| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
 |
|
| Wanted beta testers for new MQ encryption tool |
« View previous topic :: View next topic » |
| Author |
Message
|
| RogerLacroix |
 Posted: Fri Jul 20, 2007 1:18 pm Post subject: Wanted beta testers for new MQ encryption tool |
 |
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
Capitalware is looking beta testers to test / trial a new message encryption product for FREE. There are no requirements to purchase the product if you / your company decides to participate in the free trial of a product (i.e. no strings attached). The product's tentative name is 'MQ Instant Secure Data'.
MQ Instant Secure Data works as a channel message exit or channel send/receive exit. It encrypts / decrypts message flows over a channel between any 2 queue managers or between a client application and a queue manager.
The encryption is done with TEA Variant (128-bit encryption) using a random (unique) key for each message sent. It is lightning fast (I'll have some specs soon.).
It can be configured for the following channels: SENDER, SERVER, CLUSRCVR, SVRCONN, RECEIVER, REQUESTER, CLUSSDR & CLNTCONN.
The following platforms are currently supported (32-bit & 64-bit):
- AIX v5.1, 5.2, 5.3
- HP-UX v11.00, v11.11
- Solaris SPARC 8,9,10
- Solaris x86_64 10
- Linux x86, x86_64, POWER, zLinux
- Windows 2000, XP, 2003
- z/OS
Finally, as always, Capitalware will offer active beta testers a substantial discount off the MSRP for participating in the beta program, if the beta tester wishes to purchase the GA release of the product (time limited, of course).
If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Thu Aug 02, 2007 1:07 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
Besides node-to-node (QMgr-to-QMgr) encryption, I have decided to also support end-to-end (client-to-client) encryption in MQ Instant Secure Data.
I have also added the ability for the MQ Admin or application to specify their own 15-character PassPhrase (120-bits and 8-bits will be a random number to keep hackers at bay).
I have just finished writing the Java component for MQ Instant Secure Data and it works with any Java and / or J2EE applications. It too supports both node-to-node and end-to-end encryption.
Besides securing your company's internal MQ network, MQ Instant Secure Data can be used to secure MQ traffic over VAN network or even the internet.
If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Aug 17, 2007 8:27 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
After many comments and questions, I have decided to create a 'solution' rather than simply a MQ exit. MQISD has involved from a channel encryption exit to simply an encryption solution called Instant Secure Data (ISD).
Instant Secure Data will include:
- MQISD for message/send/receive exit to do encryption / decryption
- MQISDJ for Java send/receive exit to do encryption / decryption
- CWISD API for any C/COBOL/.NET to call to do encryption / decryption of a data buffer
- CWISDJ API for Java to call to do encryption / decryption of a data buffer
- A stand-alone program to encrypt/decrypt the entire contents of a file (i.e. for scripting)
For a Java application to call the ISD API, the code would look like:
| Code: |
String inPassPhrase = "A3d4F_g6HLj8K9l";
byte[] inData = "this is a test message.".getBytes();
MQISDJ isd = new MQISDJ();
byte[] encData = isd.encryptData( inData, inPassPhrase); |
For a 'C' application to call the ISD DLL/shared-module API, the code would look like:
| Code: |
rcode = ISD_Init( &handle, NULL, NULL, NULL);
rcode = ISD_EncryptData(&handle, passPhrase, origData,origDataLen, encryptData, encryptDataLen);
rcode = ISD_Term( &handle); |
If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 17, 2007 9:55 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Roger,
Just to keep my mind at ease:
(how)Do you do decryption prior to CCSID conversion? Of course your solution would have to be included into any channel conversion exit, first decrypting then doing the conversion and finally encrypting again right?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Aug 17, 2007 12:13 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| fjb_saper wrote: |
| (how)Do you do decryption prior to CCSID conversion? Of course your solution would have to be included into any channel conversion exit, first decrypting then doing the conversion and finally encrypting again right? |
Hi,
I'm guessing you mean that the sender (or server) channel has the 'Data Conversion' set to Yes.
Flow:
- The data is converted by the queue manager before it is passed to the channel message exit.
- The channel message exit will encrypt the data and passed it back to the MCA.
- The sender MCA sends the encrypted data to the receiver MCA.
- Receiver MCA invokes the channel message exit to decrypt the data. The decrypted data is passed back to the MCA.
- The MCA puts the message into the queue.
Hope that helps.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Aug 17, 2007 6:27 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| Quote: |
Instant Secure Data will include:
- MQISD for message/send/receive exit to do encryption / decryption
- MQISDJ for Java send/receive exit to do encryption / decryption
- CWISD API for any C/COBOL/.NET to call to do encryption / decryption of a data buffer
- CWISDJ API for Java to call to do encryption / decryption of a data buffer
- A stand-alone program to encrypt/decrypt the entire contents of a file (i.e. for scripting) |
Still quite unclear:
Here is the scenario (message going from ccsid 1208 to ccsid 500 on a MF.
- message exit encrypts the data on put
- the encrypted data is sent to the MF.
- MF receives encrypted data and puts the message to the queue (still encrypted)
- client does a get with convert
- the message exit decrypts the data (still in 1208)
- when does the data get converted ??
- How will JMS fit into the picture ?
The assumption here is of course for a text message and a get with conversion...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Aug 17, 2007 8:27 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
Sorry, I've not given more information and assumed that people would understand what I was talking about.  My bad. 
Definitions:
- ISD Node-to-Node encryption is between any 2 queue managers using channel message exit (see description above).
- ISD End-to-End encryption is between any 2 client applications using send and receive exits.
Now to your comments: You are mixing apples and oranges. By this, I mean you want End-to-End encryption between Unix and mainframe. But the problem is MQ does NOT support client applications on the mainframe. Hence, what you are describing is simply not possible using standard exits with MQ.
Therefore, any MQ platform that does not support client applications cannot use ISD End-to-End encryption.
Of course, there is always a twist.  If you are running a mainframe J2EE container (i.e. WAS) then it DOES support MQ client applications and hence, you can use ISD End-to-End encryption.
So, a Unix app to a mainframe COBOL program cannot be used with ISD End-to-End encryption. But it can do a Unix app to a mainframe J2EE application and here is the description:
- Unix Client app puts a message to a remote queue (transmit queue) on a Unix queue manager
- Client MCA of CLNTCONN invokes the ISD send exit and the data is encrypted and then message is put to the remote queue (i.e. xmitq)
- Unix QMgr MCA transmits the encrypted message to the mainframe MCA.
- The mainframe MCA puts the encrypted message on the mainframe local queue.
- Finally, the mainframe J2EE client application does a Get with Convert and the following happens:
- - Get with Convert is issued
- - The mainframe client MCA retrieves the message from the queue and invokes the ISD receive exit.
- - The ISD receive exit decrypts the message and passes the data back to the MCA
- - The client MCA then calls its internal data conversion routine because of the convert option on the Get.
- - The client MCA passes the decrypted and converted message to the J2EE client application.
So, does that make it any clearly?
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Aug 18, 2007 2:58 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I believe this clarifies it much more. 
Thanks
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
