CA Workload Automation Agents

Expand all | Collapse all

Using AES encryption in ESP

Jump to Best Answer
  • 1.  Using AES encryption in ESP

    Posted 01-24-2019 05:26 PM

    Can someone please confirm that agents under ESP can be set up with AES encryption? I assume as long as the encrypt key in the AGENTDEF file matches the 32-digit key supplied during the agent install it will work.

     

    Thanks,

    Denise



  • 2.  Re: Using AES encryption in ESP
    Best Answer

    Posted 01-24-2019 05:33 PM

    Hi Denise, 

    To use AES it must use a keyname in the AGENTDEF file. Below are the steps to set it up. I cut and pasted and now every step is step 1.....I love it...

     

    How to set up AES encryption: Quick steps.

     

    1. To create the key issue the command below in ESP pagemode:

    CRYPTKEY DEFINE KEYNAME(DONKEY1) KEY(X'0102030405060708091A1B1C1D1E1F01') AES

     

    1. Define the AGENT in the AGENTDEF file:

    AGENT AGENTU_SFTP ADDRESS(10.130.226.51) PORT(7521) UNIX ASCII TCPIP -

    PREFIXING ENCRYPT KEY(DONKEY1)

     

    1. Load the AGENTDEF file:

    OPER LOADAGDF 'DSN.DSN.DSN.PARMLIB(AGENTDEF)'

     

    1. Define the key in the agent. In the agenthome directory issue the command below:

    keygen 0x0102030405060708091A1B1C1D1E1F01 AES

     

    Bounce the agent so it takes effect.

     

    AES 256

    1. Go to the link below.
      1. https://docops.ca.com/ca-workload-automation-system-agent/11-3/en/configuring/set-up-security/enable-256-bit-encryption

     

     

    1. Go here to download 2 files
      1. http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

     

    1. Go to this directory agenthome/jre/lib/security/
      1. Rename local_policy.jar and US_export_policy.jar to .old

     

    1. Copy the new files into the directory.

     

    1. Stop and start the agent.

     

    Don/2¢



  • 3.  Re: Using AES encryption in ESP

    Posted 01-24-2019 05:41 PM

    Hi Denise, 

    Below is a link to the techdoc. It has the same info

    How to set up AES encrypted communication between - CA Knowledge 



  • 4.  Re: Using AES encryption in ESP

    Posted 01-25-2019 10:55 AM

    Yes, this does work can you provide additional details as to what issue you are having?

     

    In ESP Workload Manager you can use Page Mode commands to see "issues" when things do not work.

     

    AGENT command shows "Last connect failed", while ESPCOM command shows "Send err"

     

    AGENT LJ_LINUX64                                               
    LJ_LINUX64                                                     
     Encryption(AES), Keyname(AESKEY)                              
     Active                                                        
      Last connect failed at 09.24.35 on FRIDAY JANUARY 25TH, 2019 


    ESPCOM DEST (LJ_LINUX64)                                                       
    Destination name|status|     last operation     | sent |queued|
    LJ_LINUX64      |active|Send err 09.20.35 25 JAN|     0|     1|

     

    If you check on the agent side in the log directory the receiver.log will provide additional details.

     

    receiver.log - mismatched encryption types
    cybermation.library.communications.CybConversationException: Unexpected encryption type. AES received. DES expected.

     

    receiver.log - same encryption type of AES, but MF using 128-bit AES and Agent using 256-bit AES

    cybermation.library.communications.CybConversationException: Bad padding