To connect to a database, or start a process as a specific operating system user, the Dimensions CM server requires the credentials of an operating system or database user account, typically a user ID and password. Credentials are stored in the file registry.dat in encrypted format.
By default CM uses the cipher type aes-128-cbc. To specify a different cipher type add the flag DM_CIPHER_TYPE to the Dimensions CM dm.cfg configuration file on the server and specify one of the following (listed in descending order of security):
aes-256-cbc
ssha256
bf-ecb (BlowFish, was the default prior to CM 14.2)
md5
If registry.dat was encrypted with a cipher that is different to the current one, CM automatically:
Re-encrypts registry.dat with the current cipher.
Saves a copy of the previous version as registry.dat.prev.n.
Re-encryption occurs when:
A Dimensions CM server initially accesses registry.dat, for example, after a restart or an upgrade.
The default cipher is changed using the dmpasswd utility and the server is not restarted.
After every re-encryption n is incremented by 1, for example:
registry.dat.prev.1
registry.dat.prev.2
NOTE If you use aes-256-cbc, the Java Runtime Environment used to run Serena CM Common Tools (Tomcat) should be patched with JCE Unlimited Strength Jurisdiction Policy Files that you can download from the official Java site.