Encryption policy helps in encrypting messages before sending to target endpoint or an API consumer. Encryption is done based on a key (user-defined) and an algorithm.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: Encrypt Message Policy Configuration
| Property | Description |
|---|---|
| Encryption Algorithm | Select the algorithm to be used for encryption. The supported algorithms are DES, Base64, TripleDES, AES256, AES128, RC2-40, RC2-64, and RC2-128. |
| Encryption Key | Specify key which is used to encrypt the incoming data. Specify 32 digit key for AES256, 16 digit key for AES128, 16 digit key for DES, 24 digit key for TripleDES, 5 digit key for RC2_40, 8 digit key for RC2_64 and 16 digit key for RC2_128 |
| Allow Padding to key | Enable this property to allow padding to the key to make exactly the value required for the mentioned algorithm. It has to be chosen only when we know that encrypted data key is also padded. |
| Initialization Vector | Mention the unique 64 bit input used in the encryption. |
Example
This example illustrates the encryption of Target Response message.
When Encrypt Message policy is not configured, the response for the request: http://192.168.2.39:1860/cc2/1.0/conversionrate?FromCurrency=INR&ToCurrency=USD
will be
| {"Envelope": {"Body": {"ConversionRateResponse": {"ConversionRateResult": "0.0157"}}}} |
Now create an Encrypt Message policy with the below configuration and add it to Target Response scope.
Figure 2: Encrypt Message policy properties with values provided in the Example
Response after this configuration looks as below:
| MZqQFfmEtEDE1kAHbej5ITDVwlHqw5Ip2A6my9bie3U6Im2QSvBGeVuZbiqIwjmuZx11pkNOTxldDN+PlGKfvQRADfMv4NXSV8kNYV1tmempKucyG2Gg4HYE4PdWmmiH |