Use the Packaging tab to configure encryption and decryption of payload files retrieved from the file system (or database payload repository) and stored to the file system (or database payload repository).
The Packaging tab consists of two sections: Partner Packing and Local Packaging. See Configuring partner mailbox packaging and Configuring local mailbox packaging , respectively.
For each Partner and Local Packaging, there are two packaging schemes: OpenPGP and XML Encryption. Both schemes use a public/private key pair established through a shared certificate to perform encryption and decryption. The OpenPGP option also supports digital signing. See Cryptographic Services for general information regarding encryption and signing.
There are certain advanced properties that govern the details of the packaging selections. These properties are listed in the following table. See Setting advanced host properties for more information.
OpenPGP Properties | XML Encryption Properties |
---|---|
PGP Compression Algorithm | XML Encryption Algorithm |
PGP Encryption Algorithm | |
PGP Hash Algorithm | |
PGP Integrity Check | |
PGP Signature Verification | |
PGP V3 Signature |
Configuring partner mailbox packaging
You use the Partner section of the Packaging tab to configure outbound file packaging (files going to your trading partner) and inbound file un-packaging (files coming from your trading partner). This allows you to associate your trading partner's signing/encryption certificate with this mailbox for outbound packaging and associate your signing/decryption certificate with this mailbox for un-packaging inbound data.
Before you configure partner mailbox packaging, you must acquire your trading partner's signing/encryption certificate and provide to yours to your trading partner. See Acquiring your trading partner's signing and encryption certificates and Creating and providing your signing/encryption certificates.
- None - partner packaging is not active.
- OpenPGP - OpenPGP partner packaging is active. See OpenPGP partner mailbox packaging reference for information on setting up OpenPGP partner packaging.
- XML Encryption - XML Encryption partner packaging is active. See XML encryption partner mailbox packaging reference for information on setting up XML Encryption partner packaging.
OpenPGP partner mailbox packaging reference
When using OpenPGP, if your trading partner has provided an OpenPGP public key, you can use the Certificate Manager to generate a Trusted CA Certificate from an OpenPGP key . See About Certificate Management and Generating trusted CA certificates from OpenPGP or SSH FTP keys. Similarly, if your trading partner requires an OpenPGP public key, you can use the Certificate Manager to export an OpenPGP key . See About Certificate Management and Exporting certificates.
- Encrypt Outbound
- Select this check box to enable fields related to encrypting outbound messages.
- Decrypt Inbound
- Select this check box to enable fields related to decrypting inbound messages.
- Encryption/Signature Verification
-
- Certificate
- Enabled when you select either the Encrypt Outbound or Decrypt Inbound check box.
- Decryption/Signing
- By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
- Override Local Listener Certificate
- Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
- Exchange Certificates
- Displays the Certificate Exchange dialog box, which allows you to send your certificates to your trading partner. See Exchanging certificates with your trading partner.
- Certificate Alias
- Password
- Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.
- Outbound Options
-
A file can be sent to the remote host with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.
- Encrypted
- Encrypt using the PGP Encryption Algorithm property.
- Signed
- Sign using the PGP Hash Algorithm.
- Encrypt to My Certificate
- Allow My Certificate as well as Trading Partner’s Certificate to decrypt outbound encrypted files. The Encrypted box must be checked to enable and use this option.
- Armored (Base 64)
- Armor (Base64 encode) the data. Base64 encoding converts binary data to printable ASCII characters.
- Compressed
- Compress using the PGP Compression Algorithm.
- Inbound Security
-
- Force Encryption
- Force Signature
- When you select Force Encryption or Force Signature, all inbound messages are checked for the required security level. An error is logged and the message is rejected if the message is not received according to the corresponding message security settings. If either setting is not selected (default), the message is not checked for conformance with that security setting.
- Allow non-OpenPGP
- Allows non-OpenPGP formatted data to be processed without generating OpenPGP related errors.
XML encryption partner mailbox packaging reference
- Encrypt Outbound
- Select this check box to enable fields related to encrypting outbound messages.
- Decrypt Inbound
- Select this check box to enable fields related to decrypting inbound messages.
- Encryption Certificate
- Enabled when you select the Encrypt Outbound check box.
- Decryption Certificate
- Enabled when you select the Decrypt Inbound check box.
Configuring local mailbox packaging
You use the Local section to configure inbound encryption (files stored to the file system/database) and outbound decryption (files retrieved from the file system/database). This allows you to associate your signing/encryption certificate with this mailbox for inbound packaging and your signing/decryption certificate with this mailbox for outbound un-packaging. You can use the same certificate or two different certificates depending on your application. Before you configure Local packaging, you must create or acquire an encryption certificate to use for local storage encryption, decryption, and signing.
- None - partner packaging is not active.
- OpenPGP - OpenPGP partner packaging is active. See OpenPGP local mailbox packaging reference for information on setting up OpenPGP partner packaging.
- XML Encryption - XML Encryption partner packaging is active. See XML encryption local mailbox packaging reference for information on setting up XML Encryption partner packaging.
OpenPGP local mailbox packaging reference
- Encrypt Inbound
- Select this check box to enable fields related to encrypting inbound messages.
- Decrypt Outbound
- Select this check box to enable fields related to decrypting outbound messages.
- Encryption/Signature Verification
-
- Certificate
- Enabled when you select either the Encrypt Inbound or Decrypt Outbound check box.
- Decryption/Signing
- By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
- Override Local Listener Certificate
- Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
- Certificate Alias
- Password
- Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.
- Inbound Options
- A file can be written to the file system/database with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.
- Encrypted
- Encrypt using the PGP Encryption Algorithm property.
- Signed
- Sign using the PGP Hash Algorithm.
- Encrypt to My Certificate
- Allow My Certificate as well as Trading Partner’s Certificate to decrypt outbound encrypted files. The Encrypted box must be checked to enable and use this option.
- Armored (Base 64)
- Armor (Base64 encode) the data. Base64 encoding converts binary data to printable ASCII characters.
- Compressed
- Compress using the PGP Compression Algorithm.
- Outbound Security
-
- Force Encryption
- Force Signature
- When you select Force Encryption or Force Signature, all outbound files are checked for the required security level. An error is logged and the message is rejected if the message is not received according to the corresponding message security settings. If either setting is not selected (default), the message is not checked for conformance with that security setting.
- Allow non-OpenPGP
- Allows non-OpenPGP formatted data to be processed without generating OpenPGP related errors.
XML encryption local mailbox packaging reference
- Encrypt Inbound
- Select this check box to enable fields related to encrypting inbound messages.
- Decrypt Outbound
- Select this check box to enable fields related to decrypting outbound messages.
- Encryption Certificate
- Enabled when you select the Encrypt Inbound check box.
- Decryption Certificate
- Enabled when you select the Decrypt Outbound check box.
Comments
0 comments
Please sign in to leave a comment.