1) I would like to know which key will be used to encrypt the shared secret before sharing the same with web agent? I hope it is Policy Store key. Please confirm.
Note : I am aware that Policy Store key will be used for encryption (before storing in PStore) as it is sensitive information.
2) If the PS is in FIPS ONLY mode, will AES algorithm be used only for encrypting the session keys or will it be used (instead of RC2) even for encrypting any sensitive information in Policy Store, Encrytionkey.txt file and smregistry?
3) When Policy Store details will be cached in Policy Server? Will policy server caches all the policy store details during startup itself or is it similar to webagent cache (will update when that corresponding resource is accessed)?
Regarding first point, I think policy server will not share the encrypted shared secret key. But, the web agent will be using
Please confirm if my understanding is correct.
Tech Tip : CA Single Sign-On : Data Protection, Key Management,Configuration & Common Issues
Is SmHost generated from SDK Portable ?
Regarding second point, if the PS in FIPS ONLY mode, I hope AES algorithm will only be used for all the encryption (Policy Store, Encrytionkey.txt, smregistry file and even password blob of user store). Please confirm.