cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ePO Encryption Algorithm

What type of encryption algorithms does ePO use for communication between the server and the agents?

15 Replies
rwood
Level 9
Report Inappropriate Content
Message 2 of 16

Re: ePO Encryption Algorithm

TLS if you select it.

Re: ePO Encryption Algorithm

is there a config file or configuration where the algorithm key can be change?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 16

Re: ePO Encryption Algorithm

No there is not.  What is the issue you are trying to resolve?  What exactly do you want to change and why?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: ePO Encryption Algorithm

Nothing to resolve. There is no issue. Just that my client has a policy that encryption key has to be change from time to time.

If it cant be change it is ok. I will just tell them that.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 16

Re: ePO Encryption Algorithm

Correct, you can't change anything with the communication keys on epo.  The only certificate you can update in epo is the browser cert.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: ePO Encryption Algorithm

Noted with much thanks. 🙂

Re: ePO Encryption Algorithm

another quick question.

Client is running thru audit and keep bugging me tons of question.

since it can't be change. I would consider it hardcoded.

Can the key be at least viewed in a config file? or totally inaccessible?

Re: ePO Encryption Algorithm

my client concern on encryption algorithm on epo

Things to concern:-
1) dual control key by client and the key cannot hold or know by vendor.
2) where is the key location
3) what is the encrypted key algorithm - aes (128, 256), triple des
4) how the control on the key folder.
5) we need to change the key every 5 years.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 16

Re: ePO Encryption Algorithm

Things to concern:-
1) dual control key by client and the key cannot hold or know by vendor.

We do not hold any keys and they are not known by us as vendor.  They are unique to every install of epo and customer.
2) where is the key location

epo uses several keys - there is the server side keystore for apache to tomcat communications and the server private key - kept in server\keystore where epo is installed.  Agent communication and repository keys are in db\keystore, apache certs are in apache2\conf\ssl.crt.  Agent certs are in c:\programdata\mcafee\agent\keystore.

3) what is the encrypted key algorithm - aes (128, 256), triple des

You can view key algorithm in the certs - sha256rsa
4) how the control on the key folder.

agent keys are protected by the agent self protection and epo/agent handler certs need the permissions placed on install for system so they are accessible by epo - basically as secure as physical access to your server is.
5) we need to change the key every 5 years.

Only browser cert can be changed.  Otherwise you would need to reinstall new epo every 5 years and migrate all your systems over to it, which is really not a feasible plan.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community