The encryption information for the default consumer specifies how
to process the encryption information on the receiver side if these bindings
are not defined at the application level. WebSphere Application Server provides
default values for the bindings. However, an administrator must modify the
defaults for a production environment.
About this task
You
can configure the encryption information for the consumer binding on the server
level and the cell level. In the following steps, use the first step to access
the server-level default bindings and use the second step to access the cell-level
bindings.
Procedure
- Access the default bindings for the server level.
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for
Web services security.
- Click Security
> Web services to access the default bindings on the cell level.
- Under Default consumer bindings, click Encryption information.
- Click New to create an encryption information configuration,
click Delete to delete an existing configuration, or click the name
of an existing encryption information configuration to edit the settings.
If you are creating a new configuration, enter a unique name for the
encryption configuration in the Encryption information name field. For example,
you might specify con_encinfo.
- Select a data encryption algorithm from the Data encryption algorithm
field. This algorithm is used to encrypt the data. WebSphere Application
Server supports the following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
To use this algorithm,
you must download the unrestricted Java Cryptography Extension (JCE) policy
file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
To use this algorithm,
you must download the unrestricted Java Cryptography Extension (JCE) policy
file from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
Do not use the 192-bit key encryption algorithm if you want
your configured application to be in compliance with the Basic Security Profile
(BSP).
The data encryption algorithm that you select for the consumer side
must match the data encryption algorithm that you select for the generator
side.
- Select a key encryption algorithm from the Key encryption algorithm
field. This algorithm is used to encrypt the key. WebSphere Application
Server supports the following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p.
When
running with Software Development Kit (SDK) Version 1.4, the list of supported
key transport algorithms does not include this one. This algorithm appears
in the list of supported key transport algorithms when running with SDK Version
1.5.
Restriction: This algorithm is not supported when the WebSphere
Application Server is running in Federal Information Processing Standard (FIPS)
mode.
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
To use this algorithm, you
must download the unrestricted Java Cryptography Extension (JCE) policy file
from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#kw-aes192
To use this algorithm, you
must download the unrestricted Java Cryptography Extension (JCE) policy file
from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
Do not use the 192-bit key encryption algorithm if you want
your configured application to be in compliance with the Basic Security Profile
(BSP).
If you select None, the key is not encrypted.
The key
encryption algorithm that you select for the consumer side must match the
key encryption algorithm that you select for the generator side.
- Under Additional properties, click Key information references.
- Click New to create a key information configuration, click Delete to
delete an existing configuration, or click the name of an existing key information
configuration to edit the settings. If you are creating a new configuration,
enter a unique name for the key information configuration in the name field.
For example, you might specify con_enckeyinfo.
- Select a key information reference from the Key information reference
field. This selection refers to the name of the key information
that is used for encryption. For more information, see Configuring the key information for the consumer binding on the server or cell level.
- Click OK and Save to save the configuration.
Results
You have configured the encryption information for the consumer binding
at the server or
cell level.
What to do next
You must specify a similar encryption information configuration for
the generator.