Encrypting and Decrypting Data
Trading Networks does not encrypt or decrypt documents. However, Trading Networks maintains x.509v3 certificates for other webMethods components, such as webMethods RosettaNet Module. These certificates are used for encrypting documents that are sent to partners and decrypting the encrypted documents that are received from partners.
If the other webMethods components, such as webMethods RosettaNet Module requires Encrypt certificates, save a partner’s Encrypt certificate in the partner’s profile. You can also add your own functionality that takes advantage of this certificate information. You can obtain the certification information by using built-in services.
Note: Trading Networks does not check to see if the CA that signed the Encrypt certificate is in the list of trusted CAs that the Integration Server maintains. If you include the private key in this certificate information, this certificate information can also be used to decrypt documents that were encrypted with the partner’s public key. You might have the private key if the profile describes an internal group, for example a department within your corporation.
When you encrypt a document to send to a partner, Trading Networks looks at the partner’s profile to see if it contains the specific public certificate to use to encrypt the document. If Trading Networks finds a set of certificates to use for that specific receiver, it uses the appropriate certificate in that set. If Trading Networks does not find a set of certificates to use for that specific receiver, it uses the default set of certificates specified in the partner’s profile.
If the webMethods components require Decrypt certificates, save your Decrypt certificate in the owner’s profile. Because you can store Decrypt certificates in the owner’s profile, you can set up alternate Decrypt certificates for different partners. You can also specify a default Decrypt certificate by providing the certificate information in the owner’s profile. If a default Decrypt certificate is defined, then Trading Networks will use this default Decrypt certificate when a partner-specific Decrypt certificate is not available.
Note: Trading Networks does not check to see if the CA that signed the Decrypt certificate is in the list of trusted CAs that the Integration Server maintains.
When a partner sends an encrypted document to you, Trading Networks looks at your profile to see if it contains the specific private key to use to decrypt the document. If Trading Networks finds a set of certificates to use for that specific receiver, it uses the appropriate private key in that set. If Trading Networks does not find a set of certificates to use for that specific receiver, it uses the default set of private keys defined in the Default profile for partners.