Note: This section applies to all hosts, except the Local Commands host. For information about packaging for the Local Commands host, see Configuring Local Commands host.
Use the Packaging tab to configure encryption and decryption of payload files retrieved from the file system (or database payload repository) and stored to the file system (or database payload repository).
The Packaging tab consists of two sections: Partner Packing and Local Packaging. See Configuring partner mailbox packaging and Configuring local mailbox packaging , respectively.
For each Partner and Local Packaging, there are two packaging schemes: OpenPGP and XML Encryption. Both schemes use a public/private key pair established through a shared certificate to perform encryption and decryption. The OpenPGP option also supports digital signing. See Cryptographic Services for general information regarding encryption and signing.
There are certain advanced properties that govern the details of the packaging selections. These properties are listed in the following table. See Setting advanced host properties for more information.
OpenPGP Properties | XML Encryption Properties |
---|---|
PGP Compression Algorithm | XML Encryption Algorithm |
PGP Encryption Algorithm | |
PGP Hash Algorithm | |
PGP Integrity Check | |
PGP Signature Verification | |
PGP V3 Signature |
Configuring partner mailbox packaging
You use the Partner section of the Packaging tab to configure outbound file packaging (files going to your trading partner) and inbound file un-packaging (files coming from your trading partner). This allows you to associate your trading partner's signing/encryption certificate with this mailbox for outbound packaging and associate your signing/decryption certificate with this mailbox for un-packaging inbound data.
Note: If you enable packaging through this panel, and packaging is also enabled through a protocol (for example, S/MIME encryption enabled through the mailbox AS2 tab), the payload will be doubly packaged. For example, if you select AS2 S/MIME encryption and XML Encryption, the XML-encrypted package will be encapsulated within the S/MIME-encrypted package.
Before you configure partner mailbox packaging, you must acquire your trading partner's signing/encryption certificate and provide to yours to your trading partner. See Acquiring your trading partner's signing and encryption certificates and Creating and providing your signing/encryption certificates.
In the Partner section of the Packaging tab, select one of the following options from the Packaging menu and click Configure:
- None - partner packaging is not active.
- OpenPGP - OpenPGP partner packaging is active. See OpenPGP partner mailbox packaging reference for information on setting up OpenPGP partner packaging.
- XML Encryption - XML Encryption partner packaging is active. See XML encryption partner mailbox packaging reference for information on setting up XML Encryption partner packaging.
OpenPGP partner mailbox packaging reference
Note: Values you specify in the Encrypt Outbound, Decrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
When using OpenPGP, if your trading partner has provided an OpenPGP public key, you can use the Certificate Manager to generate a Trusted CA Certificate from an OpenPGP key . See About Certificate Management and Generating trusted CA certificates from OpenPGP or SSH FTP keys. Similarly, if your trading partner requires an OpenPGP public key, you can use the Certificate Manager to export an OpenPGP key . See About Certificate Management and Exporting certificates.
Property | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Encrypt Outbound | Select this check box to enable fields related to encrypting outbound messages.
It is recommended that you enter both your trading partner's certificate and your user certificate as both might be necessary depending upon the options selected. Values you specify in the Encrypt Outbound, Decrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations. |
||||||||||
Decrypt Inbound | Select this check box to enable fields related to decrypting inbound messages.
It is recommended that you enter both your trading partner's certificate and your user certificate as both might be necessary depending upon the options selected. It is important to understand that the Encrypt Outbound, Decrypt Inbound, and certificate fields are shared between the two dialogs. |
||||||||||
Encryption/Signature Verification |
|
||||||||||
Decryption/Signing | By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
|
||||||||||
Outbound Options | A file can be sent to the remote host with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.
|
||||||||||
Inbound Security |
|
XML encryption partner mailbox packaging reference
Note: Values you specify in the Encrypt Outbound, Decrypt Inbound, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Property | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Encrypt Outbound | Select this check box to enable fields related to encrypting outbound messages. | ||||||||
Decrypt Inbound | Select this check box to enable fields related to decrypting inbound messages. | ||||||||
Encryption Certificate | Enabled when you select the Encrypt Outbound check box. Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select. |
||||||||
Decryption Certificate |
Enabled when you select the Decrypt Inbound check box. By default, the encryption certificate you configured on the Certificates tab of the Local Listener panel is used to decrypt your files. See Configuring certificates for Local Listener.
|
Configuring local mailbox packaging
You use the Local section to configure inbound encryption (files stored to the file system/database) and outbound decryption (files retrieved from the file system/database). This allows you to associate your signing/encryption certificate with this mailbox for inbound packaging and your signing/decryption certificate with this mailbox for outbound un-packaging. You can use the same certificate or two different certificates depending on your application. Before you configure Local packaging, you must create or acquire an encryption certificate to use for local storage encryption, decryption, and signing.
In the Local section of the Packaging tab, select one of the following options from the Packaging menu and click Configure:
- None - partner packaging is not active.
- OpenPGP - OpenPGP partner packaging is active. See OpenPGP local mailbox packaging reference for information on setting up OpenPGP partner packaging.
- XML Encryption - XML Encryption partner packaging is active. See XML encryption local mailbox packaging reference for information on setting up XML Encryption partner packaging.
OpenPGP local mailbox packaging reference
Note: Values you specify in the Encrypt Certificate and Decrypt Certificate sections are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Property | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Encrypt Inbound | Select this check box to enable fields related to encrypting inbound messages. Values you specify in the Encrypt/Signature Verification, Decryption/Signing, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations. |
||||||||||
Decrypt Outbound | Select this check box to enable fields related to decrypting outbound messages. Values you specify in the Encrypt/Signature Verification, Decryption/Signing, and certificate fields are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations. |
||||||||||
Encryption/Signature Verification |
|
||||||||||
Decryption/Signing | By default, the signing certificate you configured on the Certificates tab of the Local Listener panel is used to sign and decrypt your files. See Configuring certificates for Local Listener.
|
||||||||||
Inbound Options | A file can be written to the file system/database with any combination of the following options available on the Advanced tab under Configure System Options. See Advanced system options for more information.
|
||||||||||
Outbound Security |
|
XML encryption local mailbox packaging reference
Note: Values you specify in the Encrypt Certificate and Decrypt Certificate sections are shared between the OpenPGP and XML encryption configurations. You can specify these values once in either place to populate both configurations.
Property | Description | ||||||
---|---|---|---|---|---|---|---|
Encrypt Inbound | Select this check box to enable fields related to encrypting inbound messages. | ||||||
Decrypt Outbound | Select this check box to enable fields related to decrypting outbound messages. | ||||||
Encryption Certificate | Enabled when you select the Encrypt Inbound check box. Click Browse to navigate to and select the certificate you want to use. The Certificate field is populated with the path of the certificate you select. |
||||||
Decryption Certificate |
Enabled when you select the Decrypt Outbound check box. By default, the encryption certificate you configured on the Certificates tab of the Local Listener panel is used to decrypt your files. See Configuring certificates for Local Listener.
|
Comments
0 comments
Please sign in to leave a comment.