AES Encryption Cryptographic keys for Appworx
search cancel

AES Encryption Cryptographic keys for Appworx

book

Article ID: 231063

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

What  level of  encryption is used by Applications Manager?

Environment

Release : 9.3x

Component :CA Automic Applications Manager

Resolution

Applications Manager passwords are encrypted using AES as described in the last paragraph in the doc link below:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/applications-manager/9-3-5/Administration_Guide/Applications_Manager_Security.html
Login passwords are encrypted using AES (Advanced Encryption Standard also known as Rijndael, which is a block cipher adopted as an encryption standard by the US government) instead of a proprietary algorithm. 

Additionally, Applications Manager's processes are a Java process so the Master to Agent connections using an encryption which is decided by Java and Java's java.security file. Please refer to Oracle for more information about the java.security file. Basically when an Agent tries to connect to the master, the java process negotiate which each other and then use the more secure encryption. To better understand this, you will have to enable debug on the Agent and/or Master. 

Below is an example snippet from one of the  Agent logs at start up. Its shows the Agent sending a handshake to the master, and then the encryption type is logged in bold. To make sure the list of encryptions available to be used is the most secure, you will generally need to make sure Java on both master/agent is the latest compatible version and that any unsecure or unwanted encryptions is disabled via the java.security file:

xx:xx:xx:xxx  AgentService: .AgentService: createSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService: .AgentSocketManager: addRmiSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService:: .B: Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService: .AgentSocketManager: sendHandshake Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xx HandshakeCompletedNotify-Thread: .AgentService: using SSL cipher suite: TLS_AES_128_GCM_SHA256
xx:xx:xx:xxx  AgentService:: .AgentSocketManager: sendHandshake completed Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService:: .AgentService: connected to Master Socket[addr=xxxxx,port=xxxx,localport=xxxx]

You can see the encryption above to be listed as TLS_AES_128_GCM_SHA256.

Powered by Wolken Software