Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

backup encryption key

Mario_Franco
Altocumulus
Altocumulus

‎19-Aug-2022 13:02

Dear community,

I have some questions around the backup encryption key:

- What is the AES operation mode (e.g. CBC, GCM, CTR, etc.)?
- what is the key hierarchy. I assume that eventually, the Unit Key will protect all other keys, but do we then only have the master key protecting the SSL private keys or are there more levels?
- How is the master key being shared between F5 units?
- How is the unit key being stored and encrypted?

Labels:
0 Kudos
2 REPLIES 2

Dario_Garrido
MVP
MVP

‎20-Aug-2022 15:55

Hello @Mario_Franco,

UCS encryption is based on GnuPG (https://support.f5.com/csp/article/K5437) which uses by default AES-128+CFB (https://www.rfc-editor.org/rfc/rfc4880#section-13.9)

 

Regards,
Dario.
0 Kudos

Dario_Garrido
MVP
MVP

‎20-Aug-2022 15:59

Regarding the master key, you have more info below

https://community.f5.com/t5/technical-articles/working-with-masterkeys/ta-p/290454

https://support.f5.com/csp/article/K73034260

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC