Encryption Settings

You can change the default encryption settings for Mirth® Connect as you see fit. The following can be set in mirth.properties:

Property	Default Value	Description
encryption.algorithm	AES/CBC/PKCS5Padding	The algorithm to use for symmetric encryption. This applies to messages, exports, and anything that is used along with the keystore to encrypt / decrypt. You must include the explicit mode and padding settings with the algorithm. The mode must also require an initialization vector. Note: The default value is updated in version 4.3. If you did not explicitly set this property, then no action is needed. Mirth® Connect will automatically start using the new default. If you did explicitly set this property, then NextGen Healthcare highly recommends you to update it to include the mode/padding options as well. Support for "AES" (without any mode/padding specified) will be removed in a future version.
encryption.charset	UTF-8	The charset to use when encoding textual data into bytes before encryption.
encryption.keylength	128	The key length to use for symmetric encryption.
digest.algorithm	SHA256	The algorithm to use for generating cryptographically secure hashes / digests. This is used for creating salted hash values for user passwords. If you change this, all current passwords will no longer be valid, and will have to be reset by an administrator.
security.provider	org.bouncycastle.jce. provider.BouncyCastleProvider	The fully-qualified JCE/JCA provider class name to use. This provider is used for both symmetric encryption and password hashing.