Documentation

(Optional) Configuring an Encryption Algorithm

This section describes how to configure parameters in the KMC encryption algorithm.

Procedure

  1. Modify the configuration file.
    Encryption algorithm configuration means configuring the data encryption algorithm and integrity protection algorithm. If you do not specify the two configuration items, the default configuration is used. If you need to configure an encryption algorithm, add the following fields to /usr/local/AtlasEdge/edge_work_dir/edge_core/config/edge_alg.json, /usr/local/AtlasEdge/edge_work_dir/edge_site/config/edge_alg.json, /usr/local/AtlasEdge/edge_work_dir/edge_om/config/edge_alg.json, and /opt/middleware/AtlasEdge/edge_work_dir/edge_proxy/config/edge_alg.json. (/usr/local/AtlasEdge is used as an example.)
    {
    "sdp_alg_id":"9",
    "hmac_alg_id:"2054",
    "advance_update_rk_days": "30",
    "advance_update_mk_days": "30"
}
    Parameter description:
    • sdp_alg_id indicates the data encryption algorithm. The value can be 8 or 9, corresponding to AES_GCM_128 and AES_GCM_256, respectively. The default value is 9, indicating that AES_GCM_256 is used.
    • hmac_alg_id indicates the integrity protection algorithm. Its value can be 2053 or 2054, corresponding to SHA384 and SHA512, respectively. The default value is 2054, indicating that SHA512 is used.
    • advance_update_rk_days indicates the number of days for updating the root key before the key expires. The value ranges from 0 to 3650. The default value is 30, indicating that the root key is updated 30 days before it expires.
    • advance_update_mk_days indicates the number of days for updating the master key before the key expires. The value ranges from 0 to 180. The default value is 30, indicating that the master key is updated 30 days before it expires.
    • If you need to configure the encryption algorithm on the Atlas 500 AI edge station (model 3000), add the preceding parameters to /opt/middleware/AtlasEdge/edge_work_dir/edge_core/config/edge_alg.json, /opt/middleware/AtlasEdge/edge_work_dir/edge_site/config/edge_alg.json, /opt/middleware/AtlasEdge/edge_work_dir/edge_om/config/edge_alg.json, and /opt/middleware/AtlasEdge/edge_work_dir/edge_proxy/config/edge_alg.json.
    • If a user-defined installation path is used during AtlasEdge installation, configure the encryption algorithm in this path.
  2. Run the script file to perform the update.

    Go to the directory where the script file is stored (for example, AtlasEdge installation directory/edge_work_dir/edge_om/bin) and run the following command to update the script file:

    ./update_key_util.sh