16.10 - SigningHashAlgorithm - Teradata Database

Teradata Database Security Administration

Teradata Database
June 2017

During connection of the Unity proxy to a Teradata Database system, Unity and the Teradata Gateway mutually authenticate. Each side of the connection (each peer) digitally signs the DH public key using their private key. Then each side verifies the digital signature of its peer using the public key embedded in the certificate it receives from the peer. Rather than signing the 2048 bit DH public key, each peer takes a hash of the key and then signs the hashed data with the private key.

The SigningHashAlgorithm property indicates what hash algorithm is applied to the DH public key before performing the signature operation.

Default Property Value

The default setting is “SHA256”.

Valid Settings

Setting Description
“SHA256” (default) Specifies the SHA256 algorithm.
“SHA512” Specifies the SHA512 algorithm, for stronger encryption.

Supporting Mechanisms for SigningHashAlgorithm

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
PROXY May Be Edited
To set a value, copy the PROXY mechanism from theTdgssLibraryConfigFile.xml and add it to the TdgssUserConfigFile.xml. See About Editing Configuration Files.

Editing Guidelines

  • Use the default setting if possible.
  • Edit this property only on a Teradata Database system connected to Unity. As part of the token exchanges, the Teradata Gateway communicates the hash algorithm to Unity.
  • You can specify SHA512 for stronger hash encryption during proxy authentication, but there is a slight degradation in logon performance if the stronger encryption is used.

Also see Coordinating Mechanism Property Values.