cancel
Showing results for 
Search instead for 
Did you mean: 
lexus
Level 7
Report Inappropriate Content
Message 1 of 5

[ePO 4.6] Keystore on managed system

Jump to solution

Hi,

i'm looking for an answer about the keystore on a managed system : why is it  possible, for a simple user, to access at all keys in read mode?

Could you tell me what is the use of these keys?

  • agentprvkey.bin
  • agentpubkey.bin
  • serverpubkey.bin
  • serverreqseckey.bin

Thanks for all.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee jstanley
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: [ePO 4.6] Keystore on managed system

Jump to solution

Users can read the files but VSE AP rules should prevent them from being modified/deleted. The files are obfuscated and encrypted so their is not much the users can do with read only access anyway. They are used for encrypting/decrypting traffic between the agent and ePO. The names suggest their use but here it is explicitly:

  • agentprvkey.bin = Agent Private Key
  • agentpubkey.bin = Agent Public Key
  • serverpubkey.bin = ePO Server Public Key
  • serverreqseckey.bin = ePO Server’s Request Secret Key
4 Replies
Highlighted
McAfee Employee jstanley
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: [ePO 4.6] Keystore on managed system

Jump to solution

Users can read the files but VSE AP rules should prevent them from being modified/deleted. The files are obfuscated and encrypted so their is not much the users can do with read only access anyway. They are used for encrypting/decrypting traffic between the agent and ePO. The names suggest their use but here it is explicitly:

  • agentprvkey.bin = Agent Private Key
  • agentpubkey.bin = Agent Public Key
  • serverpubkey.bin = ePO Server Public Key
  • serverreqseckey.bin = ePO Server’s Request Secret Key
lexus
Level 7
Report Inappropriate Content
Message 3 of 5

Re: [ePO 4.6] Keystore on managed system

Jump to solution

Hi, i have an other question.

Please, could you tell me exactly when and why the "ePO Server’s Request Secret Key" is used?

Is it just used for initiate the connection between the Agent to the server ?

Thanks for all

Ce message a été modifié par: lexus on 24/09/12 04:45:12 CDT
lexus
Level 7
Report Inappropriate Content
Message 4 of 5

Re: [ePO 4.6] Keystore on managed system

Jump to solution

Did someone have an answer please?

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: [ePO 4.6] Keystore on managed system

Jump to solution

It's used to secure the initial exchange of keys between agent and server, so that the agent's key (which is created on the client machine) can be securely sent back to the server.

HTH -

Joe

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community