Confidentiality
The Confidentiality tab specifies the encryption characteristics of messages. Inbound messages can be decrypted based on algorithms specified in the message security header and the defined private key. Outbound messages can be encrypted based on algorithms stored in a public key.
The Confidentiality tab has the following fields.
Field |
Global Var? |
Description |
Inbound or Inbound Fault Policy Type Fields |
||
Supported Encryption Algorithm |
No |
Symmetric key algorithm used to decrypt incoming messages. You can select one or more of the following:
Note: To use Encryption Algorithm AES-256, refer to Installing Unlimited Jurisdiction Files
|
Private key Identifier Type |
No |
Specifies whether the private key is one of the following:
|
X.509 Identity |
No |
When X.509 Token is selected in the Private Key Identifier Type field, this field specifies the Identity resource containing the X.509 compliant private key file to use to decrypt the message. For more information about Identity resources, see TIBCO Designer™ Palette Reference. |
Use Password Protected Key |
No |
When the Identity resource specified in the X.509 Identity field is of type JKS or JCEKS, select the check box to configure a password for the private key. Note: If the check box is not selected, the password has to be the same for the keystore and the private keys stored inside it.
|
Certificate Alias |
No |
When the Identity resource specified in the X.509 Identity field is of type JKS or JCEKS, specify the certificate alias in this field to identify the private and public key pair. |
Alias Password |
No |
Specify the password for the private key. |
Outbound or Outbound Fault Policy Type Fields |
||
Encryption Algorithm |
No |
Algorithm used to encrypt outgoing messages. You can select one of the following:
Note: To use Encryption Algorithm AES-256, refer to Installing Unlimited Jurisdiction Files
|
Public Key |
No |
Identity resource containing the X.509 compliant public key file to use to encrypt the message. For more information about Identity resources, see TIBCO Designer™ Palette Reference. |
Key Identifier Type |
No |
When you select the X.509 Token in the Security Token field, this field specifies all the references to X509 token types for encryption.You can select one of the following:
Note: If the Key Identifier Type selected is of type Subject Key Identifier, ensure that the X509 Certificate used contains the Subject Key Identifier information.
|
Installing Unlimited Jurisdiction Files
Java vendors ship a default set of policy files that do not permit unlimited strength cryptography. In countries exempt from these restrictions, you can download and install an unlimited strength set of the policy files.
The default set of policy files restricts usage of 256-bit AES.
Follow these steps to install the unlimited strength policy files:
Procedure
-
Download the Java Cryptography Extension(JCE) Unlimited Strength Jurisdiction Policy Files from the JRE vendor.
-
Create a backup for the files located in TIBCO_HOME/tibcojre/jre_version/lib/security.
-
Extract the files downloaded in Step 1 to TIBCO_HOME/tibcojre/jre_version/lib/security.
-
Restart all the running TIBCO applications.