AES Encryption Cryptographic keys for Appworx
search cancel

AES Encryption Cryptographic keys for Appworx


Article ID: 231063


Updated On:


CA Automic Applications Manager (AM)


What  level of  encryption is used by Applications Manager?


Release : 9.3x

Component :CA Automic Applications Manager


Applications Manager passwords are encrypted using AES as described in the last paragraph in the doc link below:
Login passwords are encrypted using AES (Advanced Encryption Standard also known as Rijndael, which is a block cipher adopted as an encryption standard by the US government) instead of a proprietary algorithm. 

Additionally, Applications Manager's processes are a Java process so the Master to Agent connections using an encryption which is decided by Java and Java's file. Please refer to Oracle for more information about the file. Basically when an Agent tries to connect to the master, the java process negotiate which each other and then use the more secure encryption. To better understand this, you will have to enable debug on the Agent and/or Master. 

Below is an example snippet from one of the  Agent logs at start up. Its shows the Agent sending a handshake to the master, and then the encryption type is logged in bold. To make sure the list of encryptions available to be used is the most secure, you will generally need to make sure Java on both master/agent is the latest compatible version and that any unsecure or unwanted encryptions is disabled via the file:

xx:xx:xx:xxx  AgentService: .AgentService: createSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService: .AgentSocketManager: addRmiSocket Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService:: .B: Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService: .AgentSocketManager: sendHandshake Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xx HandshakeCompletedNotify-Thread: .AgentService: using SSL cipher suite: TLS_AES_128_GCM_SHA256
xx:xx:xx:xxx  AgentService:: .AgentSocketManager: sendHandshake completed Socket[addr=xxxxx,port=xxxx,localport=xxxx]
xx:xx:xx:xxx  AgentService:: .AgentService: connected to Master Socket[addr=xxxxx,port=xxxx,localport=xxxx]

You can see the encryption above to be listed as TLS_AES_128_GCM_SHA256.