ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wsseccfencclreq.htm

90 lines
5.2 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure the Web services client for request encryption</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h5><a name="wsseccfencclreq"></a>Configure the Web services client for request encryption</h5>
<p>This task provides the steps needed to configure the client for request encryption. Use these steps to modify the extensions to indicate which parts of the request you want to encrypt. Also, use these steps to configure the bindings to indicate how the parts of the request are to be encrypted.</p>
<p>Perform the following steps in the WebSphere Development Studio Client for iSeries to configure the parts of the Simple Object Access Protocol (SOAP) request that you want to encrypt:</p>
<ol>
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web services application</a>.</p></li>
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
<li><p>Expand <strong>Request Sender Configuration --&gt; Confidentiality</strong>. <em>Confidentiality</em> refers to encryption while integrity refers to digital signing. Confidentiality reduces the risk of someone being able to understand the message flowing across the Internet. With confidentiality specifications, the message is encrypted before it is sent and decrypted when it is received at the correct target. For more information on encrypting , see <a href="wsseccfxmlenc.htm">XML encryption</a>.</p></li>
<li><p>Select the parts of the message that you want to encrypt by clicking <strong>Add</strong> and selecting one of the following message parts:</p>
<ul>
<li><p><strong>Bodycontent</strong>
<br>This is the user data portion of the message.</p></li>
<li><p><strong>Usernametoken</strong>
<br>This is the basic authentication information, if selected.</p></li>
</ul></li>
<li><p>Save the file.</p></li>
</ol>
<p>Next, perform the following steps in the Web Services Client Editor to configure the information that is needed to encrypt the message parts:</p>
<ol>
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
<li><p>Expand <strong>Security Request Sender Binding Configuration --&gt; Encryption Information</strong>.</p></li>
<li><p>Select an encryption option and click <strong>Edit</strong> to view the encryption information or click <strong>Add</strong> to add another option. The following table describes the purpose of this information. Some of these definitions are based on the <a href="http://www.w3.org/TR/xmldsig-core" target="_">XML-Signature Syntax and Processing specification</a> <img src="www.gif" width="18" height="15" alt="Link outside Information Center"> (http://www.w3.org/TR/xmldsig-core).</p>
<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>
<tr valign="top">
<td><strong>Encryption name</strong></td>
<td>The encryption name refers to the name of the encryption information entry.</td>
</tr>
<tr valign="top">
<td><strong>Data encryption method algorithm</strong></td>
<td>The data encryption method algorithms are designed for encrypting and decrypting data in fixed size, multiple octet blocks.</td>
</tr>
<tr valign="top">
<td><strong>Key encryption method algorithm</strong></td>
<td>The key encryption method algorithms are public key encryption algorithms that are specified for encrypting and decrypting keys.</td>
</tr>
<tr valign="top">
<td><strong>Encryption key name</strong></td>
<td>The encryption key name represents a Subject (Owner field of the certificate) from a certificate found by the encryption key locator, which is used by the key encryption method algorithm to encrypt the private key. The private key is used to encrypt the data.
<p><strong>Note:</strong> The chosen key must be a public key of the target. Encryption must be done using the public key and decryption must be done by the target using the private key (the personal certificate of the target).</p></td>
</tr>
<tr valign="top">
<td><strong>Encryption key locator</strong></td>
<td>The encryption key locator represents a reference to a key locator implementation. If you write
a custom key locator, the encryption key name may be anything used by the key locator to find the correct encryption key. The encryption key locator references the implementation class that locates the correct
key store where this alias and certificate exists. For more information on configuring key locators, see <a href="wsseccfkeyloc.htm">Configure key locators</a>.</td>
</tr>
</table><p></p></li>
<li><p>Save the file.</p></li>
</ol>
<p>The signing key name refers to a key entry associated with the signing key locator. The key entry has an alias, which is found in the key store or wherever the certificates are stored based upon the key locator implementation. The signing key locator references the implementation class that locates the correct key store where the alias and certificate exists.</p>
</body>
</html>