The Encrypt Message policy helps in encrypting messages before sending them to the target endpoint or an API consumer. Encryption is done based on a key (user-defined) and an algorithm.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: Encrypt Message Policy Configuration
Property | Description |
Encryption Algorithm | Select the algorithm to be used for encryption. The supported algorithms are DES, Base64Encoding, TripleDES, AES256, AES192, AES128, RC2-40, RC2-64, and RC2-128. |
Encryption Key | Specify the key which has to be used to encrypt the incoming data. Specify 32 digit key for AES256, 24 digit key for AES192, 16 digit key for AES128, 8 digit key for DES, 24 digit key for TripleDES, 5 digit key for RC2_40, 8 digit key for RC2_64 and 16 digit key for RC2_128. |
Allow Padding to key | Enable this property to allow padding to the key to make the exact value to be required for the specified algorithm. |
Initialization Vector | Required to be 16 and 8 bytes long for AES 128/192/256 and TripleDES algorithms respectively. |
Example
This example illustrates the encryption of Target Response message.
When Encrypt Message policy is not configured, the response for the request: http://192.168.2.39:1860/cc2/1.0/conversionrate?FromCurrency=INR&ToCurrency=USD
will be
{"Envelope": {"Body": {"ConversionRateResponse": {"ConversionRateResult": "0.0157"}}}} |
Create an Encrypt Message policy with the default configuration and add it to Target Response scope.
The response after this configuration is displayed below:
MZqQFfmEtEDE1kAHbej5ITDVwlHqw5Ip2A6my9bie3U6Im2QSvBGeVuZbiqIwjmuZx11pkNOTxldDN+PlGKfvQRADfMv4NXSV8kNYV1tmempKucyG2Gg4HYE4PdWmmiH |