Technical Tip: Private encryption feature removed from some FortiGate devices starting v7.6.3

The output below is before v7.6.3, where the private encryption feature is included in the FortiGate models.

FortiGate-40F # execute private-encryption-key 
sample Generate base64 clear text and its HMAC signature encrypted by private key.
verify Verify if the input base64 HMAC is encrypted by private key.
 
FortiGate-40F # execute private-encryption-key sample
Private encryption is not enabled.
Command fail. Return code 7

From v7.6.3 onwards, all the models that do not have TPM (Trusted Platform Module) will not be able to use the command 'execute private-encryption-key'.

FortiGate-40F # execute private-encryption-key

command parse error before 'private-encryption-key'
Command fail. Return code -61

To check if the FortiGate has a TPM, use the following command: 'diagnose hardware test tpm'.

If the command does not give an output and throws an error, that means the FortiGate model does not have TPM.

FortiGate-40F # diagnose hardware test tpm

command parse error before 'tpm'
Command fail. Return code -61

Also, the global setting 'set private-data-encryption' has been removed.

FortiGate-101F # config system global
FortiGate-101F (global)# show full-configuration | grep private <-- No private-data-encryption setting.
FortiGate-101F (global) # end

This change has been made to ensure that the private encryption feature is not included in the model that does not have a TPM.