Configure the Web services client for request encryption
This task provides the steps needed to configure the client for request encryption. Use these steps to modify the extensions to indicate which parts of the request you want to encrypt. Also, use these steps to configure the bindings to indicate how the parts of the request are to be encrypted.
Perform the following steps in the WebSphere Development Studio Client for iSeries to configure the parts of the Simple Object Access Protocol (SOAP) request that you want to encrypt:
Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see Configure your Web services application.
Click the Security Extensions tab.
Expand Request Sender Configuration --> Confidentiality. Confidentiality refers to encryption while integrity refers to digital signing. Confidentiality reduces the risk of someone being able to understand the message flowing across the Internet. With confidentiality specifications, the message is encrypted before it is sent and decrypted when it is received at the correct target. For more information on encrypting , see XML encryption.
Select the parts of the message that you want to encrypt by clicking Add and selecting one of the following message parts:
Bodycontent
This is the user data portion of the message.
Usernametoken
This is the basic authentication information, if selected.
Save the file.
Next, perform the following steps in the Web Services Client Editor to configure the information that is needed to encrypt the message parts:
Click the Port Binding tab.
Expand Security Request Sender Binding Configuration --> Encryption Information.
Select an encryption option and click Edit to view the encryption information or click Add to add another option. The following table describes the purpose of this information. Some of these definitions are based on the XML-Signature Syntax and Processing specification 
(http://www.w3.org/TR/xmldsig-core).
| Name |
Purpose |
| Encryption name |
The encryption name refers to the name of the encryption information entry. |
| Data encryption method algorithm |
The data encryption method algorithms are designed for encrypting and decrypting data in fixed size, multiple octet blocks. |
| Key encryption method algorithm |
The key encryption method algorithms are public key encryption algorithms that are specified for encrypting and decrypting keys. |
| Encryption key name |
The encryption key name represents a Subject (Owner field of the certificate) from a certificate found by the encryption key locator, which is used by the key encryption method algorithm to encrypt the private key. The private key is used to encrypt the data.
Note: The chosen key must be a public key of the target. Encryption must be done using the public key and decryption must be done by the target using the private key (the personal certificate of the target). |
| Encryption key locator |
The encryption key locator represents a reference to a key locator implementation. If you write
a custom key locator, the encryption key name may be anything used by the key locator to find the correct encryption key. The encryption key locator references the implementation class that locates the correct
key store where this alias and certificate exists. For more information on configuring key locators, see Configure key locators. |
Save the file.
The signing key name refers to a key entry associated with the signing key locator. The key entry has an alias, which is found in the key store or wherever the certificates are stored based upon the key locator implementation. The signing key locator references the implementation class that locates the correct key store where the alias and certificate exists.