Integration Server 10.7 | Built-In Services Reference Guide | Security Folder | Summary of Elements in this Folder | pub.security:signAndEncrypt
 
pub.security:signAndEncrypt
WmPublic. Adds a digital signature to data and then encrypts the data.
Input Parameters
data
Document. Data that you want to sign and encrypt. The data must be in one of the following formats. If multiple input parameters are supplied for data, the service throws an exception stating that only one parameter must be passed.
Key
Description
string
String. Optional. The string that you want to sign and encrypt.
stream
java.io.InputStream. Optional. The stream data that you want to sign and encrypt.
bytes
byte[ ]. Optional. The byte array that you want to sign and encrypt.
file
String. Optional. The absolute or relative path of the file that you want to sign and encrypt. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
loadAs
String. Optional. The format in which the service returns the output. Set to:
*bytes to return the output as a byte array. This is the default.
*stream to return the output as a stream object.
publicKey
Document. The public key required to encrypt the data. Provide either publicKeyBytes or publicKeyRingFile and publicKeyAlias. If you provide both publicKeyBytes and publicKeyRingFile, the service throws an exception stating that only one parameter must be passed.
Key
Description
publicKeyBytes
byte[ ]. Optional. The public key file in bytes.
Note:
Public key files have a .asc extension.
public​KeyRingFile
String. Optional. The absolute or relative path of the public keyring file. The public keyring file is a collection of public keys with a unique key ID. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
Note:
Public keyring files have a .pkr extension.
publicKeyAlias
String. Optional. The 64-bit (16 characters) key identifier of the public key.
Note:
This parameter is required only when you use publicKeyRingFile.
encryptionAlgorithm
String. The symmetric key encryption algorithm to use. Select one of the following:
*AES_192
*AES_256
*BLOWFISH
*IDEA
*TWOFISH
*TRIPLE_DES
The default value is AES_256.
secretKey
Document. The secret key required to sign the data. Provide either secretKeyBytes or secretKeyRingFile and secretKeyAlias. If both secretKeyBytes and secretKeyRingFile are provided, the service throws an exception.
Key
Description
secretKeyBytes
byte[ ]. Optional. The secret key file in bytes.
Note:
Secret key files have a .asc extension.
secret​KeyRingFile
String. Optional. The absolute or relative path of the secret keyring file. The secret keyring file is a collection of secret keys with a unique key ID. If the file is outside the Integration Server or Microservices Runtime installation directory, provide the absolute path. Otherwise, place the file in your Integration Server or Microservices Runtime working directory.
The About page in Integration Server Administrator and Microservices Runtime Administrator displays the working directory. The watt.server.homeDir server configuration parameter also specifies the working directory.
Note:
Secret keyring files have a .skr extension.
secretKeyAlias
String. Optional. The 64 bit (16 characters) key identifier of the secret key.
Note:
This parameter is required only when you use secretKeyRing​File.
secretKey ​Passphrase
String. Password required to extract the private key from the secret key. This is the password provided while generating the secret key.
signingAlgorithm
String. The signing algorithm to use. Select one of the following:
*SHA256
*SHA384
*SHA512
*MD5
The default value is SHA256.
Note:
If the FIPS (Federal Information Processing Standards) mode is enabled, this service does not support the MD5 signing algorithm. FIPS mode can be enabled or disabled using the watt.security.fips.mode parameter.
Note:
If the secret key for signing the data is of the Digital Signature Algorithm (DSA) Key Type, this service does not support the MD5 signing algorithm.
Output Parameters
stream
java.io.OutputStream. Conditional. Signed and encrypted data in the form of an output stream, when the stream input parameter is provided.
bytes
byte[ ]. Conditional. Signed and encrypted data in bytes, when the bytes input parameter is provided.
status
String. Indicates whether the data is successfully signed and encrypted or not. If successful, status is success. Otherwise, status contains failure along with an error message.
Usage Notes
Use the pub.security:signAndEncrypt service when an external system connected to Integration Server requires signed and encrypted data.
Prerequisites to use the pub.security:signAndEncrypt service:
*Make sure that Integration Server has access to the external system's public key to encrypt data.
*Generate a secret key for Integration Server to sign the data.
Signing and encryption works as follows:
1. The service uses the secret key to sign the data.
2. The service then uses the external system's public key to encrypt the data.
3. The service returns the signed and encrypted data.
Authentication keys used in this service must be in the PGP format and generated using the RSA encryption algorithm.
Note:
Authentication keys in the .ecc format are not supported.