To connect to a database, or start a process as a specific operating system user, the Dimensions CM server requires the credentials of an operating system or database user account, typically a user ID and password. Credentials are stored in the file registry.dat in encrypted format.
By default CM uses the cipher type aes-128-cbc. To specify a different cipher type add the flag DM_CIPHER_TYPE to the Dimensions CM dm.cfg configuration file on the server and specify one of the following (listed in descending order of security):
aes-256-cbc
ssha256
bf-ecb (BlowFish, was the default prior to CM 14.2)
md5
If registry.dat was encrypted with a cipher that is different to the current one, CM automatically:
Re-encrypts registry.dat with the current cipher.
Saves a copy of the previous version as registry.dat.prev.n.
Re-encryption occurs when:
A Dimensions CM server initially accesses registry.dat, for example, after a restart or an upgrade.
The default cipher is changed using the dmpasswd utility and the server is not restarted.
After every re-encryption n is incremented by 1, for example:
registry.dat.prev.1
registry.dat.prev.2
NOTE If you use aes-256-cbc, the Java Runtime Environment used to run Micro Focus Common Tools should be patched with JCE Unlimited Strength Jurisdiction Policy Files that you can download from the official Java site.