Security policy attributes in AMS
We can use Advanced Message Security to select a particular algorithm or method to protect the data.
A security policy is a conceptual object that describes the way a message is cryptographically encrypted and signed.| Attributes | Description |
|---|---|
| Policy name | Unique name of the policy for a queue manager. |
| Signature algorithm | Cryptographic algorithm that is used to sign messages before sending. |
| Encryption algorithm | Cryptographic algorithm that is used to encrypt messages before sending. |
| Recipient list | List of certificate distinguished names (DNs) of potential receivers of a message. |
| Signature DN checklist | List of signature DNs to be validated during message retrieval. |
In Advanced Message Security, messages are encrypted with a symmetric key, and the symmetric key is encrypted with the public keys of the recipients. Public keys are encrypted with the RSA algorithm, with keys of an effective length up to 2048 bits. The actual asymmetric key encryption depends on the certificate key length.
The supported symmetric-key algorithms are as follows:- RC2
- DES
- 3DES
- AES128
- AES256
Advanced Message Security also supports the following cryptographic hash functions:
- MD5
- SHA-1
- SHA-2 family:
- SHA256
- SHA384 (minimum key length acceptable - 768 bits)
- SHA512 (minimum key length acceptable - 768 bits)
Note: The quality of protection used for the message put and get functions must match. If there is a policy quality of protection mismatch between the queue and the message in the queue, the message is not accepted and is sent to the error handling queue. This rule applies for both local and remote queues. Parent topic: Security policies overview for AMS