Generating an AES key

Edit online

IBM® Security QRadar® EDR provides an action to generate an AES key that you can use to encrypt your data backups.

Before you begin

Install the cpctl command-line interface (CLI) utility. For more information, see Installing the cpctl utility to access support actions.

About this task

An AES key is used for asymmetric encryption that meets AES standards. QRadar EDR supports AES-128 GCM, AES-192 GCM, and AES-256 GCM keys.

Procedure

  1. To ensure that the list of available cpctl actions is up to date, type the following command. 
    cpctl load
    The cpctl load command retrieves all available actions that can be run on QRadar EDR. The actions are cached to your local environment.
  2. Generate an AES key by typing one of the following commands.
    • To generate an AES-256 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
    • To generate an AES-192 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
    • To generate an AES-128 GCM key:
      cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 16
    In the following example output, pyNnwX,U7YUKGMTe.JKqP2O1i2L.M8gE is the generated AES-256 GCM key.
    ./cpctl tools generate_backup_aes_key --token "$(oc whoami -t)"
Executing playbook generate_backup_aes_key.yaml

- localhost on hosts: localhost -
Gathering Facts...
  localhost ok
[Login] Validate...
[Login] Token...
  localhost done | stdout: 
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
  localhost ok
Display Key...
  localhost ok: {
    "changed": false,
    "msg": "\"Your generated AES key is: `pyNnwX,U7YUKGMTe.JKqP2O1i2L.M8gE` \nPlease save this as it cannot be recovered\"\n"
}

- Play recap -
  localhost                  : ok=4    changed=1    unreachable=0    failed=0    rescued=0    ignored=0
    In the following example output, zm2NxWUpnw.lJ6wb_HUuse,3 is the generated AES-192 GCM key.
    ./cpctl tools generate_backup_aes_key --token "$(oc whoami -t)" --key_length 24
Executing playbook generate_backup_aes_key.yaml

- localhost on hosts: localhost -
Gathering Facts...
  localhost ok
[Login] Validate...
[Login] Token...
  localhost done | stdout: 
[INFO] Logging in via token...
Fail if requested length is invalid...
Generate AES Key...
  localhost ok
Display Key...
  localhost ok: {
    "changed": false,
    "msg": "\"Your generated AES key is: `zm2NxWUpnw.lJ6wb_HUuse,3` \nPlease save this as it cannot be recovered\"\n"
}

- Play recap -
  localhost                  : ok=4    changed=1    unreachable=0    failed=0    rescued=0    ignored=0