WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Enable cryptographic keys stored in hardware devices for Web Services Security

Enable hardware cryptographic devices for Web Services Security

We can enable Web Services Security using cryptographic hardware devices for both web service clients and web service providers that are running in the WebSphere Application Server environment. A cryptographic token is a hardware or software device with a built-in keystore implementation. Cryptographic devices are used to manage certificates stored on the cryptographic tokens. These devices are also called smartcards. You enable hardware cryptographic devices for Web Service Security by either using keys stored in hardware devices or using keys stored in a Java keystore file. Web Services Security using cryptographic hardware devices is supported for both web (JSP or servlet) and EJB web service clients. We can enable Web Services Security using cryptographic hardware devices for both web service clients and web service providers that are running in the WAS environment.

There are two ways to enable hardware cryptographic devices for Web Service Security: use keys stored in hardware devices or use keys stored in a Java keystore file.

1. Determine whether to use keys stored in hardware devices or in a Java keystore file for the individual application.

2. Enable hardware cryptographic devices for Web Service Security using one of the following two methods:

   • Enable cryptographic operations on hardware devices. See Configure hardware cryptographic devices for Web Services Security for more details.

   • Enable cryptographic keys stored in hardware devices. See Enable cryptographic keys stored in hardware devices in Web Services Security

   Hardware cryptographic devices for Web Services Security are not supported on the Java EE Application Client on distributed platform.

Subtopics

• Configure hardware cryptographic devices for Web Services Security
  Before we can use a hardware cryptographic device, configure and enable it. You must first configure a hardware cryptographic device using the SSL certificate and key management panels in the dmgr console. The key for the cryptographic operation can be stored in an ordinary Java keystore file and need not be stored on the hardware devices.
• Enable cryptographic keys stored in hardware devices in Web Services Security
  We can enable individual web service applications to use cryptographic keys stored in hardware devices in Web Services Security.

Related concepts:

Programming models for web services message-level security
Hardware cryptographic device support for Web Services Security

+

Search Tips   |   Advanced Search