Encryption is a way to ensure privacy by assuring that a message can be read only by the intended recipient.

Encryption is performed using a pair of keys. The sending party encrypts the message using the recipient’s public key. The recipient decrypts the message with its private key. Since the owner of the public key is the only one in possession of the private key, only the owner can successfully decrypt the message.

Integration Server supports RC2, TripleDES, and DES encryption algorithms. RC2 lets you specify a key length of 40, 64, or 128. TripleDES uses a key length of 192. DES uses a key length of 64 (in US versions of the product) or 40 (in non-US versions of the product).

The following is an example of an encrypted message. Note that its Content-Type header field is set to “application/pkcs7-mime” (required for encrypted messages) and that the payload contains the encrypted message.

To encrypt a message, you must have the intended recipient’s certificate because it contains the public key you use to perform the encryption.

Most sites simply contact the parties with whom they want to exchange encrypted messages and request copies of their certificates (the other parties might e-mail their certificates to you, for example). Then, they store the certificates in their file system, a database, or a special repository for security information.

It does not make any difference where you maintain the certificates of the parties with whom you want to exchange encrypted messages, as long as the certificates are in X.509 format and can be retrieved by Integration Server at run time.