| Author |
Message
|
| bduncan |
 Posted: Thu Aug 02, 2001 2:20 pm Post subject: |
 |
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
I seem to recall that IBM produced a RedBook about using Channel Exits, specifically, doing message level encryption. We are interested in encrypting our messages without having to buy some expensive third-party tool like MQSecure from Candle. I know there aren't any support packs for encryption (except the one that uses Entrust, but again, that's a commercial product). Or better yet maybe someone's written such an exit themselves in C perhaps and would be willing to share??? 
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
 |
| NickB |
| Posted: Fri Aug 03, 2001 5:23 am Post subject: |
|
|
Centurion
Joined: 20 May 2001
Posts: 107
Location: Zurich Financial Services
|
There is a support pack for doing message compression which will in effect "encrypt" the message although the algorithm is only simple run-length encoding so may not scramble the message that much.
If you want full encryption then I think you're going to have to buy a commercial product. We use a digital signing and encrypting channel exit but this was written for us by a 3rd party software house - can't share it with the forum I'm afraid! |
|
| Back to top |
|
|
| bduncan |
| Posted: Fri Aug 03, 2001 8:53 am Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
Well, it turns out IBM did produce a redbook called "MQSeries Security: Example of Using a Channel Security Exit, Encryption and Decryption" - the product id is SG24-5306. And this actually contains the C source code for an RSA public key encryption using security and channel exits. It looks like it does everything these third-party (costly) products. We are going to be compiling, testing, and hopefully implementing this. It's actually a very interesting chunk of code, so if you want to learn a little more about encryption, especially with respect to MQSeries, take a look at it...
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
|
| Tibor |
| Posted: Sat Aug 04, 2001 12:22 pm Post subject: |
|
|
Grand Master
Joined: 20 May 2001
Posts: 1033
Location: Hungary
|
I did a succesfull compiling from Security RedBook, but ... it is only working (now) on NT. However, if someone is interesting on it, I'll upload into the MQSeries.net's Software Repository.
There was a lot of problem with it because RSAEuro lib source was buggy.
|
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Aug 04, 2001 10:19 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Sure, upload it. I would like to see it.
later
Roger... |
|
| Back to top |
|
|
| bduncan |
| Posted: Sun Aug 05, 2001 10:09 pm Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
Yes, just email it as an attachment to brandon@mqseries.net and I'll put it up. BTW, some people have asked why I don't let users upload files themselves, and well, since this is source code that is expected to be compiled and executed, I don't want anyone slipping any trojan horses or viruses our way, so I'm trying to check things before they get posted...
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
|
| bduncan |
| Posted: Tue Aug 07, 2001 1:26 am Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
Thank you Tibor! You code has been added to the repository. I tested this out on an NT box. I created two queue managers on the same machine and set up a channel going from one to the other. When I started the channel, the log files from the channel exit program show that the DLL on each side exchanged handshakes and passed each other's keys. Once this happened I could send messages across that would get encrypted. I only had a few minutes to play with it before going home this evening, but it looks like it was chopping the last few bytes off my messages! I will try to figure out what's going on tommorrow, it may just be my problem. But otherwise everything is apparently working. Thanks again Tibor!
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator |
|
| Back to top |
|
|
| skytorch |
| Posted: Wed Aug 07, 2002 12:26 pm Post subject: |
|
|
Apprentice
Joined: 10 Jun 2002
Posts: 47
Location: New York City
|
Hi,
I've followed precisely what's described in the redbook and the README written by Brandon. After I compiled everything successfully, generated pub/private keys, config channels, set env variables etc, I started the channel. I got:
[code]
C:\Program Files\MQSeries\bin>runmqchl -c SDR.4001 -m QM4001
04L1830,5639-B43 (C) Copyright IBM Corp. 1994, 1998. ALL RIGHTS RESERVED.
08/07/2002 16:55:44 Channel program started.
MQS9400I SKY WT05219A MQCHEXIT ChannelExit started
08/07/2002 16:55:45 AMQ9536: Channel ended by an exit.
08/07/2002 16:55:45 AMQ9999: Channel program ended abnormally.
[/code]
What could be wrong here ?
I suspected the environment variable:
- MQSCY_KEYFILEPATH
- MQSCY_LOGFILEPATH
are not picked up since the log info is directed to stdout and I don't see log file in the MQSCY_LOGFILEPATH directory. But after I restarted the machine, it's the same problem.
Did I miss something? Thanks.
Sky
[/list] |
|
| Back to top |
|
|
| skytorch |
| Posted: Wed Aug 07, 2002 1:40 pm Post subject: |
|
|
Apprentice
Joined: 10 Jun 2002
Posts: 47
Location: New York City
|
Hi,
The above problem is cause by env variables. It's fixed.
However, I only saw log file for the sender's QM when I started sender. Am i supposed to see the log file of receiver's QM too ? (they're at the same machine).
Also I don't see handshake messages - I only saw "send and security exits are started" in the sender's log file. Debug mode is set for security exit data attribute. Did I miss anything ?
Thanks.
Sky |
|
| Back to top |
|
|
| harwinderr |
| Posted: Tue Sep 03, 2002 10:25 pm Post subject: |
|
|
Voyager
Joined: 29 Jan 2002
Posts: 90
|
Hello All,
I tested Tibor's code on a SUN box successfully 
But I am facing the same problem as faced by bduncan i.e. it is chopping the last few bytes off my message. Guess, it has to do something with mqexit code only. Though I didnt had time to go through it.
But other than that everything seems to working fine which I was able to verify from the log files. |
|
| Back to top |
|
|
| EnOne |
| Posted: Thu Oct 17, 2002 1:03 pm Post subject: environment variables |
|
|
Centurion
Joined: 09 Oct 2002
Posts: 100
Location: Kansas City
|
I also ran into a problem with the environment variables.
The solution:
MQSCY_LOGFILEPATH is C:\Key\Log\
MQSCY_KEYFILEPATH is C:\Key\
Most environment variables do not have a backslash after the name of the directory. This DLL does need it or it will be unable to find the keyfiles. A quick check to see if this is your problem is to look at the directory that the logfile is writing to. If it is one directory too high then this is likely your problem. |
|
| Back to top |
|
|
| rajmq |
| Posted: Sun Jan 12, 2003 11:52 pm Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi
I need to implement Channel Exit (Encryption & Decryption),
Just i had seen all ur posts.
But i coud't find any channel programs in Software repository,Can u give the url path or programs names.
thanks
raj |
|
| Back to top |
|
|
| bduncan |
| Posted: Mon Jan 13, 2003 4:40 pm Post subject: |
|
|
Padawan
Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
|
|
| Back to top |
|
|
| rajmq |
| Posted: Sun Mar 30, 2003 5:26 am Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi to All
I am using Tibor's code for implementing Channel Exits.
But I have some doubts ..
1. first i created QMGRS.INP it is contains two qmgrs WT05219A,
WT05219B.
2. Created one sender channel to WT05219A QMGR(name is WT05219A.TC.WT05219B)
and one Receiver Channel to WT05219B QMGR(name is WT05219A.TC.WT05219B).
3.After creating Cssd.exe i copied both files QMGRS.INP and Channel.INP in the same directory.
QMGRS.INP:
WT05219A
WT05219B
CHANNELS.INP:
WT05219A.TC.WT05219B //sender channel
WT05219A
WT05219B
WT05219A.TC.WT05219B //receiver channel
WT05219A
WT05219B
4.While running the Cssd.exe file i got two .prv files and two .pub files
5.The above files In QMGR which dirctory i want to copy?? //currently i copied these files to ../qmgrs/ directory
6.and also i copied MQCHEXIT.DLL to ../exits/ directory (is it correct??)
7.after reboot the system i tried to start the sender channel i am getting error AMQ4063..
I checked the qmgrs logs but i am not able to see error in the files...
can anyone tell what i did wrong in the above steps??
thanks in Advance
raj |
|
| Back to top |
|
|
| rajmq |
| Posted: Sun Mar 30, 2003 9:42 pm Post subject: |
|
|
Partisan
Joined: 29 Sep 2002
Posts: 331
Location: USA
|
Hi to All
Sorry i given wrong Xmitq name ie reason i got AMQ4063 error.But Still i don't have luck while starting the sender channel i am getting error like
Channel ended by an exit.
Channel program 'WT05219A.TC.WT05219B' was ended by exit 'MQCHEXIT(ChannelExit)'.
In QMGr logs also i am getting same error.
can anyone help me out!!!
regards
raj |
|
| Back to top |
|
|
|
|
