Workload Automation Agents

 View Only
  • 1.  Using AES encryption in ESP

    Posted Jan 24, 2019 05:26 PM

    Can someone please confirm that agents under ESP can be set up with AES encryption? I assume as long as the encrypt key in the AGENTDEF file matches the 32-digit key supplied during the agent install it will work.

     

    Thanks,

    Denise



  • 2.  Re: Using AES encryption in ESP
    Best Answer

    Posted Jan 24, 2019 05:33 PM

    Hi Denise, 

    To use AES it must use a keyname in the AGENTDEF file. Below are the steps to set it up. I cut and pasted and now every step is step 1.....I love it...

     

    How to set up AES encryption: Quick steps.

     

    1. To create the key issue the command below in ESP pagemode:

    CRYPTKEY DEFINE KEYNAME(DONKEY1) KEY(X'0102030405060708091A1B1C1D1E1F01') AES

     

    1. Define the AGENT in the AGENTDEF file:

    AGENT AGENTU_SFTP ADDRESS(10.130.226.51) PORT(7521) UNIX ASCII TCPIP -

    PREFIXING ENCRYPT KEY(DONKEY1)

     

    1. Load the AGENTDEF file:

    OPER LOADAGDF 'DSN.DSN.DSN.PARMLIB(AGENTDEF)'

     

    1. Define the key in the agent. In the agenthome directory issue the command below:

    keygen 0x0102030405060708091A1B1C1D1E1F01 AES

     

    Bounce the agent so it takes effect.

     

    AES 256

    1. Go to the link below.
      1. https://docops.ca.com/ca-workload-automation-system-agent/11-3/en/configuring/set-up-security/enable-256-bit-encryption

     

     

    1. Go here to download 2 files
      1. http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

     

    1. Go to this directory agenthome/jre/lib/security/
      1. Rename local_policy.jar and US_export_policy.jar to .old

     

    1. Copy the new files into the directory.

     

    1. Stop and start the agent.

     

    Don/2¢



  • 3.  Re: Using AES encryption in ESP

    Posted Jan 24, 2019 05:41 PM

    Hi Denise, 

    Below is a link to the techdoc. It has the same info

    How to set up AES encrypted communication between - CA Knowledge 



  • 4.  Re: Using AES encryption in ESP

    Posted Jan 25, 2019 10:55 AM

    Yes, this does work can you provide additional details as to what issue you are having?

     

    In ESP Workload Manager you can use Page Mode commands to see "issues" when things do not work.

     

    AGENT command shows "Last connect failed", while ESPCOM command shows "Send err"

     

    AGENT LJ_LINUX64                                               
    LJ_LINUX64                                                     
     Encryption(AES), Keyname(AESKEY)                              
     Active                                                        
      Last connect failed at 09.24.35 on FRIDAY JANUARY 25TH, 2019 


    ESPCOM DEST (LJ_LINUX64)                                                       
    Destination name|status|     last operation     | sent |queued|
    LJ_LINUX64      |active|Send err 09.20.35 25 JAN|     0|     1|

     

    If you check on the agent side in the log directory the receiver.log will provide additional details.

     

    receiver.log - mismatched encryption types
    cybermation.library.communications.CybConversationException: Unexpected encryption type. AES received. DES expected.

     

    receiver.log - same encryption type of AES, but MF using 128-bit AES and Agent using 256-bit AES

    cybermation.library.communications.CybConversationException: Bad padding



  • 5.  RE: Re: Using AES encryption in ESP

    Posted Aug 07, 2020 04:55 PM

    When installing a new agent can you define the encryption key that is provided using the agent install and define that on the schedule manager. I have tried this but in the page mode I get a send err and in the receiver.log I get the following message

    Invalid message header, invalid protocol type

    in the transmitter log this is what I get.
    bad padding error can provide log files if that helps.

    here is the agentdef listing
    AGENT WNT00065 ADDRESS(WNT00065) PORT(7520) NT ASCII -
         TCPIP  PREFIXING ENCRYPT KEYNAME(WNT65)      

    cryptkey listing
    Key name, Encryption format                                
    WNT65, Encryption format AES                               
      Last update by D57219N at 15.58 on FRIDAY AUGUST 7TH, 2020

    the command used to generate the key in pagemode

    cryptkey define keyname(wnt65) keyname(the key without the 0x on the front) AES

    any help is greatly appreciated    



    When you are installing an agent can you use the AES key generated at the time to define on the MF side as the AES key?

    I have tried this and receive the following errors 

    Receiver.log 
    cybermation.library.communications.CybConversationException: Invalid message header, invalid protocol type

    Transmitter.log
    Caused by: java.lang.IllegalStateException: Bad padding

    pagemode key listing
    Key name, Encryption format
    WNT65, Encryption format AES
    Last update by D57219N at 15.58 on FRIDAY AUGUST 7TH, 2020

    command used to define the key
    cryptkey define keyname(wnt65_AES) key(key generated without the 0x on the front) AES

    agentdef listing
    AGENT WNT00065 ADDRESS(WNT00065) PORT(7520) NT ASCII -
    TCPIP PREFIXING ENCRYPT KEYNAME(WNT65)

    any help is greatly appreciated. 
    Thanks 
    Dustin


    Invalid message header, invalid protocol type
    When installing a new agent can you define the encryption key that is provided using the agent install and define that on the schedule manager. I have tried this but in the page mode I get a send err and in the receiver.log I get the following message

    Invalid message header, invalid protocol type

    in the transmitter log this is what I get.
    bad padding error can provide log files if that helps.

    here is the agentdef listing
    AGENT WNT00065 ADDRESS(WNT00065) PORT(7520) NT ASCII -
         TCPIP  PREFIXING ENCRYPT KEYNAME(WNT65)      

    cryptkey listing
    Key name, Encryption format                                
    WNT65, Encryption format AES                               
      Last update by D57219N at 15.58 on FRIDAY AUGUST 7TH, 2020

    the command used to generate the key in pagemode

    cryptkey define keyname(wnt65) keyname(the key without the 0x on the front) AES

    any help is greatly appreciated