Integration Server 10.15 | Built-In Services Reference Guide | Security Folder | Summary of Elements in this Folder | pub.security:encrypt
 
pub.security:encrypt
WmPublic. Converts plain data to encrypted data.
Input Parameters
data
Document. Data that you want to encrypt. The data must be in one of the following formats. If multiple input parameters are supplied for data, the service throws an exception stating that only one parameter must be passed.
Key
Description
string
String. Optional. The string that you want to encrypt.
stream
java.io.InputStream. Optional. The stream data that you want to encrypt.
bytes
byte[ ]. Optional. The byte array that you want to encrypt.
file
String. Optional. The absolute or relative path of the file that you want to encrypt. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
loadAs
String. Optional. The format in which the service returns the output. Set to:
*bytes to return the output as a byte array. This is the default.
*stream to return the output as a stream object.
*string to return the output as a string.
publicKey
Document. The public key required to encrypt the data.
Provide publicKeyBytes, publicKeyString, or publicKeyRingFile. If you provide publicKeyRingFile, you must also provide publicKeyAlias. Otherwise, the service throws an exception.
Key
Description
publicKeyBytes
Object List. Optional. One or more public key files as byte arrays.
Note:
Public key files have a .asc extension.
publicKeyString
String List. Optional. One or more public keys as strings.
public​KeyRingFile
String. Optional. The absolute or relative path of the public keyring file. The public keyring file is a collection of public keys with a unique key ID. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
Note:
Public keyring files have a .pkr extension.
publicKeyAlias
String List. Optional. One or more public key aliases as strings. A public key alias is the 64-bit (16 characters) key identifier of a public key.
Note:
This parameter is required only when you use publicKeyRingFile.
encryption​Algorithm
String. The symmetric key encryption algorithm to use. Select one of the following:
*AES_192
*AES_256
*BLOWFISH
*IDEA
*TRIPLE_DES
*TWOFISH
The default value is AES_256.
Output Parameters
stream
java.io.OutputStream. Conditional. Encrypted data as an output stream. Returned when the loadAs input parameter is set to stream.
bytes
byte[ ]. Conditional. Encrypted data as bytes. Returned when the loadAs input parameter is set to bytes.
string
String. Conditional. Encrypted data as a string in the ASCII-armored format. Returned when the loadAs input parameter is set to string.
status
String. Indicates whether the data is successfully encrypted or not. If successful, status is success. Otherwise, status contains failure along with an error message.
Usage Notes
Before encrypted data is exchanged between Integration Server and an external system, the external system must share its public key. The service accepts multiple public keys to encrypt the same data for many users.
The public key is passed to the pub.security:encrypt service, which returns the encrypted data to Integration Server.
To encrypt the data for multiple users, provide the users' public keys to the service as a list of byte arrays, strings, or a keyring file. If you provide a keyring file, you must also provide the public key aliases.
The service supports a data file of size up to 2 GB when the memory allocated to Integration Server is 10 GB or more.
Authentication keys used in this service must be in the PGP format and generated using the RSA encryption algorithm.
Note:
Authentication keys in the .ecc format are not supported.