Cryptographic Key Usage in VMware Aria Suite Lifecycle
Article ID: 322047
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
- The algorithm/tool used for generation of these keys are with the use of OpenSSL
- These keys are generated inside appliance itself during application initialization
Environment
Resolution
The Cryptographic keys used for internal communication in VMware Aria Suite Lifecycle and their respective properties are as below:
| Key Name | Purpose | Key Generation Method | Algorithm | Key Length | Key Lifetime | Key location path |
| encryptor_service.key | This is used for encrypting locker passwords , cert private keys and user passwords | AES | AES | 256 | No Lifetime | /opt/vmware/vlcm/cert/ |
| /etc/ssh/ssh_host_rsa_key | This is also generated using ssh-keygen.service using Edwards-curve Digital Signature Algorithm and elliptic curve cryptography | SSH KeyGen Service, Elliptic curve cryptography | Edwards-curve Digital Signature Algorithm | No Lifetime | ||
| ./etc/ssh/ssh_host_ed25519_key | ||||||
| ./etc/ssh/ssh_host_ecdsa_key | ||||||
| signature.key | Coming from VMware Appliance Management Interface | NA | NA | NA | NA | /opt/vmware/var/lib/vami/update/data/ |
| vmware-packaging-gpg-rsa-pub.key | Loginsight Agent Purpose | RSA (Encrypt or Sign) (0x1) | RSA (Encrypt or Sign) (0x1 | 269 | No Lifetime | /usr/lib/loginsight-agent/ |
| server.key | These are used by vRSLCM to generate certificate ( vRSLCM Web Server ) | SHA-256 With RSA Encryption | rsaEncryption | 2048 | No Lifetime for Key | /opt/vmware/vlcm/cert/ |
| Cert has 5 years validity | ||||||
| vco-cli-package-signing.keystore | Content Management | /opt/vmware/vlcm/blackstone/scripts/ | ||||
| vco-cli-package-signing.keystore | Content Management ( Backup of the previous file ) | /opt/vmware/vlcm/blackstone_bkp/scripts/ |
Feedback
Yes
No
Powered by
