Integrity

The Integrity tab specifies the characteristics of the signatures attached to the messages. Signatures can be used to ensure that messages are not altered after creation. The integrity of inbound messages can be checked against the trusted root certificates and public certificates. Outbound messages can specify the certificate to be used to sign the outgoing message.

The Integrity tab has the following fields.

Field

Global Var?

Description

Inbound or Inbound Fault Policy Type Fields

Supported Signature Methods

No

The algorithm used to check the signatures of incoming messages. You can select one or more of the following:

  • SHA1

  • SHA256

  • SHA384

  • SHA512

Supported Security Tokens

No

Is the security token to use for the signature. You can select one or more of the following:

  • X.509 Token

  • UsernameToken

Trusted Certificates Folder

No

Is the folder containing the trusted certificates for signature verification.

Note: The certificates in the trusted folder are only necessary when the authenticating user is the same as the user who signed the message. In this case, the message contains the public key, the receiver must verify against the trusted certificate. However, if the authenticating user is not the same as the user who signed the message, the user must define a subject key identity that holds the public key.

Subject Key Identity

No

Specifies an Identity resource containing a keystore that holds an X.509 certificate. The inbound message must match the subject key contained in the certificate.

Outbound or Outbound Fault Policy Type Fields

Signature Method

No

The algorithm used to create signatures for outgoing messages. You can select one of the following:

  • SHA1

  • SHA256

  • SHA384

  • SHA512

Security Token

No

Is the type of security token to use for the signature. You can select one of the following:

  • X.509 Token

  • UsernameToken

Username Password Identity

No

When UsernameToken is selected in the Security Token field, this shows the Identity resource that contains the username and password. for more information about Identity resources, see TIBCO Designer™ Palette Reference.

Password Type

No

Specify whether you want to use text or digest passwords.

X.509 Identity

No

When you select X.509 Token in the Security Token field, this field indicates the Identity resource containing the X.509 compliant identity file. For more information about Identity resources, see TIBCO Designer™ Palette Reference.

Key Identifier Type

No

When you select X.509 Token in the Security Token field, this field specifies all the references to X.509 token types for signing.

You can select one of the following:

  • Direct Reference

  • Subject Key Identifier

  • Issuer Serial

Note: If the Key Identifier Type selected is of type Subject Key Identifier, ensure that the X509 Certificate used contains the Subject Key Identifier information.

Certificate Alias

No

When the Identity resource specified in the X.509 Identity field is of type JKS or JCEKS, specify the certificate alias in this field to identify the private and public key pair.

Use Password for the Key

No

When the Identity resource specified in the X.509 Identity field is of type JKS or JCEKS, select the check box to configure a password for the private key.

Note: If the check box is not selected, the password has to be the same for the keystore and the private keys stored inside it.

Alias Password

No

This field is enabled when the Use Password for the Key check box is selected.

Specify a password for the private key.