Agent to Agent Data Encryption

Topic: This article explains how to configure Agents for enabling/disabling data encryption/decryption between Agents.

Environment: This article is written for Diyotta version 4.1 

What is Encryption

Encryption is the conversion of electronic data into another form, called cipher-text, which cannot be easily understood by anyone except authorized parties. The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or other computer networks.

Why encryption in Diyotta

While transferring the data between Agents, there are chances of data hacking. For complete security of data Agent to Agent encryption/decryption is used. Enabling encryption on data extraction properties makes the communication between two Agents secure. Every data sent from source Agent is encrypted with AES-128/192/256 algorithms and the same is decrypted at the receiving end- the target Agent.

Encryption and Compression – Agent to Agent Data Transportation

Diyotta supports payload encryption and compression between Agents. Source and target Agents needs to be configured to enable encryption/compression. 

The below given diagram depicts high-level understating of this feature.

Encryption Levels

Diyotta provides data security at two levels- 

  • Single encryption
  • Double encryption

1 . To enable encryption, set the ENCRYPTION option in Extract properties to YES. By default, it is NO. 

2. Once the encryption option is enabled, two other options appear just below it. 

3. Select the Encryption Type from AES-128, 192 or 256

4. For double encryption set the Encrypted AES SecretKey to YES. By default, it is NO.

Configuring Encryption keys

To enable the encryption features in Diyotta, you need to generate the encryption and decryption keys. You can do this using the dicmd command.

Case 1: Single Encryption - Encryption AES SecurityKey is Disabled

For single encryption - Encryption AES SecurityKey field option is set to NO.

1 . Login to the DI server and go to the DI_HOME/keys directory.

2. Generate AES key using the following dicmd command.

dicmd genkey aes

The system will prompt for AES passphrase and Agent name. Passphrase could be any word which acts like a password; the Agent name should be the target Agent name. Once the passphrase and Target Agent name are entered, the system generates [agent_name]_diaes.key as shown in the screenshot given below. 

3. Place the above key in the DI_FLA_HOME/keys directory of both source and target Agents where encryption and decryption is performed with this generated key.

Case 2: Double Encryption - Encryption AES SecurityKey is Enabled

For double encryption - Encryption AES SecurityKey field option is set to YES.

1 . Generate RSA keys using the following dicmd command.

dicmd genkey rsa

2. When the command is executed, it generates two keys - Public.key and Private.key

3. Encrypt [target_agent_name]_diaes.key with dipublic.key using the following dicmd command

dicmd encrypt -f [agent_name_diaes.key] -k [dipubluc.key]

For example- 

dicmd encrypt -f idx/apps/direp_sprint/keys/Diyotta_Agent_diaes.key -k idx/apps/direp_sprint/keys/dipublic.key

4. The system will prompt for an Agent name; only the target Agent name should be provided. It generates [target_agent_name]_diages_enc.key as shown in screenshot given below.

The [target_agent_name]_diages_enc.key should be placed in Source Agent and Target Agent and diprivate.key should be placed only at Target Agent side. All the keys should be placed in DI_FLA_HOME/keys folder.

Stream Monitor log

When encryption starts, the encryption details can be seen in the Monitor log as shown in the screenshot given below- 

How to check encrypted and decrypted data

1 . Change log level as TRACE in both source and target Agents.

2. Execute the Job Flow.

3. Connect the source or target Agent and check the diserver.log for encrypted and decrypted data.

On this page