Local security protects WebSphere MQ Everyplace message or MQeFields data locally. This is achieved by creating an attribute with an appropriate symmetric cryptor and compressor, creating and setting up an appropriate key, by providing a password. The key is explicitly attached to the attribute, and the attribute is attached to the WebSphere MQ Everyplace message. WebSphere MQ Everyplace provides the MQeLocalSecure Java class and C API to assist with the setup of local security, but in all cases it is the responsibility of the local security user (WebSphere MQ Everyplace internally or a WebSphere MQ Everyplace application) to set up an appropriate attribute and manage the password key.
Local security provides protection for WebSphere MQ Everyplace data, MQeFields objects, including Java message objects, for example MQeMsgObject. The protected data is returned in a byte array. To apply local security to a data object you must:
The authenticator determines how access to the data is controlled. It is invoked every time a piece of data is acessed. The cryptor determines the cryptographic strength protecting the data confidentiality. The compressor determines the amount of storage required by the message.
WebSphere MQ Everyplace provides the MQeLocalSecure class to assist with the use of local security. However, it is the responsibility of the local security user to setup an appropriate attribute and provide the password. MQeLocalSecure provides the function to protect the data and to save and restore it from backing storage. If an application chooses to attach an attribute to a message without using MQeLocalSecure, it also needs to save the data after using dump and must retrieve the data before using restore.