For inbound messages, CICS can decrypt any encrypted elements in the SOAP body, and encrypted SOAP header blocks where the body is also encrypted. For outbound messages, CICS encrypts the entire SOAP body.
A SOAP message is an XML document, consisting of an <Envelope> element, which contains an optional <Header> element, and a mandatory <Body> element.
WSS: SOAP Message Security allows some of the contents of the <Header> and all of the contents of the <Body> to be encrypted at the element level. That is, in a given message, individual elements can have different levels of encryption, or can be encrypted using different algorithms. For example, in a SOAP message used in an online purchasing application, it would be appropriate to encrypt an individual's credit card details in order to ensure that they remain confidential. However, to avoid the overhead of encrypting the entire message, some information might safely be encrypted using a less secure (but faster) algorithm, and other information might safely be left unencrypted.
For outbound messages, message handler DFHWSSE1 supports encryption of the contents of the SOAP <Body> only; it does not encrypt any elements in the <Header>. When DFHWSSE1 encrypts the <Body>, all elements within the body are encrypted with the same algorithm and using the same key. The algorithm, and information about the key, are specified in the handler's configuration information.