Configuring the encryption information for the generator binding on the application level
Before you begin this task, configure the key information that is referenced by the key information references in the encryption information panel.
This task provides the steps that are needed for configuring encryption information for the request generator (client side) and the response generator (server side) bindings at the application level. This encryption information is used to specify how the generators (senders) encrypt outgoing messages.
Complete the following steps to configure the encryption information for the request generator or response generator section of the bindings file on the application level:
- Locate the encryption information configuration panel in the administrative
console.
- Click Applications > Enterprise applications > application_name.
- Under Related Items, click EJB Modules or Web Modules > URI_name.
- Under Additional properties, you can access the key information
for the request generator and response generator bindings.
- For the request generator (sender) binding, click Web services: Client
security bindings. Under Request generator (sender) binding, click Edit
custom.
- For the response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.
- For the request generator (sender) binding, click Web services: Client
security bindings. Under Request generator (sender) binding, click Edit
custom.
- Under Required properties, click Encryption information.
- Click New to create an encryption information configuration. Click Delete to delete an existing configuration or click the name of an existing encryption information configuration to edit its settings. If you are creating a new configuration, enter a name in the Encryption information name field. For example, you might specify gen_encinfo.
- Select a data encryption algorithm from the Data encryption algorithm
field. The selection specifies the algorithm that is used to encrypt
parts of the message. WebSphere® Application Server supports the following
pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
To use this algorithm, download the unrestricted Java™ Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
To use this algorithm, download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
The data encryption algorithm that you select for the generator side must match the data encryption method that you select for the consumer side.
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- Select a key encryption algorithm from the Key encryption algorithm
field. This selection specifies the algorithm that is used to encrypt
keys. WAS supports the following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#kw-aes192
To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
The key encryption algorithm that you select for the generator side must match the key encryption method that you select for the consumer side.
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- Select an encryption key information reference from the Encryption
key information menu. This selection is a reference to the encryption
key that is used to encrypt parts of the message. To configure the key information,
see Configuring the key information for the generator binding on the application level.
- Select a part reference from the Part reference field. This
field specifies the name of the part reference for the generator binding element
in the deployment descriptor.
- Click OK and then click Save to save the configuration.
The encryption information is configured for the generator binding at the application level
You must specify a similar encryption information configuration for the consumer.
- Encryption information collection
Use this page to specify the configuration for the encrypting and decrypting parameters. This configuration is used to encrypt and decrypt parts of the message, including the body and user name token. - Encryption information configuration settings
Use this page to configure the encryption and decryption parameters. You can use these parameters to encrypt and decrypt various parts of the message, including the body and user name token. - Encryption information configuration settings
Use this page to configure the encryption and decryption parameters.
Related tasks
Configuring the encryption information for the consumer binding on the application level
Configuring the key information for the generator binding on the application level
Related information
IBM developer kit: Security information
Web Services Security: SOAP Message Security Version
1.0