## Algorithm Configuration

The following start options are used to configure the security algorithms:

- Signature:
- Hashfunction (Hash algorithm): SHA-256 or SHA-512
- Signature procedure (Signature algorithm): RSASSA-PSS

- Encryption:
- Key encryption: RSAES-OAEP (with hash function SHA-256)
- Content encryption: AES128_CBC, AES256_CBC or AES128_GCM

Use these JAVA_OPTS:

`-Dsigning_algorith`

(Default: Hash algorithm from certificate due to RFC-4056 if valid for market-communication, otherwise SHA256withRSAandMGF1)`-Dkey_encryption_algorithm`

(Default: id_RSAES_OAEP)`-Dcontent_encryption_algorithm`

(Default: AES128_CBC before 01.04.2025, AES128_GCM after)

### Specific algorithms for specific recipients

You can configure different algorithms for different recipients. Recipients are distinguished by their certificate-alias (usually ILN/Mail).

Instead of defining a single algorithm, use the following syntax:

```
content_encryption_algorithm=Algo1:[alias1,alias2];Algo2:alias3;Algo3
```

In this example for recipients alias1/alias2 the algorithm Algo1 is used. For recipient with alias2 the algorithm Algo2 is used. For all other recipients Algo3 is used.

Specification:

The property value (right side of equal sign) is a list of algorithm-alias assignments, separated by `;`

.

An assignment is a pair of algorithm and aliases, divided by `:`

. The aliases are optional. An algorithm without aliases is used as fallback value. If no fallback is specified, the default values are used as fallback.

The aliases are a list of at least one alias, separated by `,`

. The list can be enclosed by `[ ]`

.

This syntax works for `content_encryption_algorithm, key_encryption_algorithm, signing_algorithm`

.

Don’t be confused when configuring the signing algorithm: You configure the algorithm to be be used for signing of outbound messages, thus the signature by your system/sender. However the configuration is based on the partner/recipient.

View Me Edit Me