Posts Tagged ‘Encryption Algorithm

Transport Layer Security Protocol

TLS (Transport Layer Security) was released in response to the Internet community’s demands for a standardized protocol. The IETF provided a venue for the new protocol to be openly discussed, and encouraged developers to provide their input to the protocol.

The TLS protocol was released in January 1999 to create a standard for private communications. The protocol “allows client/server applications to communicate in a way that is designed to prevent eavesdropping,tampering or message forgery.” According to the protocol’s creators, the goals of the TLS protocol are cryptographic security, interoperability, extensibility, and relative efficiency.These goals are achieved through implementation of the TLS protocol on two levels: the TLS Record protocol and the TLS Handshake protocol.

TLS Record Protocol

The TLS Record protocol negotiates a private, reliable connection between the client and the server. Though the Record protocol can be used without encryption, it uses symmetric cryptography keys, to ensure a private connection. This connection is secured through the use of hash functions generated by using a Message Authentication Code.

TLS Handshake Protocol

The TLS Handshake protocol allows authenticated communication to commence between the server and client. This protocol allows the client and server to speak the same language, allowing them to agree upon an encryption algorithm and encryption keys before the selected application protocol begins to send data. Using the same handshake protocol procedure as SSL, TLS provides for authentication of the server, and optionally, the client.

Tags : , , , , , , , , , , , ,

Encrypting XML Messages

The following instructions describe how to encrypt outgoing responses for a handler or basic virtual service object. You can also configure encryption for service descriptors, in which case the outgoing request is encrypted. The procedure is similar to that described here.

To set up encryption of outgoing responses:

Step 1

While logged on to the console as an Administrator user or as a Privileged user with the Routing role, click Virtual Services link in the navigation menu.

Step 2

Click the name of the virtual service object for which you want to configure XML encryption.

As mentioned, for XML encryption controls to be enabled for the service definition, its message specification must indicate that it is XML data. It cannot be raw byte data, for example, which is the default for non-SOAP HTTP service definitions. The Response Message Specification pane indicates how the message content is treated, whether as XML or as raw byte. If necessary, change message-body handling settings by:

  1. Clicking the Edit link in the heading of the Response Message Specification subsection of the Outgoing Response section of the page.
  2. Use the editor’s controls to specify that the handler treat the bodies of outgoing response messages as XML.
  3. Click Save Changes.

Step 3

In the service definition settings page, specify content encryption by clicking the Add Encryption Listor the Enable link in the XML Encryption pane of the message processing section.

Step 4

In the XML Encryption configuration page, use the following controls to specify how encryption occurs:

  1. The public key attribute of the consumer that sent the original request message
  2. The public key used to sign the original request message.
  3. A public key set by an extension created with the ACE XML Gateway SDK. This is onlyavailable if any extensions are on the ACE XML Manager. This ability is useful if an extension performs client authentication and it has access to the user’s public key, which can then be used in message processing.
  4. Any public key that a Consumer Certificate Resource provides to the ACE XML Manager. The Upload button allows you to add as a named Consumer Certificate Resource an XML certificate or keypair from the local file system or by URL.

You can create as many XPath expressions as necessary to select elements to encrypt. For SOAP services, if the expression matches multiple elements in the message, all are encrypted. For HTTP post body, only the first element is matched.

 

Tags : , , , , , , , , , , , , , , , , , ,