Encryption information configuration settings

To configure the encryption and decryption parameters.

The specifications listed on this page for the signature method, digest method, and canonicalization method are located in the World Wide Web Consortium (W3C) document entitled, XML Encryption Syntax and Processing: W3C Recommendation 10 Dec 2002.

To view this administrative console page, complete the following steps:

  1. Click Applications > Enterprise Applications > appname.

  2. Under Related Items, click Web Module > URI_file_name > Web Services: Server Security Bindings.

  3. Under Response Sender Binding, click Edit > Encryption Information.

  4. If the encryption information is not available, select None.

  5. If the encryption information is available, select Dedicated Encryption Information.

Then, specify the configuration in the following fields...

Encryption Information Name Name for the encryption information.

Key Locator Reference Name used to reference the key locator.

To specify key locator references, click Servers > Application Servers > server. Under Additional Properties, click Web Services... Default bindings for Web Services Security > Key Locators.

Encryption Key Name Name of the encryption key, which is resolved to the actual key by the specified key locator.

Key Encryption Algorithm Specifies the algorithm URI of the key encryption method.

The following algorithms are supported...

  • http://www.w3.org/2001/04/xmlenc#rsa-1_5

  • http://www.w3.org/2001/04/xmlenc#kw-tripledes

The following additional algorithms are supported...

  • http://www.w3.org/2001/04/xmlenc#kw-aes128

  • http://www.w3.org/2001/04/xmlenc#kw-aes256

  • http://www.w3.org/2001/04/xmlenc#kw-aes192

By default the Java Cryptography Extension (JCE) is shipped with restricted or limited strength ciphers. To use 192-bit and 256- bit Advanced Encryption Standard (AES) encryption algorithms, apply unlimited jurisdiction policy files. Before downloading these policy files, back up the existing policy files (local_policy.jar and US_export_policy.jar in the jre/lib/security/ directory) prior to overwriting them in case you want to restore the original files later. To download the policy files, complete either of the following sets of steps...

  • For WAS platforms using IBM Developer Kit, Java Technology Edition Version 1.4.1, including the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction policy files by completing the following steps...

    • Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html

    • Click Policy Files.

      The unrestrict.jar file is downloaded onto your machine.

  • For WAS platforms using the Sun-based Java Development Kit (JDK) Version 1.4.1, including the Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction policy files by completing the following steps...

    • Go to the following Web site: http://java.sun.com/j2se/1.4.1/download.html

    • Go to the bottom of the Web page and click Download, which is next to Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.1. The jce_policy-1_4_1.zip file is downloaded onto your machine.

After following either of these sets of steps, two Java Archive (JAR) files are placed in the JVM jre/lib/security/ directory.

Data Encryption Algorithm Specifies the algorithm Uniform Resource Identifiers (URI) of the data encryption method.

The following algorithm is supported...

  • http://www.w3.org/2001/04/xmlenc#tripledes-cbc

The following additional algorithms are supported...

  • http://www.w3.org/2001/04/xmlenc#aes128-cbc

  • http://www.w3.org/2001/04/xmlenc#aes256-cbc

  • http://www.w3.org/2001/04/xmlenc#aes192-cbc

By default the JCE is shipped with restricted or limited strength ciphers. To use 192-bit and 256- bit AES encryption algorithms, apply unlimited jurisdiction policy files.

 

See Also

Securing Web services using XML encryption
Encryption information collection
Key locator collection