Aes-256 or aes-128 bit

Hello
I'm trying to keep the CPU down as much as possible on my ASA-5540. We're running 8.2.5 on it. We have a bout 80 active IPSec tunnels so far, all which are using AES-256 bit for phase1/2, 75 of the tunnels are mostly ezy vpn connections. Currently the CPU during peak usage is averaging around 22%.  We're planning on having over 1000 IPsec connections, mostly will be remote vpn access with about 170 of them ezy vpn and 250 l2l tunnels.
Is there any noticable CPU performance gain by using AES-128 bit instead of AES-256 on the phase2?
Thanks,
John

Just wondering if someone out there has noticed any performance gains by using AES-128 instead of AES-256. I'm trying standardize on a policy going forward.
Thanks!

Similar Messages

  • Generating AES 256 bit key using seed

    Hi
    As part of encryption requirements for encrypting the body of the SOAP Message while calling an external Web Service, it is requried to encrypt using a shared symmetric key.
    First step is to create a password digest
    Base64(sha1(nonce + createdTimestamp + password)) - This step is working completely fine and produces a 160 bit Hash
    The next step is to generate an AES 256 bit key using the above hash as the Seed. This should generate a 256 bit encrytpion key which can then be used to encrypt the message body.
    Would appreciate if anyone who knows how to generate AES 256 bit key using a hash seed in Java (v1.4.2) can provide some guidance.
    P:S. I am using WSS4J API to use WS-Security

    I have to generate 256-bit AES key with a 128-bit IV using the above password digest and the IV used for in the creation of the AES key prefixes the cipher text.
    The external WebService is .net webservice.
    Edited by: GUPTAG on Nov 25, 2008 3:05 AM

  • Download to support 128 bit encryption

    since trying to download 4.0 version I cannot open firefox at all and need 128 bit encryption that was available prior to 4.0

    Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
    *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
    128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
    128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
    Firefox supports AES-256 since 2002, so that is already more than 10 years.
    * https://www.fortify.net/sslcheck.html

  • Does dictation use 128 bit encryption as icloud does?

    What kind of encryption does dictation use if any?  Is it comparable to the 128 bit encryption listed as being used for icloud communications?

    Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
    *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
    128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
    128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
    Firefox supports AES-256 since 2002, so that is already more than 10 years.
    * https://www.fortify.net/sslcheck.html

  • Does Mozilla support 128-bit encryption?

    To use IRS Business Services Online (http://www.socialsecurity.gov/employer/bsohbnew.htm), 128-bit encryption is needed. They say:
    "To determine whether your browser supports 128-bit encryption, select Help/About from your browser menu. Most browsers will display the phrase ?128-bit encryption? or "128-bit cipher strength.? If you are unsure whether your browser supports 128-bit encryption, contact the software company that developed the browser."
    But I can't seem to find this information on the about page or in online articles about encryption. Would you please help?

    Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
    *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
    128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
    128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
    Firefox supports AES-256 since 2002, so that is already more than 10 years.
    * https://www.fortify.net/sslcheck.html

  • Windows 8.1 Pro Bitlocker AES 256-bit cypher question

    Hi, all
    Have an odd situation I cannot make any sense of. I have a desktop PC running Windows 8.1 Pro. I launched gpedit.msc and changed Bitlocker’s cypher strength from the default AES 128-bit to AES 256-bit.
    I then connected a brand new Western Digital 4TB external drive (model WDBFJK0040HBK-04) to the PC via USB 3.0, and Bitlocker-encrypted the drive. Opened a command prompt window as administrator, ran “manage-bde –status” for the drive in question,
    which indicated the drive was encrypted with the 128 bit cypher strength, instead of 256 bits, as I had selected. Have unencrypted, rebooted and re-encrypted the drive time and again, always with the same results.
    When connecting the same external 4TB drive to a Windows Server 2012 R2 Essentials in which I had made the exact same changes via gpedit.msc,
    I can encrypt it with the 256-bit cypher strength, with no problems.
    No TPM is used in either scenario, just a passphrase.
    Anyone has any idea why my 256-bit setting is being ignored in the Windows 8.1 Pro machine?
    Thanks
    Arsene
    ArseneL

    Well, running rsop.msc in my Server 2012 R2 machine does show my 256-bit bitlocker setting took, however, running rsop.msc in my Win 8.1 Pro machine shows it did not, which explains the problem I am having.
    Now all I have to do is find out why my request is not taking, even though I am logged in as an admin.
    Thanks!!
    ArseneL

  • CF9 Encrypt with AES 256-bit, example anyone?

    Hi there. I'm looking for a working example of  the Encrypt method using the AES 256 bit key.  I think that I have the Unlimited Strength Jurisdiction Policy Files enabled.  And I'm still getting the CFError,
    The key specified is not a valid key for this encryption: Illegal key size. 
    Now i hit the wall, can't get it.  What wrong am i doing?  How can I verify that the policy files are installed and accessible to my cf file?  Any help is greatly appreciated.
    <cfset thePlainText  = "Is this working for me?" />
    Generate Secret Key (128):  <cfset AES128 = "#generatesecretkey('AES',128)#" /> <cfdump var="#AES128#"><BR>
    Generate Secret Key (192):  <cfset AES192 = "#generatesecretkey('AES',192)#" /> <cfdump var="#AES192#"><BR>
    Generate Secret Key (256):  <cfset AES256 = "#generatesecretkey('AES',256)#" /> <cfdump var="#AES256#"><BR><BR>
    <cfset theKey    = AES256 />
    <cfset theAlgorithm  = "AES/CBC/PKCS5Padding" />
    <cfset theEncoding  = "base64" />
    <cfset theIV    = BinaryDecode("6d795465737449566f7253616c7431323538704c6173745f", "hex") />
    <cfset encryptedString = encrypt(thePlainText, theKey, theAlgorithm, theEncoding, theIV) />
    <!--- Display results --->
    <cfset keyLengthInBits  = arrayLen(BinaryDecode(theKey, "base64")) * 8 />
    <cfset ivLengthInBits  = arrayLen(theIV) * 8 />
    <cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />
    <cfabort>

    Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.
    \\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that).  According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.
    So something else is wrong. Here are some things to look at, in no particular order:
    1. Are you using a JVM other than the Java 1.6 that comes with CF10?
    2. Did you restart Tomcat after coping the files in?
    3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory.  It should have prompted you to overwrite existing files.
    4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?
    Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.
    Jason

  • Help enabling AES 256-bit cipher suites

    I can't seem to create an SSLServerSocket with the 2 AES 256-bit cipher suites that are supposed to be available in JDK1.4.2. As you can see in the following code, the SSLServerSocket, ss, is enabled with the 2 AES_256 cipher suites. But, when ss.getEnabledCipherSuites() is invoked, those 2 suites aren't listed. What's up?
    Also, what is this SSLv2Hello that I can't seem to get rid of?
        String[] PROTOCOLS = {"SSLv3", "TLSv1"};
        String[] CIPHER_SUITES = {"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
                                  "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
                                  "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
                                  "TLS_RSA_WITH_AES_256_CBC_SHA",
                                  "TLS_RSA_WITH_AES_128_CBC_SHA",
                                  "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};// create an SSLServerSocket ss
            SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");
            context.init(myKeyManagers, myTrustManagers, SecureRandom.getInstance("SHA1PRNG", "SUN"));
            SSLServerSocketFactory ssFactory = context.getServerSocketFactory();
            SSLServerSocket ss = ssFactory.createServerSocket();
            ss.setEnabledProtocols(PROTOCOLS);
            ss.setEnabledCipherSuites(CIPHER_SUITES);// output a bunch of useful debugging information
            System.out.println(System.getProperty("java.version") + "\n");
            Provider[] providers = Security.getProviders();
            for(int i=0; i < providers.length; ++i)
                System.out.println(providers[i] + "\n" + providers.getInfo() + "\n********************");
    String[] enabledProtocols = ss.getEnabledProtocols();
    for(int i=0; i < enabledProtocols.length; ++i)
    System.out.println(enabledProtocols[i]);
    String[] enabledCipherSuites = ss.getEnabledCipherSuites();
    for(int i=0; i < enabledCipherSuites.length; ++i)
    System.out.println(enabledCipherSuites[i]);
    OUTPUT
    1.4.2
    SUN version 1.42
    SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    SunJSSE version 1.42
    Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    SunRsaSign version 1.42
    SUN's provider for RSA signatures
    SunJCE version 1.42
    SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    SunJGSS version 1.0
    Sun (Kerberos v5)
    SSLv2Hello
    SSLv3
    TLSv1
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA

    Now I get an Exception when I run the same program.
    OUTPUT
    1.4.2
    SUN version 1.42
    SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    SunJSSE version 1.42
    Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    SunRsaSign version 1.42
    SUN's provider for RSA signatures
    SunJCE version 1.42
    SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    SunJGSS version 1.0
    Sun (Kerberos v5)
    java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers
            at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA6275)
            at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA6275)
            at test.util.ConcreteSSLServerSocketFactory.initSocket(ConcreteSSLServerSocketFactory.java:111)
            at test.util.ConcreteSSLServerSocketFactory.createServerSocket(ConcreteSSLServerSocketFactory.java:100)
            at test.Test.main(Test.java:111)
    Exception in thread "main"

  • AIR-AP1131AG-I-K9 support AES 256 bit ?

    hi,
    I have several AP devices:
    Product/Model Number: AIR-AP1131AG-I-K9
     System Software Filename: c1130-k9w7-tar.124-3g.JA
     System Software Version: 12.4(3g)JA
    Bootloader Version: 12.3(8)JEA
    i need to know if  AES 256 bit is supported by this devices and if the current software need to upgrade for that.
    Regards,

    HI Ben,
    As per my knowledge this Software dont support 256 bit key size.
    Here is the link:http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_3g_JA/configuration/guide/ios1243gjaconfigguide/s43wep.html
    another version: 12.3(8)JA supports 256 bit key size to protect data traffic,
    http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_8_JA/configuration/guide/1238jasc/s38wep.html
    Regards
    Don't forget to rate helpful posts

  • 128 bit AES on File Vault

    I am curious how good the encryption on file vault is? Is it similar to WPA where the length of the password determines its strength or vulnerability? Is it something like the FBI or similar agency could break?

    Given enough time and money, any encryption can be broken by those that specialize in it. That's why government agencies are constantly changing their encryption keys.
    Taken from the Wikipedia article quoting an NSA report:
    "The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."

  • Does CS4 Suite Products(ID,AI, PS) have ways to create Secured PDF with 256-AES or 128bit AES bit En

    I have been able to create only 128-bit RC4 encryption PDFs(compatible with Acrobat5) when saving/exporting to PDF with Acrobat8.
    Is there any other way we can do that?

    Hi,
    Found a note explaining the significance of these errors.
    It says:
    "NZE-28862: SSL connection failed
    Cause: This error occurred because the peer closed the connection.
    Action: Enable Oracle Net tracing on both sides and examine the trace output. Contact Oracle Customer support with the trace output."
    For further details you may refer the Note: 244527.1 - Explanation of "SSL call to NZ function nzos_Handshake failed" error codes
    Thanks & Regards,
    Sindhiya V.

  • Encrypt/decrypt AES 256, vorsalt error

    Hiyas.
    So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
    'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
    'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
    But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
    An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
    Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
    <!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
    <cfset theAlgorithm  = "Rijndael/CBC/PKCS5Padding" />
    <cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
    <!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
    <cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
    <!---<cfset theIV128    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
    <cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToEncrypt" type="string" required="true"/>
        <cfset secretkey = gKey>               
        <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
        <cfreturn szReturn>
    </cffunction>   
    <cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
        <cfargument    name="szToDecrypt" type="string" required="true"/>
        <cfset secretkey = gKey>   
        <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>       
        <cfreturn szReturn>
    </cffunction>
    <cfset szStart = form["toencrypt"]>
    <cfset szStart = "Test me!">
    <cfset szEnc = DoEncrypt(szStart)>
    <cfset szDec = DoDecrypt(szEnc)>
    <cfoutput>#szEnc# #szDec#</cfoutput>

    Hi edevmachine,
    This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
    Example:
    <cfscript>
      BouncyCastleCFC = new path.to.BouncyCastle();
      string = "ColdFusion Rocks!"; 
      key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
      ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
      encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
      writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
    </cfscript>
    Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
    - An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
    - An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
    - An explanation of how to connect the Bouncy Castle classes together
    - Bouncy Castle's doc for the Rijndael Engine
    And here is the full CFC as posted in the StackOverflow discussion:
    <cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
    <cffunction name="createRijndaelBlockCipher" access="private">
        <cfargument name="key" type="string" required="true" >
        <cfargument name="ivSalt" type="string" required="true" >
        <cfargument name="bEncrypt" type="boolean" required="false" default="1">
        <cfargument name="blocksize" type="numeric" required="false" default=256>
        <cfscript>
        // Create a block cipher for Rijndael
        var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
        // Create a Block Cipher in CBC mode
        var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
        // Create Padding - Zero Byte Padding is apparently PHP compatible.
        var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
        // Create a JCE Cipher from the Block Cipher
        var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
        // Create the key params for the cipher    
        var binkey = binarydecode(arguments.key,"hex");
        var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
        var binIVSalt = Binarydecode(ivSalt,"hex");
        var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
        cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
        return cipher;
        </cfscript>
    </cffunction>
    <cffunction name="doEncrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
        var byteMessage = arguments.message.getBytes();
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var cipherText = cipher.doFinal(outArray,bufferLength);
        return toBase64(outArray);
        </cfscript>
    </cffunction>
    <cffunction name="doDecrypt" access="public" returntype="string">
        <cfargument name="message" type="string" required="true">
        <cfargument name="key" type="string" required="true">
        <cfargument name="ivSalt" type="string" required="true">
        <cfscript>
        var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
        var byteMessage = toBinary(arguments.message);
        var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
        var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
        var originalText = cipher.doFinal(outArray,bufferLength);
        return createObject("java", "java.lang.String").init(outArray);
        </cfscript>
    </cffunction>
    <cfscript>
    function getByteArray(someLength)
        byteClass = createObject("java", "java.lang.Byte").TYPE;
        return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
    </cfscript>
    </cfcomponent>
    Thanks!,
    -Aaron

  • How do I prioritize 256 bit encryption over the 128 bit variant?

    Hello folks,
    been using the fox for ages now. Thanks for the fine product :) .
    Up to now I also never had a problem I couldn't find a solution for, but strangely enough, that one gets me, since I seem to be unable to find an option allowing me to deactivate the 128 bit variant of encryption.
    The bank whose homepage it concerns already told me that they are offering it, and there was this nice add on that allowed me to deavtivate the rc4 protocol, but I just don't get from AES 128 to AES 256 wich I just like a banking site to have...
    Any solution would be much appreciated, thanks in advance.

    You can set all 128 bit SSL3 prefs to false on the about:config page to force using stronger ciphers.
    Filter: ssl3*128
    To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
    If you see a warning then you can confirm that you want to access that page.<br />
    *Use the Filter bar at to top of the about:config page to locate a preference more easily.
    *Preferences that have been modified show as bold (user set).
    *Preferences can be reset to the default via the right-click context menu if they are user set
    *Preferences can be changed via the right-click context menu: Modify (String or Integer) or Toggle (Boolean)
    Some websites with old software may require to temporarily set security.ssl3.rsa_rc4_128_md5 to true if you get a cipher overlap error.

  • Acrobat (Reader) 8 not capable of opening AES-256 protected rights management PDF?

    Is this really true?
    Didn't find a datasheet explaining the Client-side requirements, when
    AES-256-encrypting PDF documencs with LCRM.
    In my lab it seems, as if Reader-9 can open those documents fine, while Reader-8 fails decrypting.
    Dilettanto

    Acrobat/Reader 9 were the first version to incorporate AES-256 code, so if you want to remain backwards compatible with Reader 7 or 8 you need to continue to use AES-128. I believe this is documented in the help for the section that describes how policy edit works.
    Jonathan

  • AES-256 Security Provider ??

    Hi,
    Our company is using a tool called AdvenetNet WebNMS to create a network management system.
    However, there is one particular section in the developer guide that refers to working with "providers" to support privacy in SNMPv3. Our software group would like to use AES-256 for the privacy.
    The Advenetnet site says you can use "Cryptix or SunJCE" as a provider. I tried to look up Cryptix, but, didn't find much documentation on it. I downloaded the source, and didn't really see anything referring to AES-256, however, i saw many different types.
    Can anyone give any ideas on what exactly i would need to do ? First of all, will Cryptix help me at all? (Is it a provider that supports AES-256) ? If not, is it difficult to create my own AES-256 provider (following the tutorial on Sun's website) ?
    If anyone can clear up my confusion on providers, etc.... that would be great!
    I'm pretty new to Java, and i found this link on Sun's web:
    http://java.sun.com/j2se/1.4.2/docs/guide/security/HowToImplAProvider.html
    Link to Adventnet description:
    http://www.adventnet.com/products/webnms/help/developer_guide/management_protservices/mgmnt_protocols/snmp/proto_security_pack_snmpv3.html

    This is where i'm getting confused. We are currently using JRE 1.5 for development. So, you're saying, with this version, AES 256 is already included.Yes.
    >
    According to the Adventnet documentation (in the link in my initial post), it has a blurb regarding JCE installation, etc by modifying the java.security file. Is this file already setup for me since i'm using java 1.5 ? If this is the case, do i technically need to do anything to get the AES - 256 (from a java side of things) to work? No need to modify the java.security file - the SunJCE provider is included by default.
    >
    There is little to no documentation on getting the SNMPv3 (from AdvenetNet) to use AES-256. They just refer to 'using a provider' because they don't support AES-256. I guess i'm also confused on how to get the AdventNet product to actually select to use AES-256 . I'll have to contact them regarding that.I know only a little about SNMPv3 and even less about AdvenetNet. I do wonder why you think you need AES 256. What is so secret about your data that you need twice as many bits as the industry norm. Even people playing really safe use only a 192 bit AES.

Maybe you are looking for

  • FM  for VL75

    Hi, Is there any FM for  transaction Code VL75 for triggering Output type for Inbound Deliveries. Best Regards Bobby

  • Communicatin between two differnt wd apps?

    HI Can Any one explain me how can we communicate between two differnet webdynpro (java) applications? i have one component A with A1 as its application and Componet B with B1 as its application. individullay both runs independently, but is it possibl

  • Importing classes into JSP page

    Hi There, I am new to this and here is my problem. I am doing a shopping cart tutorial and trying to get a JSP page to import two classes : <%@ page language="java" contentType="text/html" import="ShoppingBasket,Product" errorPage="errorpage.jsp" %>

  • Misguided BT Loyalist trying to leave

    I have reached the end of the line with BT simply because no package exists any more for people like me. I make very few social calls of more than a few minutes duration and have absolutely no need for free weekend or evening calls whatsoever, I norm

  • Output linked pages as PDF

    My boss and I have simialr equipment and we each have full installs of CS6. We each take the same 5 Mb size firework png file.  It has 71 pages, with many links. When I output the file as PDF, I get a file that is 82 Mb in size. When my boss does it,