...
The XMLSecurity Provider component is used for Signing, encrypting data, to sign and encrypt data based on a key (that is entered by the user) and an algorithm specifically designed for XML.This component can also handle digest Digest data too.
If the message is signed/digested by the sender, the recipient can verify if the message is from the correct sender and if the message did not change changed during transmission.
Configuration and Testing
...
The component has the following attributes which can be configured from its Configuration Property sheet . The figure below illustrates the panel with Expert Properties enabled.
(CPS).
Figure 1: XML Security Provider CPS
Mode: The six modes available for the user to select are listed below:
ENCRYPT: if user needs to To encrypt the data without signing.
DECRYPT: If user needs to To decrypt the data without verifying.
SIGN: If the user wants to SIGN.
VERIFY: If user wants to To verify if the xml XML is tampered by any means.
...
DECRYPT_VERIFY: Decryption and Verfication Verification are done together.
Encryption Algorithm: Specify the algorithm for encryption of the selected element.
Signing Algorithm: Specify the algorithm for Signingsigning.
Host Private Key Password: Password of the private key.
Host Store Password: Password of the Keystore.
Host KeyStore Alias :The name given to the keypair containing the private key.
Host KeyStore: Path to the Hosts keystore.
Partner certificate: Path of the certificate( public key) of the partner.
Encryption KeyLength: Specify the length of the encryption key to be generated.
Encryption Key Algorithm: Algorithm to generate the intermediate intermediate key for encryption.
Key Transportation Algorithm: The Key Transport Algorithm is a one-pass (store-and-forward) mechanism for transporting keying data to a recipient using the recipient's public key.
Input Schema: Load the input schema for operation.
Output Schema: Load the Required required output schema.
Elements to Encrypt/Decrypt: Select the elements to encrypt and decrypt.
| Note |
|---|
Host Private Key Password, Host KeyStore Key Store Alias, Host Store Password, Host KeyStore Key Store are Hidden hidden when Encrypt and Verify are chosen. |
Functional Demonstration
Scenario 1
Configure the XMLSecvurityProvider's XMLSecurityProvider components as described in Configuration and Testing section and use feeder and display a Feeder component to send sample input, and check the response's respectively in two displays.Title two Display components to display the responses from the two security providers respectively as shown in Figure 2.
'Title' is chosen as the element for encryption in the following scenario.
Figure 2: Sample flow
Sample Input
Figure 3: Sample input being sent using feeder
Sample Output
The first display shows the Sign-Encrypted message. Please note Note that the same element (in this case, the element 'Title') is selected for signing (Hashing) and encryption, while the Second display second Display component shows the final output where the encrypted element Title is decrypted and verified.
Figure 4: Response in Display1
Figure 5: Response in Display2