Sentinel uses AES encryption for Communication over Sonic and Encryption passwords stored in config files and sent over Sonic. By default, Sentinel uses the AES 128-bit encryption algorithm because of certain import restrictions. If these import restrictions do not apply to you, you can configure Sentinel to use a stronger AES 256-bit algorithm.
NOTE:It is highly recommended that you review the “Understanding the Export/Import Issues” section of the Java Readme.txt file before enabling 256-bit encryption.
Download Unlimited Encryption policies from Sun. In the Other Downloads section, download “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0”.
Apply the above mentioned policy file to all the JRE's that run processes that connect directly to Sonic (DAS, Correlation Engine, Communication Server, Collector Manager if used in Direct to Sonic mode). To understand how to apply policy files, go through the Readme.txt available in the policy you downloaded.
Use the keymgr utility to generate a 256-bit AES .keystore file by follow the instructions in Section 6.2, Changing the Communication Encryption Key.
Copy this .keystore file to all machines in step #2 and place in the $ESEC_HOME/config or %ESEC_HOME%\config directory.
NOTE:If you are using Advisor in Direct Download mode, you must update the Advisor password stored in Advisor’s configuration files. This password is encrypted using the information in .keystore and must be recreated using the new .keystore value. For more information on updating a password, see Certificate Management for DAS_Proxy
section in Sentinel 6.1 Reference Guide.