Zero-Trust Architecture. Zero Compromise.
Debian Agent delivers military-grade encryption and certificate-based authentication for your critical infrastructure management.
Every connection is protected by the same cryptographic standards:
- ECDSA P-384 Certificates — 192-bit security equivalent, exceeding current NSA Suite B requirements
- TLS 1.3 Support — Latest protocol with perfect forward secrecy
- AES-256-GCM & ChaCha20 — Authenticated encryption preventing tampering and eavesdropping
Unlike traditional password-based systems, Debian Agent uses mutual TLS (mTLS) where both client and server prove their identity with cryptographic certificates available for 90 days by default.
Each client receives a unique, short-lived certificate (90 days default) that can be instantly revoked if compromised.
Enrollment tokens are stored using bcrypt:
Algorithm: bcryptCost Factor: 10 (default)Output: 60-byte hash
Tokens are never stored in plaintext.
Validation requires comparing against bcrypt hashes.
Out of the box, Debian Agent: