Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
4 replies Latest Post - ‏2013-06-28T09:07:58Z by Rajediva
Rajediva
Rajediva
7 Posts
ACCEPTED ANSWER

Pinned topic RSA 2048 Encryption in Datapower

‏2013-06-27T03:46:32Z |

Hi Folks,

I have a requirement as described below.

I have a WS proxy configured and a soap message coming in. The soap body has a set of fields that needs to be encrypted using RSA 2048 algorithm, as per the client requirements. And the final encrypted soap message will be sent to the provider.

I am confused about this RSA 2048 algorithm. How do i specify this in DP -  either through encrypt action or stylesheet.

I could see rsa-pkcs1 and rsa-oaep options in the encrypt action-advanced tab. But not sure which one should i go for so that i acheive a 2048 bit encrption.

Or can i make use of WS-Policy?

Can any of you guys help? If i could acheive the same thing using stylesheet, that will also do.

Thanks,

Rajediva

 

Updated on 2013-06-27T03:46:50Z at 2013-06-27T03:46:50Z by Rajediva
  • HermannSW
    HermannSW
    4491 Posts
    ACCEPTED ANSWER

    Re: RSA 2048 Encryption in Datapower

    ‏2013-06-27T07:43:50Z  in response to Rajediva

    What I know is that you should use encrypt action and not self-crafted stylesheet solutions based on DataPower crypto extension functions.
    Reason is that is really difficult to avaoid eg. oracle padding attacks, and the encrypt action already does all that for you.

    Also you should do standards based encryption. Your requirement of encryption several field "with RSA" is non-standard.

    Standards based encryption is done with symmetric encryption, only the symmetric encryption key gets RSA encrypted transferred to the other side.

    Find a wealth of information in redbook "IBM WebSphere DataPower SOA Appliances Part III: XML Security Guide":
    http://www.redbooks.ibm.com/abstracts/redp4365.html


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    • Rajediva
      Rajediva
      7 Posts
      ACCEPTED ANSWER

      Re: RSA 2048 Encryption in Datapower

      ‏2013-06-27T10:18:51Z  in response to HermannSW

      Thanks Hermann.

      Did you mean to say that, post rsa encryption on the fields, i should  wrap it over with symmetric encryption?

      Now that I have decided to go for encrypt action, i am just trying to find out the best practices/standards for the same.

       

      Thanks,

      Rajediva

  • inestlerode
    inestlerode
    166 Posts
    ACCEPTED ANSWER

    Re: RSA 2048 Encryption in Datapower

    ‏2013-06-27T18:47:38Z  in response to Rajediva

    If you want to use 2048-bit RSA then it is up to you to use a private key and certificate that are 2048-bit.  The algorithm names do not include the bit length, so there is no special configuration at the action level to say that you want to use 2048-bit RSA.  Just make a key and cert object that are 2048-bit RSA and then use this key/cert/idcred when configuring your encryption actions.

    • Rajediva
      Rajediva
      7 Posts
      ACCEPTED ANSWER

      Re: RSA 2048 Encryption in Datapower

      ‏2013-06-28T09:07:58Z  in response to inestlerode

      Yes. Thank you. I understand this now.

      Thanks a lot.