How the Edge SWG SGOS encrypts TLS/SSLkeyrings private keys, in particular which cryptography algorithm is used

The private key is never "exposed". If the system admin need to read it, then in the CLI "enable", "conf-t" mode the "security private-key-display" command has to be executed, example:

• EdgeSWG#(config)security private-key-display ?
   aes128-cbc                   Display private keys using AES128-CBC encryption
   aes256-cbc                   Display private keys using AES256-CBC encryption
   none                               Do not display private keys in config output
   passphrase                   Define a passphrase to use when encrypting private keys
   reset                              Clear private-key-display settings
   unencrypted                  Display private keys unencrypted

Thanks to the above the keyrings private keys can be exposed in the "show config" command, either "unencrypted" or encrypted thanks to "aes256-cbc" or "aes128-cbc" algorithms.

Recapping: the available cryptography algorithms used to expose the SSL keyrings private keys are "aes256-cbc" and "aes128-cbc".

Refer to SGOS 7.4 admin manual "# (config) security private-key-display" chapter.