Use this page to configure the encryption and decryption parameters for the signature method, digest method, and canonicalization method.
The specifications that are listed on this page for the signature method, digest method, and canonicalization method are located in the World Wide Web Consortium (W3C) document entitled, XML Encryption Syntax and Processing: W3C Recommendation 10 Dec 2002.
Specifies the name of the key locator configuration that retrieves the key for XML digital signature and XML encryption.
Specifies the name that is used to reference the key locator.
You can configure these key locator reference options on the cell level, the server level, and the application level. The configurations that are listed in the field are a combination of the configurations on these three levels.
Specifies the name of the encryption key that is resolved to the actual key by the specified key locator.
Data type | String |
Specifies the algorithm uniform resource identifier (URI) of the key encryption method.
To use this algorithm, you must download the unrestricted Java Cryptography Extension (JCE) policy file.
To use this algorithm, you must download the unrestricted JCE policy file.
By default, the Java Cryptography Extension (JCE) is shipped with restricted or limited strength ciphers. To use 192-bit and 256-bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files.
The Unrestricted JCE Policy files for SDK 1.4 Web site is displayed.
For the i5/OS operating system and IBM Software Development Kit Version 1.4, the tuning of Web services security is not required. The unrestricted jurisdiction policy files for the IBM Software Development Kit Version 1.4 are automatically configured when the prerequisite software is installed.
For the i5/OS operating system V5R3 and IBM Software Development Kit Version 1.4, the unrestricted jurisdiction policy files for the IBM Software Development Kit Version 1.4 are automatically configured by installing product 5722AC3, Crypto Access Provider 128-bit.
For the i5/OS operating system V5R4 and IBM Software Development Kit Version 1.4, the unrestricted jurisdiction policy files for the IBM Java Developer Kit 1.4 are automatically configured by installing product 5722SS1 Option 3, Extended Base Directory Support.
For i5/OS (both V5R3 and V5R4) and IBM Software Development Kit 1.5, the restricted JCE jurisdiction policy files are configured, by default. You can download the unrestricted JCE jurisdiction policy files from the following Web site: IBM developer kit: IBM J2SE 5 SDKs
/QIBM/ProdData/Java400/jdk15/lib/security/local_policy.jar /QIBM/ProdData/Java400/jdk15/lib/security/US_export_policy.jar
DSPAUT OBJ('/qibm/proddata/java400/jdk15/lib/security/local_policy.jar')
CHGAUT OBJ('/qibm/proddata/java400/jdk15/lib/security/local_policy.jar') USER(*PUBLIC) DTAAUT(*RX) OBJAUT(*NONE)
Specifies the algorithm Uniform Resource Identifiers (URI) of the data encryption method.
By default, the JCE ships with restricted or limited strength ciphers. To use 192-bit and 256- bit AES encryption algorithms, you must apply unlimited jurisdiction policy files. For more information, see the Key encryption algorithm field description.