Digital signing is the mechanism for ensuring non-repudiation. Non-repudiation is a service that ensures that a participant cannot deny having originated and sent a message (called "Non-Repudiation of Origin and Content"). It also ensures that the participant cannot deny having received a message (called "Non-Repudiation of Receipt"). In an authentication system that uses public key encryption, digital signatures are used to sign certificates.
A digital signature allows an originator to sign a message in such a way that the message can be verified that it was signed by no one other than that entity and consequently that the message has not been modified since it was signed. WebSphere Partner Gateway - Express uses digital signatures to secure inbound and outbound documents.
The following sections describes how to configure outbound digital signatures and digital signature verification on inbound documents.
To configure digital signatures for outbound documents, you must first create or upload a document signing keypair, then download the public key portion of that keypair to be sent to the trading partner. Creating a document signing keypair can be done either by generating a new self-signed document signing keypair, or by uploading an existing document signing keypair. The following sections describe how to configure digital signing for outbound documents.
Generating a self-signed document signing keypair
Uploading an existing document signing keypair
Downloading a document signing public certificate
The following procedure describes how to use WebSphere Partner Gateway - Express to generate a new self-signed document signing keypair.
When you generate a self-signed document signing keypair, it is uploaded into WebSphere Partner Gateway - Express automatically. To generate a self-signed document signing keypair for securing outbound documents, use the following procedure.
Parameter | Description |
---|---|
Common Name |
Enter the server host name. |
Organization |
Enter the name of the participant's company. |
Organizational Unit |
Enter the name of the department where the participant works. |
Locality |
Enter the locale or city where the participant works. |
State |
Enter the state or province where the participant works. |
Country |
Enter the country where the participant works. |
E-mail Address |
Enter the participant's e-mail address. |
Certificate Validity |
Enter the number of days for which the keypair is valid. |
Private Key Password |
Enter the private key password. |
To upload a document signing keypair for securing outbound documents, use the following procedure.
Parameter | Description |
---|---|
Private Key File |
The private kay file must be in PKCS#8 format. If the private key file is not present in PKCS#8 format, the private key will be extracted from PKCS12 type of file if PKCS#12 file is uploaded in the PrivateKey file upload field. Enter the path and name of the private key file you want to upload. Alternatively, click the Browse button to select the private key file you want to upload. |
Private Key Password |
Enter the private key password. |
Public Certificate |
The public certificate must be in the DER format. Enter the path and name of the public certificate file you want to upload. Alternatively, click the Browse button to select the public certificate file you want to upload. |
After you upload a document signing keypair into WebSphere Partner Gateway - Express, you must download the keypair's public certificate before you can send it to the partner. If the partner is using WebSphere Partner Gateway - Express, the partner is expected to load the document signing certificate into his or her list of certifying authorities (see Adding new certificates).
If your trading partner is going to send you digitally-signed documents, you must obtain that trading partner's public signature certificate and add it to the Certifying Authority tab. The following procedure describes how to do this.
To enable digital signature, use the following procedure.