Agentry Security Specifications Reference

The following table lists the various points at which data is encrypted within the SAP® Mobile Platform and the related default algorithms and cipher strengths.

Encryption Specifications

Client-side data encryption specs are the same for all supported devices.

Data Encryption Key Exchange Algorithm & Strength Encryption Algorithm & Default Strength
Client Password (over network) RSA - strength determined by server public/private key settings RSA - 512 bit
Client-Server Data Transmission (ANGEL) RSA - strength is determined by the SSL certificate you generate for the server Negotiated between the client and server, but generally defaults to the strongest algorithm supported by both
Client-Side Data Encryption PBKDF2-SHA1 - 128 bit AES - 128 bit

Locally the client hashes the user's password using PBKDF2-SHA1. This is a hash, not an encryption (it cannot be decrypted).

Authentication Certificate Specifications

These specifications describe authentication certificate encoding for certificates stored on the Server’s host system and client devices:
  • Agentry Server storage format – the server's certificate and private key are stored in a PKCS#12 file. Windows CE supports only RSA certificates that use the RSA-with-SHA1 signature algorithm; if no Windows CE clients are to be used, then a newer signing algorithm such as RSA-with-SHA256 can be used.

    Trusted CA certificates used by the server to validate client certificates, if needed, are stored in a single PEM-encoded file on the server.

  • Client-side storage formats – defaults to using OS-provided keystores. For transporting the certificate to the client for initial import:
    • Android – DER
    • Other platforms – DER or PEM
Parent topic: Agentry Server Security