How to setup AES encryption for system agent on R11.3 agents?

Document ID : KB000022072
Last Modified Date : 14/02/2018
Show Technical Document Details

Question: 

How to setup AES encryption for system agent on R11.3 agents?

Answer: 

In order to use AES, users will have to create a key and edit the agentparm.txt file.

  1. Set the encryption on the agent using the keygen utility.

  2. Enter the following command at the command prompt:

    keygen 0xkey cipher destination

    Example:

    keygen 0x1020304050607080 AES /path/to/cryptkey.txt

  3. Shutdown the agent and edit agentparm.txt.

    1. Edit the following parameter to specify the encryption key:

      security.cryptkey
      Set security.cryptkey=/path/to/cryptkey.txt

    2. Add/set the following parameter for the agent to use the FIPS-certified library and cipher algorithm in agentparm.txt

      security.jce.fips=true

  4. Save the agentparm.txt and start the agent.

Note: The scheduler must also have the same encryption key setup in the topology or agentdef.