ebXML Module 7.1 SP1 | Understanding and Using webMethods EBXML Module | Installing and Using ebxml Module | ebXML Module Security Features | Configuring S/MIME Support
 
Configuring S/MIME Support
 
S/MIME Support - Sample
ebXML Module enables you to sign, encrypt, or sign and encrypt any outbound business document(s) carried in an ebXML message.
When both signature and encryption are required for outbound business documents, the message will be signed first before being encrypted. While defining S/MIME encryption for your message payload, set the encryption types and key lengths for each of your trading partners using the TPA parameters.
To use these facilities, set the appropriate input parameters in the wm.ip.ebxml.MSH:sendusingTPA service or in a TPA as per your requirements.
*To configure ebXML Module for S/MIME signed, encrypted, or signed and encrypted messages
1. Start the Trading Networks Console.
2. Open the agreement for edit:
a. From the Trading Networks Console, select View > Agreements.
b. Select the agreement you would like to edit. ClickEdit.
The Agreements Details screen appears.
c. On the right side of the Agreement Details screen, click Set Inputs.
The input for com.wm.estd.ebxml.documents appears.
Note:
You can edit the TPA parameters in an agreement only if the Agreement Status is Proposed. For information about changing the TPA agreement status, see the webMethods Trading Networks Administrator’s Guide for your release.
3. Modify the default TPA parameters, as necessary. For a list of the TPA parameters and the valid values for individual parameters, see Trading Partner Agreement Parameters Version 2. 0 and Trading Partner Agreement Parameters Version 2. 0.
4. Enable the S/MIME feature and define the encryption algorithm, as follows:
*For ebXML Message Service Version 1.0 Specification messages, set the following TPA parameters as shown below:
Parameter
Description
CollaborationProtocolAgreement.PartyInfo.DeliveryChannel.Characteristics.tns:confidentiality
To enable the S/MIME signing and encryption feature, set the value to true.
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLBinding.DigitalEnvelope.Protocol:body
To define the encryption mechanism, set the value to S/MIME.
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLBinding.DigitalEnvelope.Protocol:version
Defines the S/MIME version.
Set the value to 2.0
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLBinding.DigitalEnvelope:EncryptionAlgorithm
Defines the encryption algorithm. Set the value to tripleDES (default), DES, or RC2
*For ebXML Message Service Version 2.0 Specification, set the following TPA parameters as shown below:
Parameter
Description
CollaborationProtocolAgreement.PartyInfo.CollaborationRole.ServiceBinding.CanSend.ThisPartyActionBinding.BusinessTransactionCharacteristics. isConfidential
To enable the S/MIME signing and encryption feature, set the value to persistent or transient-and-persistent.
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLReceiverBinding.ReceiverDigitalEnvelope.DigitalEnvelopeProtocol:body
To define the encryption mechanism, set the value to S/MIME.
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLReceiverBinding.ReceiverDigitalEnvelope.DigitalEnvelopeProtocol:version
Defines the S/MIME version.
Set the value to 2.0
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLReceiverBinding.ReceiverDigitalEnvelope.EncryptionAlgorithm:body
Defines the encryption algorithm. Set the value to tripleDES (default), DES, or RC2
CollaborationProtocolAgreement.PartyInfo.DocExchange.ebXMLSenderBinding.ReceiverDigitalEnvelope.EncryptionAlgorithm:minimumStrength
Defines the encryption key length. For RC2 encryption, set the value to 40, 64, or 128(default).
5. For each ebXML payload attachment, set the S/MIME signature and encryption TPA parameter as shown below:
Set This Parameter...
To This Value...
To Achieve These Results...
CollaborationProtocolAgreement.Packaging.CompositeList.Encapsulation:mimeparameters
smime-type="signed-data"
Signs but does not encrypt all business documents with S/MIME security feature.
smime-type="enveloped-data"
Encrypts but does not sign all business documents with S/MIME security feature.
smime-type="signed-*encrypted-*"
Signs and encrypts all business documents with S/MIME security feature.
CollaborationProtocolAgreement.Packaging.CompositeList.Encapsulation:mimetype
application/pkcs7-mime
Enables the S/MIME security feature.
Note:
This parameter must be set in addition to the CollaborationProtocolAgreement.Packaging.CompositeList.Encapsulation:mimeparameters parameter for S/MIME security feature.
CollaborationProtocolAgreement.Packaging.CompositeList.Encapsulation:id
Any arbitrary value.
For example: sig+enc_001
Defines the encapsulation id.
Note:
The value of the CollaborationProtocolAgreement.Packaging.CompositeList.Composite.Constituent:idref parameter must refer to the same value defined in this parameter.
CollaborationProtocolAgreement.Packaging.CompositeList.Encapsulation.Constituent:idref
Value of the SimplePart id of the payload.
For example: c_001
Defines the payload that needs to be encrypted, signed, or signed and encrypted.
6. When a document is configured for S/MIME support, the ebXML Module adds the following entry to the Manifest element of the envelope:
Manifest/Reference/Schema/location=
http://www.ietf.org/rfc/rfc2311.trxt
Version=2.0
7. For an inbound ebXML message, the ebXML Module automatically verifies and/or decrypts any business documents carried in the message.