In the past, we had no way to decrypt our inventory files (* .snowpack).
This is useful for customers with specific security requirements.
By default, our Snow Inventory Agent uses a standard key to encrypt (*.snowpack) files.
This key is hard coded in both Snow Inventory Agent for encryption and Snow Inventory Server for decryption.
All customers had to contact Snow Support to decrypt their own inventory files.
This was very time consuming,
Snow has now created the possibility to create your own encryption keys.
How does it work?
With the tool AESKEYGEN, you can create your own custom crypto keys for a certain agent or group of computers. The tool creates a key that needs to be copied to a folder on the Inventory server as well as to a folder on the computers to be inventoried. The file is named <fingerprint>.cryptkey.
Run aeskeygen.exe <Path> to create your own crypto key
The result is shown
Use this setting in the configuration file of the Inventory Server (snowserver.config) to specify the folder where the crypto keys are located:
To specify the fingerprint of the crypto key to use for Snowpack encryption, use these settings in the configuration file of the agent (snowagent.config), and the folder where it is located.
Deploy your Agent with your created crypto key.
With the tool SNOWPACK-UTIL, you can decrypt your generated (*.snowpack) files
Use it with the following options:
The unpack command will decrypt the file and unpack the content to a sub-folder of the current folder. To unpack the content, use the following syntax:
The pack command will generate a new snowpack file based on the content of a specified folder and encrypt it with the fingerprint of your custom key.
To generate a file, use the following syntax:
Both tools can be ordered from Snow Support
The encryption level is AES128 bit
You cannot handle inv files with the Tools.
The snowpack-util cannot decrypt the default encryption key
The standard snow encryption and decryption always works.