Before you begin
Important distinction between Version 5.x and Version 6.0.x applications
Note: The
information in this article supports version 5.x applications only that are
used with WebSphere Application Server Version 6.0.x. The information does
not apply to version 6.0.x applications.
Prior to completing these
steps, read either of the following topics to become familiar with the Extensions
tab and the Binding configurations tab in the Web services editor within an
assembly tool:
These two tabs are used to configure the Web services security
extensions and Web services security bindings, respectively.
Why and when to perform this task
Complete the following steps to specify which method the server
uses to encrypt the response message:
Steps for this task
- Launch an assembly tool. For more information on the
assembly tools, see Assembly tools.
- Click Windows > Open perspective > Other > J2EE.
- Click EJB Projects > application_name > ejbModule
> META_INF.
- Right-click the webservices.xml file, and click Open
with > Web services editor.
- Click the Binding Configurations tab, which is located at the bottom
of the Web Services Editor within the assembly tool.
- Expand Response sender binding configuration details > Encryption
information.
- Click Edit to view the encryption information. The
following table describes the purpose of this information. Some of these definitions
are based on the XML-Encryption specification, which is located at the following
Web address: http://www.w3.org/TR/xmlenc-core
- Encryption name
- Refers to the name of the encryption information entry.
- Data encryption method algorithm
- Encrypts and decrypts data in fixed size, multiple octet blocks.
The algorithm selected for the server response sender configuration must match
the algorithm selected in the client response receiver configuration.
- Key encryption method algorithm
- Represents public key encryption algorithms that are specified for encrypting
and decrypting keys. The algorithm selected for the server response
sender configuration must match the algorithm selected in the client response
receiver configuration.
- Encryption key name
- Represents a Subject from a public key certificate typically distinguished
name (DN) that is found by the encryption key locator and used by the key
encryption method algorithm to encrypt the private key. The private
key is used to encrypt the data.
The key name chosen in the server
response sender encryption information must be the public key of the key configured
in the client response receiver encryption information. Encryption by
the response sender must be done using the public key and decryption must
be done by the response receiver using the associated private key (the personal
certificate of the response receiver).
- Encryption key locator
- The encryption key locator represents a reference to a key locator implementation
class that finds the correct key store where the alias and the certificate
exist. For more information on configuring key locators, see Configuring key locators using an assembly tool and Configuring key locators using the administrative console.
- Select Show only FIPS Compliant Algorithms if you only want
the FIPS compliant algorithms to be shown in the Data Encryption method algorithm
and Key Encryption method algorithm drop-down lists. Use this option if you
expect this application to be run on a WebSphere Application Server that has
set the Use the Federal Information Processing Standard (FIPS) option
in the Global security panel of the WebSphere Administrative Console.
Result
The encryption key name chosen must refer to a public key of the
response receiver. For the encryption key name, use the Subject of the public
key certificate, typically a Distinguished Name (DN). The name chosen is used
by the default key locator to find the key. If you write a custom key locator
, the encryption key name might be anything used by the key locator to find
the correct encryption key (a public key). The encryption key locator references
the implementation class that finds the correct key store where the alias
and certificate exist. For more information, see Configuring key locators using an assembly tool and Configuring key locators using the administrative console.