Symmetric encryption protects communication between CA ControlMinder components and is implemented by encryption libraries. You use the sechkey utility to change the encryption library, and therefore change the symmetric encryption method.
You must have the ADMIN attribute to use sechkey.
Note: If CA ControlMinder is operating in FIPS-only mode, you cannot change the symmetric encryption method. CA ControlMinder operates in FIPS-only mode when the value of the fips_only configuration token in the crypto section is 1. This restriction prevents you from changing the encryption method to a non-FIPS compliant method.
Important! To avoid communication problems, use the same encryption method on all computers that run CA ControlMinder components.
To change the symmetric encryption method
If you are changing the encryption settings on a CA ControlMinder Enterprise Management server, also stop the CA ControlMinder Web Service.
If you are changing the encryption settings on a CA ControlMinder Enterprise Management server, also start the CA ControlMinder Web Service.
CA ControlMinder starts and encrypts communication with the new encryption method.
Example: Change the Symmetric Encryption Method to 3DES
The following command changes the symmetric encryption method to 3DES:
sechkey -m -sym tripledes
Note: For more information about the sechkey utility, see the Reference Guide.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|