Contents

Popular

Versions Compared

Old Version 2

changes.mady.by.user Prathewraj M

Saved on

compared with

New Version 3

changes.mady.by.user Prathewraj M

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In Destination Encryption, all messages sent to a particular destination (topic or queue) are encrypted, thus providing a secure channel of delivery. Component doesn't A component does not have to encrypt the message explicitly like in Message Encryption. A destination is marked as encrypted at the time of its creation. All messages published on this destination are encrypted before storing those in the database and delivered decrypted to subscribing applications. A client application, therefore, does not have to explicitly decrypt a received message.

Base Implementation

Fiorano versions above 9.5.0 and upwards supports support Destination Encryption. DES (Data Encryption Standards) is used as the default encryption algorithm. In addition to that, Fiorano 11 supports Base64, TripleDES, AES256, AES128, AES192, RC2-40, RC2-64, and RC2-128 standards too.

The Destination Encryption function uses the library cryptix.jar provided by Cryptix for generating keys as well as for encryption. This file comes bundled with the Fiorano 11 installation. It can be found in the FIORANO_HOME/extlib/cryptix directory of the Fiorano 11 installation.

Destination Encryption involves only encrypting the payload of the message and not its JMS headers and properties.

...

Note
  • Click the input/output port of the component present in the Fiorano Orchestrator Editor in order to configure JMS Destination properties
  • Choose Is Encrypted property as 'Yes' to enable Encryption properties..


Figure 1: JMS Destination Port Encryption Configuration

  • Is Encrypted:
    • Yes – Encrypted JMS destination will be created.
    • No – Non-Encrypted JMS destination will be created.
  • Encryption Algorithm: The supported algorithms are DES, Base64, TripleDES, AES256, AES128, AES192, RC2-40, RC2-64, and RC2-128.
  • Encryption Key: Specify key which is used to encrypt the incoming data. Specify 64 digit key for AES256, 48 digit key for AES192, 32 digit key for AES128, 16 digit key for DES, 48 digit key for TripleDES, 10 digit key for RC2_40, 16 digit key for RC2_64 and 32 digit key for RC2_128.
  • Allow Padding to Key: Choose yes to allow padding to the key to make exactly the value required for the mentioned algorithm.

...

  1. Open POP3 CPS and enter the details of the mail server from which the mails emails are to be fetched and go to the Interaction Configurations panel. Select Show Expert properties and click the Select Elements to Encrypt ellipsis button to open the encryption configuration editor.


    Figure 5: Elements to Encrypt property
     
  2. Select the elements for which the data has to be encrypted from the structure available on the top left of the page and click on the small right arrow to add the selected elements to the list on the top right. Here, we selected "To" field in the Email data so that it will be encrypted in the output response from POP3.


    Figure 6: Encrypt/Decrypt Configuration page in POP3
     
  3. If any of the elements which are to be encrypted are not available in the structure tree shown, user can add the corresponding elements Xpath in the Add elements to encrypt/decrypt textfield. All the extra elements added in the text field will also be encrypted along with the selected elements from the structure.
  4. If any of the namespaces for the selected/newly-added elements are not already available in the namespaces list, the user needs to add the corresponding namespaces for proper identification of the element from the Xpath entered in the textfield.
  5. After completing the selection/addition of required elements to be encrypted from POP3, click OK to save the configuration and Finish the CPS after making any other POP3 configuration changes required for the flow.
  6. Next, open the CPS of SMTP and enter the details of the mail server which is used for sending mails emails and other common properties and proceed to the interaction configurations page. Select Show Expert properties and click on Select Elements to Decrypt to open the Encrypt/Decrypt configuration editor in SMTP.
  7. Select the elements from the structure tree on left for whom the input data has been encrypted and needs decryption before processing the message. As we selected the "To" element in POP3 for encryption, the same element needs to be selected here for decryption of the encrypted data sent from POP3.


    Figure 7: Encrypt/Decrypt Configuration page in SMTP
     
  8. Add any other extra elements in the Add elements to encrypt/decrypt textfield if the input data for them is encrypted and needs decryption, but the elements are not available from the structure tree. Once all the required elements have been added, click OK to save the configuration.
  9. Sample flow for POP3 and SMTP with encryption/decryption enabled would be as shown below:


    Figure 8: Sample Encrypt/Decrypt flow with POP3/SMTP
     
  10. After the event process has been launched, POP3 will start sending the emails it fetched from the mail account to its OUT_PORT. Since Encryption is enabled for the "To" element, the "To" field in the output response will be encrypted as shown in the figure below, which is the response we get on "Display1" from POP3. The encrypted output data from POP3 becomes the input for SMTP and decryption is done for the selected elements in Encrypt/Decrypt page before sending the processed data to the recipients in the email data.


    Figure 9: Output Response from POP3 on Display1 in which the "To" field is encrypted

...

  1. In case of WSStub, Open the WSStub CPS, then load any WSDL with atleast at least one operation and click Next till the Miscellaneous Configurations panel. Click the Encrypt/Decrypt Configuration tab on the top to open the required Encrypt/Decrypt configuration settings page.


    Figure 10: Encrypt/Decrypt Configuration Page in WSStub with Single Operation
     
  2. On the left side of the page, click on the Refresh button to add all the available ports for the WSStub component to the list of ports. There will be two ports for each operation in WSStub, one for Request and one for Response of the operation. Select any of the Request/Response port to load the encrypt/decrypt configuration panel for that port in the window to the right.
  3. Once any of the port has been selected, selecting elements for Encryption/Decryption will be in the same way as explained above for the POP3/SMTP event process, the only difference would be to configure separate encryption/decryption configuration for each of the ports available individually. After the completion of selecting the elements for Encryption in case of Response Port (or Decryption in case of Request Port), click on Finish to save the configuration and the component is ready to launch with encryption/decryption enabled for the output/input data.
Adaptavist ThemeBuilder EngineAtlassian Confluence