Configure the 256-bit encryption key (optional)

After the 128-bit key is configured through the Edge Encryption proxy installer, you can optionally configure the AES 256-bit encryption key and set it as the default key. Use the encryption key to encrypt your data.

About this task

The encryption key is either a plain text file inside the /keys directory or a secret key inside a keystore. If you use a keystore for your 128-bit and 256-bit encryption keys, they must both use the same keystore. If you do not want to configure a 256-bit encryption key, click Skip.

Procedure

  1. Select the encryption key location.
    • File Store: Use a file to store a single encryption key. Use an existing file in the /keys directory or generate a new file. To generate a new file, enter an alias and click Generate. A file containing an encryption key is created.
      Note: This step selects both the key storage and the encryption key. If File Store is selected, click Next and go to step 5.
    • Create New Java KeyStore: Create a keystore to store the encryption key.
    • Java KeyStore File: Store the encryption key in an existing Java KeyStore file.
  2. Click Next.
  3. Select or create the encryption key.
    • New Key: Create an encryption key and alias.
      Note: The alias name (key name, key alias) must use lowercase letters and numbers, per Java KeyStore requirements. To find out more about the keytool utility, see the Java SE Documentation.
    • Use Existing Key: Use an existing encryption key in the selected keystore.
    • Import Existing Key: Import an encryption key from a different keystore.
  4. Click Next.
  5. Install the Java Cryptography Extension (JCE) and overwrite the policy files on the proxy server. See Optionally enable AES 256-bit encryption.
  6. Configure the 256-bit default encryption key on the instance by navigating to the instance and defining a default key. See Configure encryption keys on the instance. Ensure that the key alias, size, and type match the requirements defined in the installer.
  7. Once the key is configured on the instance, return to the installer and click Next.