You can specify which method the server uses to encrypt
the response message.
Before you begin
Important: There is an important
distinction between Version 5.x and Version 6.0.x and
later applications. The information supports Version 5.x applications
only that are used with WebSphere® Application Server
Version 6.0.x and later. The information does not apply to
Version 6.0.x and later applications.
Prior to completing
these steps, read either of the following topics to become familiar
with the
Extensions tab and the
Binding
configurations tab in the web services editor within an
assembly tool:
These two tabs are used to configure the Web Services
Security extensions and Web Services Security bindings, respectively.
About this task
Complete the following steps to specify which method the
server uses to encrypt the response message:
Procedure
- Launch an assembly tool. For more information,
see the related information on Assembly Tools.
- Switch to the Java™ Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the webservices.xml file,
and click .
- Click the Binding Configurations tab, which is located at the end of the
Web Services Editor within the assembly tool.
- Expand .
- Click Edit to view the encryption
information. The following table describes the purpose
of this information. Some of these definitions are based on the XML-Encryption
specification, which is located at the following web address: http://www.w3.org/TR/xmlenc-core
- Encryption name
- Refers to the name of the encryption information entry.
- Data encryption method algorithm
- Encrypts and decrypts data in fixed size, multiple octet blocks.
The algorithm selected for the server response sender configuration
must match the algorithm selected in the client response receiver
configuration.
- Key encryption method algorithm
- Represents public key encryption algorithms that are specified
for encrypting and decrypting keys. The algorithm selected for the
server response sender configuration must match the algorithm selected
in the client response receiver configuration.
- Encryption key name
- Represents a Subject from a public key certificate typically distinguished
name (DN) that is found by the encryption key locator and used by
the key encryption method algorithm to encrypt the private key. The
private key is used to encrypt the data.
The key name chosen in
the server response sender encryption information must be the public
key of the key configured in the client response receiver encryption
information. Encryption by the response sender must be done using
the public key and decryption must be done by the response receiver
using the associated private key (the personal certificate of the
response receiver).
- Encryption key locator
- The encryption key locator represents a reference to a key locator
implementation class that finds the correct key store where the alias
and the certificate exist. For more information, see the tasks for
configuring key locators.
- Select Show only FIPS Compliant Algorithms if
you only want the FIPS compliant algorithms to be shown in the Data
Encryption method algorithm and Key Encryption method algorithm drop-down
lists. Use this option if you expect this application to be run on
a WebSphere Application Server that has set
the Use the United States Federal Information Processing
Standard (FIPS) algorithms option in the SSL certificate
and key management panel of the administrative console for WebSphere Application Server.
Results
The encryption key name chosen must refer to a public key
of the response receiver. For the encryption key name, use the Subject
of the public key certificate, typically a Distinguished Name (DN).
The name chosen is used by the default key locator to find the key.
If you write a custom key locator , the encryption key name might
be anything that is used by the key locator to find the correct encryption
key (a public key). The encryption key locator references the implementation
class that finds the correct key store where the alias and certificate
exist.
What to do next
You must specify which parts of the response message to encrypt.
See the task for configuring the server for response encryption if
you have not previously specified this information.