Secure feature choices

MQe supplies two alternative attributes for message-level security.
MQeMAttribute
This suits business-to-business communications where mutual trust is tightly managed in the application layer and requires no trusted third party. It allows use of all available MQe symmetric cryptor and compressor choices. Like local security it requires the attribute's key to be preset before it is supplied as a parameter on putMessage() and getMessage(). This provides a simple and powerful method for message-level protection that enables use of strong encryption to protect message confidentiality, without the overhead of any public key infrastructure (PKI).
MQeMTrustAttribute
Note: The MQeMTrustAttribute does not apply to the C code base.
This provides a more advanced solution using digital signatures and exploiting the default public key infrastructure to provide a digital envelope style of protection. It uses ISO9796 digital signature or validation so that the receiving application can establish proof that the message came from the purported sender. The supplied attribute's cryptor protects message confidentiality. SHA1 digest guarantees message integrity and RSA encryption and decryption, ensuring that the message can only be restored by the intended recipient. As with MQeMAttribute, it allows use of all available MQe symmetric cryptor and compressor choices. Chosen for size optimization, the certificates used are mini-certificates which conform to the WTLS Specification approved by the WAP forum. MQe provides a default public key infrastructure to distribute the certificates as required to encrypt and authenticate the messages.
A typical MQeMTrustAtribute protected message has the format:
RSA-enc{SymKey}, SymKey-enc{Data, DataDigest, DataSignature}
 RSA-enc{SymKey}, SymKey-enc {Data, DataDigest, DataSignature}
where:
RSA-enc:
RSA encrypted with the intended recipient's public key, from his mini-certificate
SymKey:
Generated pseudo-random symmetric key
SymKey-enc:
Symmetrically encrypted with the SymKey
Data:
Message data
DataDigest:
Digest of message data
DigSignature:
Initiator's digital signature of message data

Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.