The encryption information for the default consumer specifies
how to process the encryption information on the receiver side if
these bindings are not defined at the application level. WebSphere® Application Server provides default
values for the bindings. However, an administrator must modify the
defaults for a production environment.
About this task
You can configure the encryption information
for the consumer binding on the server level and the cell level. In
the following steps, use the first step to access the server-level
default bindings and use the second step to access the cell-level
bindings.
Procedure
- Access the default bindings for the server level.
- Click .
- Under Security, click JAX-WS and JAX-RPC
security runtime.
Mixed-version environment: In
a mixed node cell with a server using Websphere Application Server
version 6.1 or earlier, click
Web services: Default bindings
for Web Services Security.
mixv
- Click to access the default
bindings on the cell level.
- Under Default consumer bindings, click Encryption
information.
- Click New to create an encryption
information configuration, click Delete to
delete an existing configuration, or click the name of an existing
encryption information configuration to edit the settings. If
you are creating a new configuration, enter a unique name for the
encryption configuration in the Encryption information name field.
For example, you might specify con_encinfo.
Avoid trouble: If you create more than one encryption
information configuration, the WS-Security runtime environment only
honors the first configuration listed in the bindings file.
gotcha
- Select a data encryption algorithm from the Data encryption
algorithm field. This algorithm is used to encrypt the
data. WebSphere Application Server supports the
following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
To use this algorithm,
you must download the unrestricted Java™ Cryptography
Extension (JCE) policy file from the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
To use this algorithm,
you must download the unrestricted Java Cryptography
Extension (JCE) policy file from the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
Restriction: Do not use the 192-bit key encryption algorithm
if you want your configured application to be in compliance with the
Basic Security Profile (BSP).
Important: Your country of origin might have restrictions on
the import, possession, use, or re-export to another country, of encryption software. Before
downloading or using the unrestricted policy files, you must check the laws of your country, its
regulations, and its policies concerning the import, possession, use, and re-export of encryption
software, to determine if it is permitted.
The data encryption algorithm that you select for the consumer
side must match the data encryption algorithm that you select for
the generator side.
- Select a key encryption algorithm from the Key encryption
algorithm field. This algorithm is used to encrypt the
key. WebSphere Application Server supports the
following pre-configured algorithms:
- http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p.
When
running with Software Development Kit (SDK) Version 1.4, the list
of supported key transport algorithms does not include this one. This
algorithm appears in the list of supported key transport algorithms
when running with SDK Version 1.5.
Restriction: This algorithm
is not supported when the WebSphere Application Server
is running in Federal Information Processing Standard (FIPS) mode.
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
To use this algorithm,
you must download the unrestricted Java Cryptography
Extension (JCE) policy file from the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- http://www.w3.org/2001/04/xmlenc#kw-aes192
To use this algorithm,
you must download the unrestricted Java Cryptography
Extension (JCE) policy file from the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
Restriction: Do not use the 192-bit key encryption algorithm
if you want your configured application to be in compliance with the
Basic Security Profile (BSP).
If you select None, the key is not
encrypted.
The key encryption algorithm that you select for
the consumer side must match the key encryption algorithm that you
select for the generator side.
- Under Additional properties, click Key information
references.
- Click New to create a key information
configuration, click Delete to delete an existing
configuration, or click the name of an existing key information configuration
to edit the settings. If you are creating a new configuration,
enter a unique name for the key information configuration in the name
field. For example, you might specify con_enckeyinfo.
- Select a key information reference from the Key information
reference field. This selection refers to the name of the
key information that is used for encryption. For more information,
see Configuring the key information for the consumer binding using JAX-RPC on the server or cell level.
- Click OK and Save to
save the configuration.
Results
You have configured the encryption information for the consumer
binding at the server
or cell level.
What to do next
You must specify a similar encryption information configuration
for the generator.