Password message security
We can transfer the messages that contain passwords between JMS Password Store and JMS Password as plain text messages, PKI encrypted messages, or PKCS7 encapsulated messages. The JMS Password Store stores the password as a message on the JMS provider queue. We can send the message that contains the password as:
- Plain text messages
The messages are transferred between JMS Password Store and JMS Password Store Connector as plain text. Therefore, no message-based security is applied.
- Pre- Security Directory Integrator 6.1.1 PKI encrypted messages This feature is optional. When this option is used, a certificate from a .jks file is used to:
- Encrypt the received messages by the JMS Password Store
- Decrypt the messages by the JMS Password Store Connector
Note: Starting from SDI 6.1.1, this encryption is deprecated because PKCS7 encapsulation offers a more secure way to transfer messages, containing encryption.
- PKCS7 encapsulated messages
Starting from SDI 6.1.1, the JMS Password Store, and the JMS Password Store Connector support PKCS7, which includes both signing and encryption.
Using PKCS7 for encapsulation is optional. By default, it is turned off. If you want to use PKCS7, configure both JMS Password Store and JMS Password Store Connector to use PKCS7. However, when PKCS7 is used, the PKI encryption is not allowed because the PKCS7 supports encryption.
Parent topic:
JMS Password Store