Configure encryption information for the consumer binding with an assembly tool

 

Before you begin

Prior to completing this task, complete the following steps:

1. Import your application into an assembly tool. For information on how to import your application, see Import enterprise applications.

2. Specify which message parts to encrypt. For more information, see Encrypting message elements in consumer security constraints with keywords or Encrypting message elements in consumer security constraints with an XPath expression.

3. Configure the key information that is referenced by the Key information element within the Encryption information dialog window. For more information, see Configuring key information for the consumer binding with an assembly tool.

 

Overview

Complete the following steps to configure the encryption information for the server-side and client-side bindings using an assembly tool. The encryption information on the consumer side is used for decrypting the encrypted message parts in the incoming SOAP message. The response consumer is configured for the client and the request consumer is configured for the server. In the following steps, configure either the client-side bindings in step 2 or the server-side bindings in step 3.

 

Procedure

1. Start the assembly tool and click Window > Open Perspective > J2EE.

2. Optional: Locate the client-side bindings using the Project Explorer window. The Client Deployment Descriptor window is displayed. This Web service contains the extensions that we need to configure. Complete the following steps to locate the client-side bindings:

   1. Expand the Web Services > Client section and double-click the name of the Web service.

   2. Click the WS Binding tab and expand the Security Response Consumer Binding Configuration section.

3. Optional: Locate the server-side bindings using the Project Explorer window. The Web Services Editor window is displayed. This Web service contains the bindings that we need to configure. Complete the following steps to locate the server-side bindings:

   1. Expand the Web Services > Services section and double-click the name of the Web service.

   2. Click the Binding Configurations tab and expand the Request Consumer Binding Configuration Details section.

4. Expand the Encryption Information section and click Add to add a new entry or select an existing entry and click Edit. The Encryption Information dialog window is displayed. Complete the following steps to specify an encryption information configuration:

   1. Specify a name for the encryption information configuration in the Encryption name field.

   2. Select a data encryption algorithm from the Data encryption method algorithm field. The data encryption algorithm is used for encrypting or decrypting parts of a SOAP message such as the SOAP body or the username token. The following pre-configured algorithms are supported:

      • http://www.w3.org/2001/04/xmlenc#tripledes-cbc

      • http://www.w3.org/2001/04/xmlenc#aes128-cbc

      • http://www.w3.org/2001/04/xmlenc#aes256-cbc

        To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.

      • http://www.w3.org/2001/04/xmlenc#aes192-cbc

        To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.

      This algorithm must match the data encryption algorithm that is configured for the generator. For more information on configuring the encryption information for the generator, see Configuring encryption information for the generator binding with an assembly tool.

   3. Select a key encryption algorithm from the Key encryption method algorithm field. The key encryption algorithm is used to encrypt the key that is used for encrypting the message parts within the SOAP message. The following pre-configured algorithms are supported:

      • http://www.w3.org/2001/04/xmlenc#rsa-1_5

      • http://www.w3.org/2001/04/xmlenc#kw-tripledes

      • http://www.w3.org/2001/04/xmlenc#kw-aes128

      • http://www.w3.org/2001/04/xmlenc#kw-aes256

        To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.

      • http://www.w3.org/2001/04/xmlenc#kw-aes192

        To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.

      Select the blank entry if the data encryption key, which is the (key used for encrypting the message parts, is not encrypted. This key encryption algorithm for the consumer must match the key encryption algorithm for the generator. For more information on configuring the encryption information for the generator, see Configuring encryption information for the generator binding with an assembly tool.

5. Click Add in the Encryption Key Information section to add a new key information entry or click Remove to delete a selected entry. Complete the following substeps if you are adding a new key information entry.

   1. Specify a name in the Key information name field.

   2. Select a key information reference from the list under the Encryption key information field. The value in this field references the key information configuration that you specified previously. If you have a key information configuration called con_enckeyinfo that you want to use with this encryption information configuration, specify con_enckeyinfo in the Key information element field. For more information, see Configuring key information for the consumer binding with an assembly tool.

6. Select a required confidentiality part from the list in the RequiredConfidentiality part field. The value in this field specifies a reference to the message parts for encryption.

7. Click OK to save your encryption information configuration.

 

Result

After you complete this task for the consumer binding, configure the encryption information for generator binding if this task was not previously completed. For more information, see Configuring encryption information for the generator binding with an assembly tool.

---

 

Related Tasks

Encrypting message elements in consumer security constraints with keywords
Encrypting message elements in consumer security constraints with an XPath expression
Configuring encryption information for the generator binding with an assembly tool
Configuring key information for the consumer binding with an assembly tool

 

---