Configuring the public key
BMC Remedy Encryption Performance Security and BMC Remedy Encryption Premium Security use the RSA algorithm for public key cryptography to exchange private keys. This key exchange occurs at the beginning of the API session and when the data encryption keys expire.
If the server's security policy is changed while a client is running, the client connections using the old policy automatically perform a key exchange to create keys that correspond to the new policy.
To configure the cryptograhic algorithm and size of the public key
- Log on to the appropriate BMC Remedy AR System server.
- Open the AR System Administration Console.
- Click System > General > Server Information.
- In the AR System Administration: Server Information form, click the Encryption tab.
- In the New Encryption Settings: Public Key Details area, select one of these data encryption algorithm options:
Server configuration file setting
512-bit RSA key. Default for standard security.
1024-bit RSA key. Default for BMC Remedy Encryption Performance Security.
2048-bit RSA key. Default for BMC Remedy Encryption Premium Security.
The available algorithms depend on the type of encryption installed and the setting of the FIPS Enabled option.
- (Optional) In the Key Expire Interval field, specify a different life span for the key in seconds.
The default is 86400 seconds (24 hours). At the end of the specified time, the key expires, and the server generates a new key.In the AR System server configuration file, this setting is specified as follows:
Generating keys more frequently provides higher security at some marginal impact to performance.
- Click Apply.
- Restart the server.
- Relog on to any clients that are connected to the server.