Enabling AES256 Password Encryption

Caliber offers two different ways to encrypt passwords: AES256 or RC4.

AES (Advanced Encryption Standard) and RC4 are two encryption ciphers. The most significant difference between the two is their type. AES is a block cipher that operates on discrete blocks of data using a fixed key and a formula. Whereas, RC4 is a stream cipher that does not have a discrete block size. RC4 uses a keystream of pseudo random bits combined to the data using an exclusive OR (XOR) operation. You can use block ciphers as stream ciphers and vice versa. The difference between the two is small. However, RC4 is not very effective when used as a block cipher.

Data servers 11.3 or older use RC4 encryption.

If the data server is 11.3.1 or later, change the registry setting to use RC4 or AES. You do not have to restart the server. All subsequent Caliber Author or component logins immediately use the setting. Current sessions are not affected by changes to this encryption mode.

By default, the data server is configured for RC4 encryption.

To change encryption to AES:

  1. Locate the server key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Borland\CaliberRM\11.5\Server\PasswordEncryptionMode

  2. Set the key value to 3 to enable AES encryption. To set the encryption back to the RC4 default, change the key value to 2.
To verify encryption is set, ensure that the data server log file includes the text: Configured for AES password encryption for each user login attempt. If AES is not configured, the log will show a message stating RC4 encryption is in use.