Encryption information configuration settings
Use this page to configure the encryption and decryption parameters.
The specifications listed on this page for the signature method, digest
method, and canonicalization method are located in the World Wide Web Consortium
(W3C) document entitled, XML Encryption Syntax and Processing: W3C Recommendation
10 Dec 2002.
To view this administrative console page, complete the following steps:
- Click Applications > Enterprise Applications > application_name.
- Under Related Items, click Web Module > URI_file_name > Web
Services: Server Security Bindings.
- Under Response Sender Binding, click Edit > Encryption Information.
- If the encryption information is not available, select None.
- If the encryption information is available, select Dedicated Encryption
Information.
Then, specify the configuration in the following fields:
- Encryption Information Name
- Specifies the name for the encryption information.
- Key Locator Reference
- Specifies the name used to reference the key locator.
To specify key locator references, click Servers > Application Servers
> server_name. Under Additional Properties, click Web Services:
Default bindings for Web Services Security > Key Locators.
- Encryption Key Name
- Specifies the name of the encryption key, which is resolved to
the actual key by the specified key locator.
- Key Encryption Algorithm
- Specifies the algorithm URI of the key encryption method.
The following algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
By default the Java Cryptography Extension (JCE) is shipped with restricted
or limited strength ciphers. To use 192-bit and 256- bit Advanced Encryption
Standard (AES) encryption algorithms, you must apply unlimited jurisdiction
policy files. Before downloading these policy files, back up the existing
policy files (local_policy.jar and US_export_policy.jar in the jre/lib/security/ directory)
prior to overwriting them in case you want to restore the original files later.
To download the policy files, complete either of the following sets of steps:
For WebSphere Application Server platforms
using IBM Developer Kit, Java Technology Edition Version 1.4.1, including
the AIX, Linux, and Windows platforms, you can obtain unlimited jurisdiction
policy files by completing the following steps:
- Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html
- Click Java 1.4.1
- Click IBM SDK Policy files.
The Unrestricted JCE Policy files
for SDK 1.4 Web site is displayed.
- Enter your user ID and password or register with IBM to download the policy
files. The policy files are downloaded onto your machine.
For WebSphere Application Server platforms
using the Sun-based Java Development Kit (JDK) Version 1.4.1, including the
Solaris environments and the HP-UX platform, you can obtain unlimited jurisdiction
policy files by completing the following steps:
- Go to the following Web site: http://java.sun.com/j2se/1.4.1/download.html
- Locate the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
Policy Files 1.4.1 information and click Download. The jce_policy-1_4_1.zip file
is downloaded onto your machine.
After following either of these sets of steps, two Java Archive (JAR)
files are placed in the JVM jre/lib/security/ directory.
- Data Encryption Algorithm
- Specifies the algorithm Uniform Resource Identifiers (URI) of the
data encryption method.
The following algorithm is supported:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
By default the JCE is shipped with restricted or limited strength ciphers.
To use 192-bit and 256- bit AES encryption algorithms, you must apply unlimited
jurisdiction policy files.

Securing Web services using XML encryption

Encryption information collection
Key locator collection
Searchable topic ID:
uwbs_encryptrsb
Last updated: Jun 21, 2007 8:07:48 PM CDT
WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/uwbs_encryptrsb.html