9.23.2 Encryption Profile

In the Encryption Profile you make encryption configurations to be used by the Encryption agent.

Configuration

To create a new Encryption profile, click the New Configuration button in the upper left part of the Desktop window, and then select Encryption Profile  from the menu.

Encryption profile

Menus

The contents of the menus in the menu bar may change depending on which configuration type that has been opened in the currently displayed tab. The Encryption profile uses the standard menu items and buttons that are visible for all configurations, and these are described in 2.1 Menus and Buttons.

The Edit menu is specific for the Encryption profile configurations.

ItemDescription

External References

Select this menu item to enable the use of External References in the Encryption profile configuration. This can be used to configure the following fields:

  • Key
  • KeyStore Path
  • Keystore password
  • Key Name
  • Key Password

For further information, see 8.11.4 Using External Reference in Agent Profile Fields and 8.11 External Reference Profile.

Settings

You have two options for configuring your keys; Directly Configured Key, and Read Key from Keystore.

Directly Configured Key

The following settings are available when selecting the Directly Configured Key option:

SettingDescription

Key

Enter a key manually, or click on the Random button to generate a random key.
Aglorithm

Select which algorithm you want to use; either AES-128 or AES-256.

Note!

In order to use AES-256, you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction 
Policy Files on the EC in order to run the workflow. See http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
for further information.

Read Key from Keystore

If you want a key to be read from a specific keystore, it must be a JCEKS keystore.

Example - How to create a symmetric crypto key

$ keytool -keystore test.ks -storepass password -storetype jceks -genseckey -keysize 128 -alias testkey -keyalg AES

The following settings are available when selecting the Read Key from Keystore option:

SettingDescription

Keystore Path

Enter the location of the JCEKS type keystore from which you want to read the key. 
Keystore PasswordEnter the relevant keystore password. 
Key NameIf required, enter the key name. 
Key PasswordThe Key Password fields is optional. You can enter the key password, or if you leave this field empty, the Keystore Password is the default.