WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Encryption information configuration settings

Use this page to configure the encryption and decryption parameters. You can use these parameters to encrypt and decrypt various parts of the message, including the body and user name token.

To view the administrative console panel for the encryption information on the cell level, complete the following steps:
  1. Click Security > Web services.
  2. Under either Default generator bindings or Default consumer bindings, click Encryption information.
  3. Click either New to create a new encryption configuration or click the name of an existing encryption configuration.
To view the administrative console panel for the encryption information on the server level, complete the following steps:
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under either Default generator bindings or Default consumer bindings, click Encryption information.
  4. Click either New to create a new encryption configuration or click the name of an existing encryption configuration.
To view this administrative console page for the collection certificate store on the application level, complete the following steps:
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. [Version 6 only]Under Additional properties, you can access encryption information for the following bindings:
    • For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom. Under Required properties, click Encryption information.
    • For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom. Under Required properties, click Encryption information.
    • For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom. Under Required properties, click Encryption information.
    • For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom. Under Required properties, click Encryption information.
  4. [Version 5 only]Under Additional properties, you can access encryption information for the following bindings:
    • For the Request receiver, click Web services: Server security bindings. Under Request receiver binding, click Edit. Under Additional properties, click Encryption information.
    • For the Response receiver, click Web services: Client security bindings. Under Response receiver binding, click Edit. Under Additional properties, click Encryption information.
  5. Click either New to create a new encryption configuration or click the name of an existing encryption configuration.
Encryption information name

Specifies the name for the encryption information.

Data type String
Data encryption algorithm

Specifies the algorithm URI of the data encryption method.

The following algorithms are supported:

By default, the Java Cryptography Extension (JCE) is shipped with restricted or limited strength ciphers. To use 192-bit and 256- bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files. For more information, see the Key encryption algorithm field description.

Key locator reference

Specifies the name of the key locator configuration that retrieves the key for XML digital signature and XML encryption.

The Key locator reference field is displayed for the request receiver and response receiver bindings, which are used by Version 5.x applications.

You can configure these key locator reference options on the server level, the cell level, and the application level. The configurations that are listed in the field are a combination of the configurations on these three levels.

You can specify an encryption key configuration for the following bindings on the following levels:
Binding name Cell level, server level, or application level Path
Default generator binding Cell level
  1. Click Security > Web services.
  2. Under Additional properties, click Key locators.
Default consumer bindings Cell level
  1. Click Security > Web services.
  2. Under Additional properties, click Key locators.
Default generator binding Server level
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Additional properties, click Key locators.
Default consumer binding Server level
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Additional properties, click Key locators.
[Version 5 only]Request sender [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Click Web services: Client security bindings. Under Request sender binding, click Edit.
  4. Under Additional properties, click Key locators.
[Version 5 only]Request receiver [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Click Web services: Server security bindings. Under Request receiver binding, click Edit.
  4. Under Additional properties, click Key locators.
[Version 5 only]Response sender [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Click Web services: Server security bindings. Under Response sender binding, click Edit.
  4. Under Additional properties, click Key locators.
[Version 5 only]Response receiver [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Click Web services: Client security bindings. Under Response receiver binding, click Edit.
  4. Under Additional properties, click Key locators.
Key encryption algorithm

Specifies the algorithm Uniform Resource Identifier (URI) of the key encryption method.

By default, the Java Cryptography Extension (JCE) ships with restricted or limited strength ciphers. To use 192-bit and 256- bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files. Before downloading these policy files, back up the existing policy files (local_policy.jar and US_export_policy.jar in the WAS_HOME/jre/lib/security/ directory) prior to overwriting them in case you want to restore the original files later. To download the policy files, complete either of the following sets of steps:
  • For WebSphere Application Server platforms using IBM Developer Kit, Java Technology Edition Version 1.4.2, including the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction policy files by completing the following steps:
    1. Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html
    2. Click Java 1.4.2
    3. Click IBM SDK Policy files.

      The Unrestricted JCE Policy files for SDK 1.4 Web site is displayed.

    4. Enter your user ID and password or register with IBM to download the policy files. The policy files are downloaded onto your machine.
  • For WebSphere Application Server platforms using the Sun-based Java Development Kit (JDK) Version 1.4.2, including the Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction policy files by completing the following steps:
    1. Go to the following Web site: http://java.sun.com/j2se/1.4.2/download.html
    2. Click Archive area.
    3. Locate the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.2 information and click Download. The policy file is downloaded onto your machine.
After following either of these sets of steps, two Java archive (JAR) files are placed in the Java virtual machine (JVM) jre/lib/security/ directory.
To specify custom algorithms on the cell level, complete the following steps:
  1. Click Security > Web services.
  2. Under Additional properties, click Algorithm mappings.
  3. Click New to specify a new algorithm mapping or click the name of an existing configuration to modify its settings.
  4. Under Additional properties, click Algorithm URI.
  5. Click New to create a new algorithm URI. You must specify Key encryption in the Algorithm type field to have the configuration display in the Key encryption algorithm field on the Encryption information configuration settings panel.
To specify custom algorithms on the server level, complete the following steps:
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Additional properties, click Algorithm mappings.
  4. Click New to specify a new algorithm mapping or click the name of an existing configuration to modify its settings.
  5. Under Additional properties, click Algorithm URI.
  6. Click New to create a new algorithm URI. You must specify Key encryption in the Algorithm type field to have the configuration display in the Key encryption algorithm field on the Encryption information configuration settings panel.
Encryption key information

Specifies the name of the key information reference that is used for encryption. This reference is resolved to the actual key by the specified key locator and defined in the key information.

[Version 6 only]You must specify either one or no encryption key configurations for the request generator and response generator bindings.

[Version 6 only]For the response consumer and the request consumer bindings, you can configure multiple encryption key references. To create a new encryption key reference, under Additional properties, click Key information references.

You can specify an encryption key configuration for the following bindings on the following levels:
Binding name Cell level, server level, or application level Path
Default generator binding Cell level
  1. Click Security > Web services.
  2. Under Default generator binding, click Key information.
Default consumer binding Cell level
  1. Click Security > Web services.
  2. Under Default consumer binding, click Key information.
Default generator binding Server level
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Default generator binding, click Key information.
Default consumer binding Server level
  1. Click Servers > Application servers > server_name.
  2. Under Security, click Web services: Default bindings for Web services security.
  3. Under Default consumer binding, click Key information.
[Version 5 only]Request generator (sender) binding [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Under Additional properties, click Web services: Client security bindings.
  4. Under Request generator (sender) binding, click Edit custom.
  5. Under Required properties, click Key information.
[Version 5 only]Response generator (sender) binding [Version 5 only]Application level [Version 5 only]
  1. Click Applications > Enterprise applications > application_name.
  2. Under Related items, click EJB modules or Web modules > URI_name.
  3. Under Additional properties, click Web services: Server security bindings.
  4. Under Response generator (sender) binding, click Edit custom.
  5. Under Required properties, click Key information.
Part Reference

Specifies the name of the <confidentiality> element for the generator binding or the <requiredConfidentiality> element for the consumer binding element in the deployment descriptor.

This field is available on the application level only.




Related reference
Encryption information collection
Key locator collection
Encryption information configuration settings

Reference topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/uwbs_encryptrrb.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)