wrapping
9e20026ee2defa33ee5175d93139414793419181David LunaNone=No encryption of device settings.
9e20026ee2defa33ee5175d93139414793419181David LunaJKS=Java Key Store (JKS).
9e20026ee2defa33ee5175d93139414793419181David LunaJCEKS=Java Cryptography Extension Key Store (JCEKS).
9e20026ee2defa33ee5175d93139414793419181David LunaPKCS11=PKCS#11 Hardware Crypto Storage.
9e20026ee2defa33ee5175d93139414793419181David LunaPKCS12=PKCS#12 Key Store.