Making Changes to the Communication Layer (iSCALE)
The communication layer (iSCALE) connecting all components of the architecture is encrypted. Communication between all parts is an encrypted TCP/IP based connection. By default this communication is encrypted using AES 256 bit. ARC4 is available for use.
Change the encryption method and the key using keymgr. The program generates a file in the lib directory of a Sentinel installation ($ESEC_HOME/lib or %ESEC_HOME%\lib) called .keystore. This file must be copied to each machine that has an e-Security component installed.
Best pratices recommends that the default security key be changed to provide unique encryption and authentication parameters.
Making key changes or enable other encryption methods
- For Solaris, login as esecadm. For Windows, login as a user with administrative rights.
- cd to:
- Run the following script:
âjar keymgr.jar --keyalgo
This will allow you to set your encryption method. A file called .keystore will be created in the lib directory.
NOTE: Another method of executing this command is:
java -cp keymgr.jar;bcprov-jdk14-118.jar
4.Copy .keystore to each machine with a Sentinel component installed. The file should be copied to:
5.If the Sentinel environment is set for Windows Authentication, skip this step.
§On the machine where DAS is installed, cd to:
§run the following commands:
dbconfig.bat -a . -p
-a . -p
§Restart all services for .keystore to be reloaded.
NOTE: For more information about the dbconfig command, go the Sentinel Reference User's Guide â Sentinel Data Access Service.