How do I tell which encryption method is being used for the PCoIP session?
PCoIP technology supports just AES-256-GCM encryption. Both methods of encryption - AES-128-GCM and Salsa20-256-round12 have been deprecated.
The examples below are still valid when trying to determine which encryption method is being used.
In viewing the PCoIP Server or PCoIP Client log files you can find out what encryption is in use. In the log files you will find lines similar to the below.
PSDP PCoIP security NULL supported (0=unsupported) - local: 0 PSDP PCoIP security Salsa20-256-round12 supported (0=unsupported) - local: 1 PSDP PCoIP security AES-128-GCM supported (0=unsupported) - local: 1 PSDP PCoIP security AES-256-GCM supported (0=unsupported) - local: 1 PSDP PCoIP security NULL supported (0=unsupported) - peer: 0 PSDP PCoIP security Salsa20-256-round12 supported (0=unsupported) - peer: 0 PSDP PCoIP security AES-128-GCM supported (0=unsupported) - peer: 1 PSDP PCoIP security AES-256-GCM supported (0=unsupported) - peer: 1 PSDP PCoIP security NULL supported (0=unsupported) - negotiated: 0 PSDP PCoIP security Salsa20-256-round12 supported (0=unsupported) - negotiated: 0 PSDP PCoIP security AES-128-GCM supported (0=unsupported) - negotiated: 0 PSDP PCoIP security AES-256-GCM supported (0=unsupported) - negotiated: 1
Note: Salsa20-256-round12 and AES-128-GCM are deprecated in Tera2 PCoIP Zero Clients and newer releases of HP Anyware PCoIP Agent.
These log lines show the negotiation process between a PCoIP Agent and PCoIP Client at the start of a PCoIP session. Each PCoIP endpoint advertise their capabilities and a capability is negotiated.
In this case, local (PCoIP agent) and peer (PCoIP Client) both advertised they support AES-128-GCM and AES-256-GCM. As a result AES-256-GCM was negotiated and used for the session.
Note: the Tera1x00 device supports AES-128-GCM and Salsa20-256-round12. The Tera2x00 device support AES-256-GCM
See also: