MQe supplies two alternative attributes for message-level security.
MQeMAttribute
This suits business-to-business communications
where mutual trust is tightly managed in the application layer and requires
no trusted third party. It allows use of all available MQe symmetric cryptor
and compressor choices. Like local security it requires the attribute's key
to be preset before it is supplied as a parameter on putMessage() and
getMessage(). This provides a simple and powerful method for message-level
protection that enables use of strong encryption to protect message confidentiality,
without the overhead of any public key infrastructure (PKI).
MQeMTrustAttribute
Note: The
MQeMTrustAttribute does not apply to the C code base.
This
provides a more advanced solution using digital signatures and exploiting
the default public key infrastructure to provide a digital envelope style
of protection. It uses ISO9796 digital signature or validation so that the
receiving application can establish proof that the message came from the purported
sender. The supplied attribute's cryptor protects message confidentiality.
SHA1 digest guarantees message integrity and RSA encryption and decryption,
ensuring that the message can only be restored by the intended recipient.
As with MQeMAttribute, it allows use of
all available MQe symmetric cryptor and compressor choices. Chosen for size
optimization, the certificates used are mini-certificates which conform
to the WTLS Specification approved by the WAP forum. MQe provides a default
public key infrastructure to distribute the certificates as required to encrypt
and authenticate the messages.
A typical MQeMTrustAtribute protected
message has the format: