Setting the AES encryption key size for the PATROL Agent
PATROL Agents use the Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) encryption to decrypt the BMC Helix Operations Management policy passwords. AES is more secure than its predecessors Data Encryption Standard (DES) and triple DES, as the algorithm is stronger, uses longer key lengths, and enables faster encryption than DES. PATROL Agent supports AES in two key sizes: 256-bit and 128-bit. By default, the PATROL Agent is AES 256-bit compliant.
Current version of the PATROL Agent is backward compatible with the older encryption mechanisms. By default, current version of the PATROL Agent encrypts the data in AES format. If the pre-existing data is encrypted using older encryption mechanism, such as DES, the data is decrypted and re-encrypted in AES format in the current version.
To set the AES encryption size
Due to import regulations in some countries, AES 256-bit encryption is not allowed. You need to select the appropriate encryption key size by setting the
BMC_TS_KEY_SZ environment variable as shown in the following code block:
#Microsoft Windows set BMC_TS_KEY_SZ=128 #Unix export BMC_TS_KEY_SZ=128
- BMC_TS_KEY_SZ environment variable can be set to either 128 or 256 depending on the requirement.
Log in or register to comment.