Generating an AES key

New in 1.10.12 IBM Security QRadar® Suite Software provides an action to generate an AES key that you can use to encrypt your data backups.

Before you begin

Install the command-line interface (CLI) utility cpctl from the cp-serviceability pod. For more information, see Installing the cpctl utility.

About this task

An AES key is used for asymmetric encryption that meets AES standards. QRadar Suite Software supports AES-128 GCM, AES-192 GCM, and AES-256 GCM keys.

Procedure

  1. To ensure that the list of available cpctl actions is up to date, enter the following command. 
    cpctl load
    The cpctl load command retrieves all of the available actions that can be run on QRadar Suite Software. The actions are cached to your local environment.
  2. Generate an AES key by typing one of the following commands.
    • To generate an AES-256 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
    • To generate an AES-192 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
    • To generate an AES-128 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
    In the following example output, pyNnwX,U7YUKGMTe.JKqP2O1i2L.M8gE is the generated AES-256 GCM key.
    ./cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
Executing playbook generate_backup_aes_key.yaml

- localhost on hosts: localhost -
Gathering Facts...
  localhost ok
[Login] Validate...
[Login] Token...
  localhost done | stdout: 
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
  localhost ok
Display Key...
  localhost ok: {
    "changed": false,
    "msg": "\"Your generated AES key is: `pyNnwX,U7YUKGMTe.JKqP2O1i2L.M8gE` \nPlease save this as it cannot be recovered\"\n"
}

- Play recap -
  localhost                  : ok=4    changed=1    unreachable=0    failed=0    rescued=0    ignored=0
    In the following example output, zm2NxWUpnw.lJ6wb_HUuse,3 is the generated AES-192 GCM key.
    ./cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
Executing playbook generate_backup_aes_key.yaml

- localhost on hosts: localhost -
Gathering Facts...
  localhost ok
[Login] Validate...
[Login] Token...
  localhost done | stdout: 
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
  localhost ok
Display Key...
  localhost ok: {
    "changed": false,
    "msg": "\"Your generated AES key is: `zm2NxWUpnw.lJ6wb_HUuse,3` \nPlease save this as it cannot be recovered\"\n"
}

- Play recap -
  localhost                  : ok=4    changed=1    unreachable=0    failed=0    rescued=0    ignored=0