You can specify which method the
server uses to encrypt
the response message.
Before you begin
Important: There
is an important
distinction between Version 5.x and Version 6.0.x and
later applications. The information in this article supports Version
5.x applications only that are used with WebSphere® Application
Server Version 6.0.x and later. The information does not apply
to Version 6.0.x and later applications.
Prior to
completing these steps, read either of the following topics to become
familiar with the
Extensions tab and the
Binding
configurations tab in the web services editor within an
assembly tool:
These two tabs are used to configure
the Web Services
Security extensions and Web Services Security bindings, respectively.
About this task
Complete the following steps to specify which method the
server uses to encrypt the response message:
Procedure
-
Launch an assembly tool. For more information,
see the related information on Assembly Tools.
- Switch
to the Java Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click
the webservices.xml file,
and click .
- Click
the Binding Configurations
tab, which is located at the bottom of the Web Services Editor within
the assembly tool.
- Expand .
- Click Edit to
view the encryption
information. The following table describes the purpose
of this information. Some of these definitions are based on the XML-Encryption
specification, which is located at the following web address: http://www.w3.org/TR/xmlenc-core
- Encryption name
- Refers to the name of the encryption
information entry.
- Data encryption method
algorithm
- Encrypts and decrypts data in fixed size, multiple
octet blocks.
The algorithm selected for the server response sender configuration
must match the algorithm selected in the client response receiver
configuration.
- Key encryption method algorithm
- Represents public key encryption algorithms that are specified
for encrypting and decrypting keys. The algorithm selected for the
server response sender configuration must match the algorithm selected
in the client response receiver configuration.
- Encryption key name
- Represents a Subject from a public
key certificate typically distinguished
name (DN) that is found by the encryption key locator and used by
the key encryption method algorithm to encrypt the private key. The
private key is used to encrypt the data.
The key name chosen in
the server response sender encryption information must be the public
key of the key configured in the client response receiver encryption
information. Encryption by the response sender must be done using
the public key and decryption must be done by the response receiver
using the associated private key (the personal certificate of the
response receiver).
- Encryption key
locator
- The encryption key locator represents a reference
to a key locator
implementation class that finds the correct key store where the alias
and the certificate exist. For more information, see the tasks for
configuring key locators.
- Select Show only FIPS Compliant Algorithms if
you only want the FIPS compliant algorithms to be shown in the Data
Encryption method algorithm and Key Encryption method algorithm drop-down
lists. Use this option if you expect this application to be run on
a WebSphere Application Server that has set
the Use the United States Federal Information Processing
Standard (FIPS) algorithms option in the SSL certificate
and key management panel of the administrative console for WebSphere Application Server.
Results
The encryption key name chosen must refer to a
public key
of the response receiver. For the encryption key name, use the Subject
of the public key certificate, typically a Distinguished Name (DN).
The name chosen is used by the default key locator to find the key.
If you write a custom key locator , the encryption key name might
be anything that is used by the key locator to find the correct encryption
key (a public key). The encryption key locator references the implementation
class that finds the correct key store where the alias and certificate
exist.
What to do next
You must specify which parts of the response
message to encrypt.
See the task for configuring the server for response encryption if
you have not previously specified this information.