Use this page to configure the encryption and decryption parameters. You can use these parameters to encrypt and decrypt various parts of the message, including the body and the token.
Specifies the name for the encryption information.
Information | Value |
---|---|
Data type | String |
Specifies the algorithm Uniform Resource Identifier (URI) of the data encryption method.
By default, the Java Cryptography Extension (JCE) is shipped with restricted or limited strength ciphers. To use 192-bit and 256-bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files. For more information, see the Key encryption algorithm field description.
Specifies the name of the key locator configuration that retrieves the key for XML digital signature and XML encryption.
The Key locator reference field is displayed for the request receiver and response receiver bindings.
You can configure these key locator reference options on the server level, the cell level, and the application level. The configurations that are listed in the field are a combination of the configurations on these three levels.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer bindings | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request sender | Application level |
|
Request receiver | Application level |
|
Response sender | Application level |
|
Response receiver | Application level |
|
Specifies the algorithm Uniform Resource Identifier (URI) of the key encryption method.
When running with Software Development Kit (SDK) Version 1.4, the list of supported key transport algorithms does not include this one. This algorithm appears in the list of supported key transport algorithms when running with Software Development Kit (SDK) Version 1.5 or later.
By default, the Java Cryptography Extension (JCE) ships with restricted or limited strength ciphers. To use 192-bit and 256-bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files.
Before downloading these policy files, back up the
existing policy files (local_policy.jar and US_export_policy.jar in the WAS_HOME/java/jre/lib/security/ directory)
prior to overwriting them in case you want to restore the original
files later.
Before downloading these policy
files, back up the existing policy files (local_policy.jar and US_export_policy.jar in the WAS_HOME/java/lib/security/ directory)
prior to overwriting them in case you want to restore the original
files later.
The Unrestricted JCE Policy files for SDK 1.4 website is displayed.
By default, the Java Cryptography Extension (JCE) ships with restricted or limited strength ciphers. To use 192-bit and 256-bit Advanced Encryption Standard (AES) encryption algorithms, you must apply unlimited jurisdiction policy files. Before downloading these policy files, back up the existing policy files (local_policy.jar and US_export_policy.jar in the WAS_HOME/java/jre/lib/security/ WAS_HOME/java/lib/security/ directory) prior to overwriting them in case you want to restore the original files later.
The Unrestricted JCE Policy files for SDK 5 website is displayed.
For IBM i 5.4 and IBM i (formerly known as IBM i V5R3) and IBM Software Development Kit 1.5, the restricted JCE jurisdiction policy files are configured, by default. You can download the unrestricted JCE jurisdiction policy files from the following website: IBM developer works: Security Information, Version 5
/QIBM/ProdData/Java400/jdk15/lib/security/local_policy.jar
/QIBM/ProdData/Java400/jdk15/lib/security/US_export_policy.jar
DSPAUT OBJ('/qibm/proddata/java400/jdk15/lib/security/local_policy.jar')
CHGAUT OBJ('/qibm/proddata/java400/jdk15/lib/security/local_policy.jar')
USER(*PUBLIC) DTAAUT(*RX) OBJAUT(*NONE)
Specifies the name of the key information reference that is used for encryption. This reference is resolved to the actual key by the specified key locator and defined in the key information.
You must specify either one or no encryption key configurations for the request generator and response generator bindings.
For the response consumer and the request consumer bindings, you can configure multiple encryption key references. To create a new encryption key reference, under Additional properties, click Key information references.
Binding name | Server level, cell level, or application level | Path |
---|---|---|
Default generator binding | Cell level |
|
Default consumer binding | Cell level |
|
Default generator binding | Server level |
|
Default consumer binding | Server level |
|
Request generator (sender) binding | Application level |
|
Response generator (sender) binding | Application level |
|
Specifies the name of the <confidentiality> element for the generator binding or the <requiredConfidentiality> element for the consumer binding element in the deployment descriptor.
This field is available on the application level only.