Need help converting an agent from DES to AES

Document ID : KB000126265
Last Modified Date : 06/02/2019
Show Technical Document Details
Introduction:

How to set up AES encryption between ESP and an agent. Quick steps. 
 

Background:
AES encryption provides a more secure connection between ESP and the agent.  The first steps below show how to configure AES 128 and can be easily accomplished with a few commands. If AES 256 encryption is required,  the second set of steps can be used to convert the agent from AES 128 to AES 256. Export restrictions apply to AES 256.  
Environment:
ESP 11.4 or higher
ESP system agent 11.3 or higher. 
PTF RO72049 must be applied.  
Instructions:

    1) Make sure PTF RO72049 is applied to ESP.  

    2) To create the key in ESP, issue the command below in pagemode.
         CRYPTKEY DEFINE KEYNAME(DONKEY1) KEY(X'0102030405060708091A1B1C1D1E1F01') AES

    3) Define the AGENT in the AGENTDEF file.
         AGENT AGENTU_SFTP ADDRESS(10.111.222.33) PORT(7521) UNIX ASCII TCPIP -
         PREFIXING ENCRYPT KEY(DONKEY1)

    4) Load the AGENTDEF file.
         OPER LOADAGDF 'DSN.DSN.DSN.PARMLIB(AGENTDEF)'

    5) Define the key in the agent. In the agenthome directory issue the command below.
         keygen 0x0102030405060708091A1B1C1D1E1F01 AES

    6) Bounce the agent so it takes effect.

AES 256 - There are special considerations due to export laws.
    1) Go to the link below. 
        a. https://docops.ca.com/ca-workload-automation-system-agent/11-3/en/configuring/set-up-security/enable-256-bit-encryption
    
    2) Go here to download 2 files.
        a. http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    3) Go to this directory agenthome/jre/lib/security/ 
        a. Rename local_policy.jar and US_export_policy.jar to .old

    4) Copy the new files into the directory. 

    5) Stop and start the agent.