ESP Workload Automation

  • 1.  ESP Agent Encryption

    Posted May 11, 2018 03:53 PM

    Looks like we are going to change our encryption key around once a quarter for some of our agents, how do others generate the key? Is there some type of software that is used to randomly generate the key? This would be for AES.


    Thank you.

    Sharon



  • 2.  Re: ESP Agent Encryption
    Best Answer

    Posted May 11, 2018 04:01 PM

    Hi Sharon, 

    The key is created by the CRYPTKEY command in pagemode and the keygen command in the agent.  The key that is created by those commands is what is important. I have included my steps. 

     

    How to set up AES encryption: Quick steps.

     

    1. To create the key issue the command below in ESP pagemode:

    CRYPTKEY DEFINE KEYNAME(DONKEY1) KEY(X'0102030405060708091A1B1C1D1E1F01') AES

     

    1. Define the AGENT in the AGENTDEF file:

    AGENT AGENTU_SFTP ADDRESS(10.130.226.51) PORT(7521) UNIX ASCII TCPIP -

    PREFIXING ENCRYPT KEY(DONKEY1)

     

    1. Load the AGENTDEF file:

    OPER LOADAGDF 'DSN.DSN.DSN.PARMLIB(AGENTDEF)'

     

    1. Define the key in the agent. In the agenthome directory issue the command below:

    keygen 0x0102030405060708091A1B1C1D1E1F01 AES

     

    Bounce the agent so it takes effect.

     

    Don



  • 3.  Re: ESP Agent Encryption

    Posted May 14, 2018 07:06 AM

    Hello Don,

     

    I'm good with defining the encryption key as we have been updated many of ours, the question I have is what do folks use to generate a random key as starting soon in one of our environments we will have to update our key probably quarterly and was looking for suggestions on how other users come of with the key to use. I can make one up but was looking for suggestions for the best method to generate it.

     

    Thank you.

    Sharon



  • 4.  Re: ESP Agent Encryption

    Posted May 14, 2018 07:38 AM

    I did a Google search on "generate encryption key" and found

    https://passwordsgenerator.net/

     

    Search "password generator" and found:

    https://www.lastpass.com/password-generator

    https://www.roboform.com/password-generator



  • 5.  Re: ESP Agent Encryption

    Posted May 14, 2018 10:14 AM

    Thank you!



  • 6.  Re: ESP Agent Encryption

    Posted May 14, 2018 10:13 AM

    Thanks for the call today!



  • 7.  Re: ESP Agent Encryption

    Posted May 14, 2018 08:47 AM

    Hello,

     

    I guess, the choice of the generator engine should be made by your staff responsible for overall security on the network; there are many publicly available generators, yet your developers might created it by a proprietary programming, for instance, with java KeyGenerator method. 

    NB. Our utilities do not generate the keys but only encrypt provided values.

     

    Best regards,

    Mikhail Nemtsev

     



  • 8.  Re: ESP Agent Encryption

    Posted May 14, 2018 10:14 AM

    Thank you!



  • 9.  Re: ESP Agent Encryption

    Broadcom Employee
    Posted May 14, 2018 09:13 AM

    Hi Sharon,

    There are lots of random generators out there.  Best ones would be something you can trust and control.  Linux has several simple utilities that can be used to generate a long string or password.

    Here is a simple example that will generate 16 character string.

    date | md5sum | sha256sum | tr -dc a-f0-9 | cut -b 1-16

     

    Or use the Linux random dev

    head /dev/urandom | tr -dc A-F0-9 | head -c 16 ; echo ''

     

    There are several other ways to do this.  You can write a script and generate string for the keys.

     

    Thank you,

    Nitin Pande

    CA Technologies.

     



  • 10.  Re: ESP Agent Encryption

    Posted May 14, 2018 10:14 AM

    Thank you!