TDGSS SigningHashAlgorithm Property | Teradata Vantage - 17.10 - SigningHashAlgorithm - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update

During connection of the Unity proxy to a Vantage system, Unity and the gateway mutually authenticate. Each side of the connection (each peer) digitally signs the DH public key using their private key. Then each side verifies the digital signature of its peer using the public key embedded in the certificate it receives from the peer. Rather than signing the 2048 bit DH public key, each peer takes a hash of the key and then signs the hashed data with the private key.

The SigningHashAlgorithm property indicates what hash algorithm is applied to the DH public key before performing the signature operation.

Default Property Value

The default setting is “SHA256”.

Valid Settings

Setting Description
“SHA256” (default) Specifies the SHA256 algorithm.
“SHA512” Specifies the SHA512 algorithm, for stronger encryption.

Editing Guidelines

  • To set a value, copy the PROXY mechanism from theTdgssLibraryConfigFile.xml and add it to the TdgssUserConfigFile.xml. See Editing Configuration Files.
  • Use the default setting if possible.
  • Edit this property only on a Vantage system connected to Unity. As part of the token exchanges, the gateway communicates the hash algorithm to Unity.
  • You can specify SHA512 for stronger hash encryption during proxy authentication, but there is a slight degradation in logon performance if the stronger encryption is used.

Also see Coordinating Mechanism Property Values for Unity.