Generating an AES key

Edit online

IBM® Security QRadar® EDR provides an action to generate an AES key that you can use to encrypt your data backups.

Before you begin

Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.

About this task

An AES key is used for asymmetric encryption that meets AES standards. QRadar EDR supports AES-128 GCM, AES-192 GCM, and AES-256 GCM keys.

Procedure

  1. To ensure that the list of available cpctl actions is up to date, type the following command. 
    cpctl load
    The cpctl load command retrieves all available actions that can be run on QRadar EDR. The actions are cached to your local environment.
  2. Generate an AES key by typing one of the following commands.
    • To generate an AES-256 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
    • To generate an AES-192 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
    • To generate an AES-128 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
    The expected output is as follows:
    cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
Executing playbook generate_backup_aes_key.yaml

- localhost on hosts: localhost -
Gathering Facts...
  localhost ok
[Login] Validate...
[Login] Token...
  localhost done | stdout:
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
  localhost ok
Ensure the directory exists for storing the key...
  localhost done
Save the AES key to a file...
  localhost done
Command to copy file...
  localhost ok: {
    "changed": false,
    "msg": "On your terminal, extract the AES key by running the command: POD=$(oc get pod --no-headers -lrun=cp-serviceability | cut -d' ' -f1) && oc cp $POD:/tmp/backup_keys/aes_key.txt path/to/save/file/to\n"
}
Command to clean pod...
  localhost ok: {
    "changed": false,
    "msg": "Remove the AES Key by running the command: oc exec $POD -- rm /tmp/backup_keys/aes_key.txt"
}

- Play recap -
  localhost                  : ok=7    changed=3    unreachable=0    failed=0    rescued=0    ignored=0
    You can retrieve the AES key by running the following command:
    POD=$(oc get pod --no-headers -lrun=cp-serviceability | cut -d' ' -f1) && oc cp $POD:/tmp/backup_keys/aes_key.txt path/to/save/file/to