Configure the server for response encryption: Choosing the encryption method: WAS v5.1

Configure the server for response encryption: Choosing the encryption method
Prior to completing these steps, read either of the following topics to become familiar with the Security Extensions tab and the Binding Configurations tab in the Web services editor within the Assembly Toolkit...

Configuring the server security bindings using the Assembly Toolkit
Configuring the server security bindings using the administrative console

These two tabs are used to configure the Web services security extensions and Web services security bindings, respectively.
Complete the following steps to specify which method the server uses to encrypt the response message...

Launch the Assembly Toolkit.
Click Windows > Open Perspective > J2EE to access the Assembly Toolkit perspective.
Select the Web services enabled Enterprise JavaBean (EJB) or Web module.
In the Project Navigator window, locate the META-INF directory for an EJB module or the WEB-INF directory for a Web module.
Right-click the webservices.xml file, and click Open With > Web Services Editor.
Click the Binding Configurations tab, which is located at the bottom of the Web Services Editor within the Assembly Toolkit.
Expand Response Sender Binding Configuration Details > Encryption Information.
Click Edit to view the encryption information.The following table describes the purpose of this information. Some of these definitions are based on the XML-Encryption specification, which is located at the following Web address: http://www.w3.org/TR/xmlenc-core

Encryption name Refers to the name of the encryption information entry.

Data encryption method algorithm Encrypts and decrypts data in fixed size, multiple octet blocks. The algorithm selected for the server response sender configuration must match the algorithm selected in the client response receiver configuration.

Key encryption method algorithm Represents public key encryption algorithms that are specified for encrypting and decrypting keys. The algorithm selected for the server response sender configuration must match the algorithm selected in the client response receiver configuration.

Encryption key name Represents a Subject from a public key certificate typically distinguished name (DN) that is found by the encryption key locator and used by the key encryption method algorithm to encrypt the private key. The private key is used to encrypt the data.
The key name chosen in the server response sender encryption information must be the public key of the key configured in the client response receiver encryption information. Encryption by the response sender must be done using the public key and decryption must be done by the response receiver using the associated private key (the personal certificate of the response receiver).

Encryption key locator The encryption key locator represents a reference to a key locator implementation class that finds the correct key store where the alias and the certificate exist. For more information on configuring key locators, see Configuring key locators using the Assembly Toolkit and Configuring key locators using the administrative aonsole.

The encryption key name chosen must refer to a public key of the response receiver. For the encryption key name, use the Subject of the public key certificate, typically a Distinguished Name (DN). The name chosen is used by the default key locator to find the key. If you write a custom key locator , the encryption key name might be anything used by the key locator to find the correct encryption key (a public key). The encryption key locator references the implementation class that finds the correct key store where the alias and certificate exist. For more information, see Configuring key locators using the Assembly Toolkit and Configuring key locators using the Administrative Console.
You must specify which parts of the response message to encrypt. See Configuring the server for response encryption: Encrypting the message parts if you have not previously specified this information.

See Also
Response sender
XML encryption
Configuring the server for response encryption: encrypting the message parts
Configuring key locators using the Assembly Toolkit
Configuring key locators using the administrative console
Configuring the server for response encryption: encrypting the message parts
Configuring the server security bindings using the Assembly Toolkit
Configuring the server security bindings using the administrative console
XML Encryption Syntax and Processing W3C Recommendation 10 December 2002

Encryption name	Refers to the name of the encryption information entry.
Data encryption method algorithm	Encrypts and decrypts data in fixed size, multiple octet blocks. The algorithm selected for the server response sender configuration must match the algorithm selected in the client response receiver configuration.
Key encryption method algorithm	Represents public key encryption algorithms that are specified for encrypting and decrypting keys. The algorithm selected for the server response sender configuration must match the algorithm selected in the client response receiver configuration.
Encryption key name	Represents a Subject from a public key certificate typically distinguished name (DN) that is found by the encryption key locator and used by the key encryption method algorithm to encrypt the private key. The private key is used to encrypt the data. The key name chosen in the server response sender encryption information must be the public key of the key configured in the client response receiver encryption information. Encryption by the response sender must be done using the public key and decryption must be done by the response receiver using the associated private key (the personal certificate of the response receiver).
Encryption key locator	The encryption key locator represents a reference to a key locator implementation class that finds the correct key store where the alias and the certificate exist. For more information on configuring key locators, see Configuring key locators using the Assembly Toolkit and Configuring key locators using the administrative aonsole.