The following table lists the various points at which data is encrypted within the SAP® Mobile Platform and the related default algorithms and cipher strengths.
Client-side data encryption specs are the same for all supported devices.
Data Encryption | Key Exchange Algorithm & Strength | Encryption Algorithm & Default Strength |
---|---|---|
Client Password (over network) | RSA - strength determined by server public/private key settings | RSA - 512 bit |
Client-Server Data Transmission (ANGEL) | RSA - strength is determined by the SSL certificate you generate for the server | Negotiated between the client and server, but generally defaults to the strongest algorithm supported by both |
Client-Side Data Encryption | PBKDF2-SHA1 - 128 bit | AES - 128 bit |
Locally the client hashes the user's password using PBKDF2-SHA1. This is a hash, not an encryption (it cannot be decrypted).
Trusted CA certificates used by the server to validate client certificates, if needed, are stored in a single PEM-encoded file on the server.