Validate a Subscriber Key

After a bank receives the INI and HIA order types, the corresponding user's status is set to Initialized. You can validate the hash value of the certificates that are sent by the user in the initialization letters against the Subscription Manager database. On successful validation, the status of the user is set to Ready. EBICS Server supports RSA Keys and X509 Certificates.

To validate a subscriber key, complete the following steps:

  1. Log in to Sterling B2B Integrator .
  2. From the Administration menu, select EBICS > Utilities > Subscriber Keys Validation.
  3. In the Subscriber Keys Validation page, provide values for the fields listed in the following table:
    Field Description
    Partner ID Required. Specify the partner ID. To select from a list of partner IDs, click the Lookup icon next to the Partner ID field.
    User ID Required. Specify the user ID. To select from a list of user IDs, click the Lookup icon next to the User ID field.
    Identification and Authentication Key Hash Value (in Hex format) Optional. If the certificate is CA-signed, specify the identification and authentication key hash value in hex format.
    Hash Algorithm Required. Select the hash algorithm of the identification and authentication key hash value. Valid values are:
    • SHA256 (default)
    • SHA1
    Encryption Key Hash Value (in Hex format) Optional. If the certificate is CA-signed, specify the encryption key hash value in hex format.
    Hash Algorithm Required. Select the hash algorithm of the encryption key hash value. Valid values are:
    • SHA256 (default)
    • SHA1
    Electronic Signature Key Hash Value (in Hex format) Optional. If the certificate is CA-signed, specify the electronic signature key hash value in hex format.
    Hash Algorithm Required. Select the hash algorithm of the electronic signature key hash value. Valid values are:
    • SHA256 (default)
    • SHA1
    Certificate type Required. Specify the Certificate type - Keys or X509 as required.
    Note:

    By default, the rsaHashKeyCompliant property in the ui.properties file is false. To change the property, set rsaHashKeyCompliant to true and restart the server.

    When set to false, it generates the SHA-256 hash value for RSA keys, by concatenating the exponent with a blank character and the modulus in hexadecimal representation (using lower case letters). The resulting string is then converted into a byte array based on US ASCII code.

    When set to true it generates the SHA-256 hash value for RSA keys, by concatenating the exponent with a blank character and the modulus in hexadecimal representation (using lower case letters) without leading zero (as to the hexadecimal representation). The resulting string is then converted into a byte array based on US ASCII code.

    This property is also used while checking authentication tags in EBICS requests which are signed with RSA keys.

    When set to true, request tags without namespace: ds are parsed without throwing validation exception for namespace.

  4. Click Reset if you want to clear the existing values and enter new values.
  5. Click Validate.