Skip to main content
Solved

Changing the cipher used to generate client private keys for client certificates


Gergely (Sydney)
Vaulter
Forum|alt.badge.img+6

Hi All,

We are planning to change the cipher used to generate client private keys for client certificates to AES256-CBC but documentation says the Category is ‘CommServDB.GxGlobalParam’ for the key and the Additional settings doco (and the autofill when trying to add it) say it is ‘Session’.

Does someone know which one is it?

https://documentation.commvault.com/commvault/v11_sp20/article?p=136093.htm

https://documentation.commvault.com/additionalsetting/details?name=%22sPriKeyEncCipher%22&id=7965

Thanks

Best answer by Stuart Painter

Hi @Gergely (Sydney) 

Thanks for raising this query, I have raised this with Development and had some confirmations on correct values and where to apply.

The Additional Setting link sPriKeyEncCipher is correct, this needs to be placed under Session category.

Please note, you will need to add this setting to the Commserve and each client that is required to use the specified cipher.

On each client next certificate refresh, the new cipher will be used.

I will request Documentation is updated to show the correct values.

Thanks,

Stuart

View original
Did this answer your question?
If you have a question or comment, please create a topic

3 replies

Forum|alt.badge.img+15

Hi @Gergely (Sydney) 

Thanks for raising this query, I have raised this with Development and had some confirmations on correct values and where to apply.

The Additional Setting link sPriKeyEncCipher is correct, this needs to be placed under Session category.

Please note, you will need to add this setting to the Commserve and each client that is required to use the specified cipher.

On each client next certificate refresh, the new cipher will be used.

I will request Documentation is updated to show the correct values.

Thanks,

Stuart


Forum|alt.badge.img+15

Hi @Gergely (Sydney) 

On checking this further, the FR26 documentation lists the correct values, so this might just be an issue on earlier versions, but I’ll follow up with Documentation team to get those cleaned up:


FR26 - Changing the Ciphers Used to Generate Client Private Keys

Property Value
Setting Name sPriKeyEncCipher
Category Session
Type STRING
Values

3des (uses Triple DES in CBC mode, also known as 3DES CBC)

aes128 (uses 128-bit Advanced Encryption Standard in CBC mode, also known as AES 128 CBC)

aes256 (uses 256-bit Advanced Encryption Standard in CBC mode, also known as AES 256 CBC)

 

Thanks,

Stuart


Gergely (Sydney)
Vaulter
Forum|alt.badge.img+6

Thanks, it seems it was recently updated, FR24 as well, didn’t check the other versions.

Now it has the “Before you begin” section added, so we need to add the nForceSHA256 additional setting as well?


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings