Posts Tagged ‘Encrypt Elements

Encrypting XML Messages

The following instructions describe how to encrypt outgoing responses for a handler or basic virtual service object. You can also configure encryption for service descriptors, in which case the outgoing request is encrypted. The procedure is similar to that described here.

To set up encryption of outgoing responses:

Step 1

While logged on to the console as an Administrator user or as a Privileged user with the Routing role, click Virtual Services link in the navigation menu.

Step 2

Click the name of the virtual service object for which you want to configure XML encryption.

As mentioned, for XML encryption controls to be enabled for the service definition, its message specification must indicate that it is XML data. It cannot be raw byte data, for example, which is the default for non-SOAP HTTP service definitions. The Response Message Specification pane indicates how the message content is treated, whether as XML or as raw byte. If necessary, change message-body handling settings by:

  1. Clicking the Edit link in the heading of the Response Message Specification subsection of the Outgoing Response section of the page.
  2. Use the editor’s controls to specify that the handler treat the bodies of outgoing response messages as XML.
  3. Click Save Changes.

Step 3

In the service definition settings page, specify content encryption by clicking the Add Encryption Listor the Enable link in the XML Encryption pane of the message processing section.

Step 4

In the XML Encryption configuration page, use the following controls to specify how encryption occurs:

  1. The public key attribute of the consumer that sent the original request message
  2. The public key used to sign the original request message.
  3. A public key set by an extension created with the ACE XML Gateway SDK. This is onlyavailable if any extensions are on the ACE XML Manager. This ability is useful if an extension performs client authentication and it has access to the user’s public key, which can then be used in message processing.
  4. Any public key that a Consumer Certificate Resource provides to the ACE XML Manager. The Upload button allows you to add as a named Consumer Certificate Resource an XML certificate or keypair from the local file system or by URL.

You can create as many XPath expressions as necessary to select elements to encrypt. For SOAP services, if the expression matches multiple elements in the message, all are encrypted. For HTTP post body, only the first element is matched.


Tags : , , , , , , , , , , , , , , , , , ,