Sign in
< Back to User Guide Top

Configuring mailbox packaging

Note: This section applies to all hosts, except the Local Commands host. For information about packaging for the Local Commands host, see Configuring Local Commands host.

Use the Packaging tab to configure encryption and decryption of payload files retrieved from the file system (or database payload repository) and stored to the file system (or database payload repository). 

The Packaging tab consists of two sections: Partner Packing and Local Packaging. See Configuring partner mailbox packaging and Configuring local mailbox packaging , respectively.

For each Partner and Local Packaging, there are two packaging schemes:  OpenPGP and XML Encryption. Both schemes use a public/private key pair established through a shared certificate to perform encryption and decryption. The OpenPGP option also supports digital signing.  See Cryptographic Services for general information regarding encryption and signing.

There are certain advanced properties that govern the details of the packaging selections.  These properties are listed in the following table.  See Setting advanced host properties for more information.

 
OpenPGP Properties XML Encryption Properties
PGP Compression Algorithm XML Encryption Algorithm
PGP Encryption Algorithm  
PGP Hash Algorithm  
PGP Integrity Check  
PGP Signature Verification  
PGP V3 Signature  

Configuring partner mailbox packaging

You use the Partner section of the Packaging tab to configure outbound file packaging (files going to your trading partner) and inbound file un-packaging (files coming from your trading partner). This allows you to associate your trading partner's signing/encryption certificate with this mailbox for outbound packaging and associate your signing/decryption certificate with this mailbox for un-packaging inbound data. 

Note: If you enable packaging through this panel, and packaging is also enabled through a protocol (for example, S/MIME encryption enabled through the mailbox AS2 tab), the payload will be doubly packaged. For example, if you select AS2 S/MIME encryption and XML Encryption, the XML-encrypted package will be encapsulated within the S/MIME-encrypted package.

Before you configure partner mailbox packaging, you must acquire your trading partner's signing/encryption certificate and provide to yours to your trading partner. See Acquiring your trading partner's signing and encryption certificates and Creating and providing your signing/encryption certificates.

In the Partner section of the Packaging tab, select one of the following options from the Packaging menu and click Configure:

OpenPGP partner mailbox packaging reference

Note: Values you specify in the Encrypt OutboundDecrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.

When using OpenPGP, if your trading partner has provided an OpenPGP public key, you can use the Certificate Manager to generate a Trusted CA Certificate from an OpenPGP key . See About Certificate Management and Generating trusted CA certificates from OpenPGP or SSH FTP keys. Similarly, if your trading partner requires an OpenPGP public key, you can use the Certificate Manager to export an OpenPGP key . See About Certificate Management and Exporting certificates.

Encrypt Outbound
Select this check box to enable fields related to encrypting outbound messages.
It is recommended that you enter both your trading partner's certificate and your user certificate as both might be necessary depending upon the options selected.
Values you specify in the Encrypt OutboundDecrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Decrypt Inbound
Select this check box to enable fields related to decrypting inbound messages.
it is recommended that you enter both your trading partner's certificate and your user certificate as both might be necessary depending upon the options selected.
It is important to understand that the Encrypt OutboundDecrypt Inbound, and certificate fields are shared between the two dialogs.
Encryption/Signature Verification
Certificate
Enabled when you select either the Encrypt Outbound or Decrypt Inbound check box.
Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select.
If multiple recipients are required, you can use the SET command to specify multiple certificates using the ‘|’ (pipe) character. For example: 
SET mailbox.PartnerPGPEncryptionCert=certs\companyA.cer  | certs\personB.cer | certs\trunk.cer | certs\companyC.p7b
Decryption/Signing
By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
Override Local Listener Certificate
Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
If you override the default certificates, you must also exchange the certificates you specify here with your partner.
Exchange Certificates
Displays the Certificate Exchange dialog box, which allows you to send your certificates to your trading partner. See Exchanging certificates with your trading partner.
If you choose to schedule the PGP packaging certificate for future use, there is a field available, Allow Overlapping Key Usage, that lets you choose how certificates should be used when their schedules overlap. See Allowing overlapping signing/encryption keys.
Certificate Alias
Password
Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.
Outbound Options

A file can be sent to the remote host with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.

Encrypted
Encrypt using the PGP Encryption Algorithm property.
Signed
Sign using the PGP Hash Algorithm.
Encrypt to My Certificate
Allow My Certificate as well as Trading Partner’s Certificate to decrypt outbound encrypted files. The Encrypted box must be checked to enable and use this option.
Armored (Base 64)
Armor (Base64 encode) the data. Base64 encoding converts binary data to printable ASCII characters.
Compressed
Compress using the PGP Compression Algorithm.
Inbound Security
Force Encryption
Force Signature
When you select Force Encryption or Force Signature, all inbound messages are checked for the required security level. An error is logged and the message is rejected if the message is not received according to the corresponding message security settings. If either setting is not selected (default), the message is not checked for conformance with that security setting.
Allow non-OpenPGP
Allows non-OpenPGP formatted data to be processed without generating OpenPGP related errors.

XML encryption partner mailbox packaging reference

Note: Values you specify in the Encrypt OutboundDecrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Encrypt Outbound
Select this check box to enable fields related to encrypting outbound messages.
Decrypt Inbound
Select this check box to enable fields related to decrypting inbound messages.
Encryption Certificate
Enabled when you select the Encrypt Outbound check box.
Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select.
Decryption Certificate
Enabled when you select the Decrypt Inbound check box.
By default, the encryption certificate you configured on the Certificates tab of the Local Listener panel is used to decrypt your files. See Configuring certificates for Local Listener.
Override Local Listener Certificate
Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
If you override the default certificates, you must also exchange the certificates you specify here with your partner.
Exchange Certificates
Displays the Certificate Exchange dialog box, which allows you to send your certificates to your trading partner. See Exchanging certificates with your trading partner.
Certificate Alias
Password
Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.

Configuring local mailbox packaging 

You use the Local section to configure inbound encryption (files stored to the file system/database) and outbound decryption (files retrieved from the file system/database).  This allows you to associate your signing/encryption certificate with this mailbox for inbound packaging and your signing/decryption certificate with this mailbox for outbound un-packaging. You can use the same certificate or two different certificates depending on your application. Before you configure Local packaging, you must create or acquire an encryption certificate to use for local storage encryption, decryption, and signing. 

In the Local section of the Packaging tab, select one of the following options from the Packaging menu and click Configure:

OpenPGP local mailbox packaging reference

Note: Values you specify in the Encrypt Certificate and Decrypt Certificate sections are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Encrypt Inbound
Select this check box to enable fields related to encrypting inbound messages.
Values you specify in the Encrypt/Signature VerificationDecryption/Signing, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Decrypt Outbound
Select this check box to enable fields related to decrypting outbound messages.
Values you specify in the Encrypt/Signature VerificationDecryption/Signing, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Encryption/Signature Verification
Certificate
Enabled when you select either the Encrypt Inbound or Decrypt Outbound check box.
Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select.
Decryption/Signing
By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
Override Local Listener Certificate
Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
If you override the default certificates, you must also exchange the certificates you specify here with your partner.
Certificate Alias
Password
Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.
Inbound Options
A file can be written to the file system/database with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.
Encrypted
Encrypt using the PGP Encryption Algorithm property.
Signed
Sign using the PGP Hash Algorithm.
Encrypt to My Certificate
Allow My Certificate as well as Trading Partner’s Certificate to decrypt outbound encrypted files. The Encrypted box must be checked to enable and use this option.
Armored (Base 64)
Armor (Base64 encode) the data. Base64 encoding converts binary data to printable ASCII characters.
Compressed
Compress using the PGP Compression Algorithm.
Outbound Security
Force Encryption
Force Signature
When you select Force Encryption or Force Signature, all outbound files are checked for the required security level. An error is logged and the message is rejected if the message is not received according to the corresponding message security settings. If either setting is not selected (default), the message is not checked for conformance with that security setting.
Allow non-OpenPGP
Allows non-OpenPGP formatted data to be processed without generating OpenPGP related errors.

XML encryption local mailbox packaging reference

Note: Values you specify in the Encrypt Certificate and Decrypt Certificate sections are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Encrypt Inbound
Select this check box to enable fields related to encrypting inbound messages.
Decrypt Outbound
Select this check box to enable fields related to decrypting outbound messages.
Encryption Certificate
Enabled when you select the Encrypt Inbound check box.
Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select.
Decryption Certificate
Enabled when you select the Decrypt Outbound check box.
By default, the encryption certificate you configured on the Certificates tab of the Local Listener panel is used to decrypt your files. See Configuring certificates for Local Listener.
Override Local Listener Certificate
Enables fields where you specify a certificate to use instead of the one you configured for the Local Listener. See Configuring certificates for Local Listener.
If you override the default certificates, you must also exchange the certificates you specify here with your partner.
Certificate Alias
Password
Click Browse to navigate to and select a certificate. Enter the Password for your certificate's private key.
 

Related articles

Comments

0 comments

Please sign in to leave a comment.