MQe supplies two alternative attributes for message-level security.
MQeMAttribute
This suits business-to-business communications
where mutual trust is tightly managed in the application layer and requires
no trusted third party. It allows use of all available MQe symmetric cryptor
and compressor choices. Like local security it requires the attribute's key
to be preset before it is supplied as a parameter on putMessage() and
getMessage(). This provides a simple and powerful method for message-level
protection that enables use of strong encryption to protect message confidentiality,
without the overhead of any public key infrastructure (PKI).
MQeMTrustAttribute
Note: The MQeMTrustAttribute
does not apply to the C codebase.
This provides a more advanced solution
using digital signatures and exploiting the default public key infrastructure
to provide a digital envelope style of protection. It uses ISO9796 digital
signature or validation so that the receiving application can establish proof
that the message came from the purported sender. The supplied attribute's
cryptor protects message confidentiality. SHA1 digest guarantees message integrity
and RSA encryption and decryption, ensuring that the message can only be restored
by the intended recipient. As with MQeMAttribute,
it allows use of all available MQe symmetric cryptor and compressor choices.
Chosen for size optimization, the certificates used are mini-certificates
which conform to the WTLS Specification approved by the WAP forum. MQe provides
a default public key infrastructure to distribute the certificates as required
to encrypt and authenticate the messages.
A typical MQeMTrustAtribute protected
message has the format: