Encryption settings for Pega Robotic Automation
Windows Data Protection API (DPAPI) is a cryptographic application programming interface that is available as a built-in component in Microsoft Windows. The Pega Robotic Automation credential store uses DPAPI to securely store assisted sign-on credentials on the desktop.
DPAPI encrypts data by using a key derived from the logged-in Windows user's credentials. The use of this key ensures that the assisted sign-on credentials cannot be decrypted by anyone other than the user who initially entered them. DPAPI uses industry-standard encryption algorithms.
The Pega Robotic Automation team has tested DPAPI on the following configurations to determine the algorithms and settings used by the following versions of 64-bit Windows.
- Windows 7 Enterprise Service Pack 1
- Windows 8.1 Enterprise
- Windows 10 Enterprise
- Windows Server 2008 R2 Datacenter Service Pack 1
- Windows Server 2012 R2 Datacenter
- Windows Server 2016
| Windows version | 7 | 8.1 | 10 | Server 2008 | Server 2012 | Server 2016 |
|---|---|---|---|---|---|---|
| Encryption | AES-256 | AES-256 | AES 256 | AES-256 | AES-256 | AES-256 |
| Hashing | SHA-512 | SHA-512 | SHA-512 | SHA-512 | SHA-512 | SHA-512 |
| Iteration | 17400 | 8000 | 8000 | 17400 | 8000 | 8000 |
Customer security teams can use this information when evaluating the security of the credential store component.
Previous topic Encryption and the Assisted Sign-On component Next topic Setting up the Certificate Revocation List