Configuring the encryption information for the consumer binding on the server or cell level
The encryption information for the default consumer specifies how to process the encryption information on the receiver side if these bindings are not defined at the application level. WebSphere® Application Server provides default values for the bindings. However, an administrator must modify the defaults for a production environment.
Complete the following steps to configure the encryption information for the consumer binding on the server level:
- Access the default bindings for the server level.
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services security.
- Under Default consumer bindings, click Encryption information.
- Click New to create an encryption information configuration, click Delete to delete an existing configuration, or click the name of an existing encryption information configuration to edit the settings. If you are creating a new configuration, enter a unique name for the encryption configuration in the Encryption information name field. For example, you might specify con_encinfo.
- Select a data encryption algorithm from the Data encryption algorithm field. This algorithm is used to encrypt the data. WAS supports the following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
To use this algorithm, download the unrestricted Java™ Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
To use this algorithm, download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
The data encryption algorithm that you select for the consumer side must match the data encryption algorithm that you select for the generator side.
- Select a key encryption algorithm from the Key encryption algorithm field. This algorithm is used to encrypt the key. WAS supports the following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#kw-aes192
To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
If you select None, the key is not encrypted.
The key encryption algorithm that you select for the consumer side must match the key encryption algorithm that you select for the generator side.
- Under Additional properties, click Key information references.
- Click New to create a key information configuration, click Delete to delete an existing configuration, or click the name of an existing key information configuration to edit the settings. If you are creating a new configuration, enter a unique name for the key information configuration in the name field. For example, you might specify con_enckeyinfo.
- Select a key information reference from the Key information reference field. This selection refers to the name of the key information that is used for encryption. For more information, see Configuring the key information for the consumer binding on the server or cell level.
- Click OK and Save to save the configuration.
You have configured the encryption information for the consumer binding at the server or cell level
You must specify a similar encryption information configuration for the generator.
Related tasks
Configuring the encryption information for the generator binding on the server or cell level