| Author |
Message
|
| shogan2003 |
 Posted: Mon Sep 27, 2004 7:13 am Post subject: Encryption and certificates and DIY |
 |
|
Centurion
Joined: 03 Jul 2003
Posts: 133
Location: London
|
I have two queries :
I'd like to be able to specify encryption at either end of the channel without having to use certificates, i.e. just specify encryption method. However I don't want to code an exit to perform the encryption.
To test that SSL is set up, I'd need a 'sniffer' program that can be installed on Solaris to monitor the channel and verify that the message is encrypted in transit.
Maybe I should build the encryption into my MQPut and MQGet adapters instead. I wonder if others have opted for that approach in their architectures instead of entrusting security to the channel.
_________________
MQSI2 certified specialist
MQSeries certified specialist |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Mon Sep 27, 2004 7:22 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You can not perform encryption without some sort of encryption key, at least not any encryption that counts as "secure".
Certificates contain public keys.
In other words, you have to use certificates.
You need to better understand your security requirements before you decide what you are going to do. Do you want to secure the contents of the message when it moves from one queue manager to another? Or do you want to secure the contents of the message while it is sitting on a queue?
If you want to secure the contents of the message while it is sitting on the queue, you need to either code it yourself, code an API exit, or buy a product (that likely codes an API exit).
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| shogan2003 |
| Posted: Mon Sep 27, 2004 7:37 am Post subject: |
|
|
Centurion
Joined: 03 Jul 2003
Posts: 133
Location: London
|
The requirement is for security over the channel.
Yet if the message contents are secure on the queue then they'll be secure over the channel.
I never did get my head around the description of RSA in that great book by Simon Singh
_________________
MQSI2 certified specialist
MQSeries certified specialist |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Sep 27, 2004 7:47 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
See if you can find a copy of Morag Hughson's presentation on SSL from Transaction&Messaging 2003.
It's excellent.
And yes, if the message body is encrypted, then it will be encrypted on the channel. But the headers won't - which includes things like username.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| shogan2003 |
| Posted: Mon Sep 27, 2004 7:51 am Post subject: |
|
|
Centurion
Joined: 03 Jul 2003
Posts: 133
Location: London
|
Thanks very much for your kind advice, especially the reminder regarding the header.
_________________
MQSI2 certified specialist
MQSeries certified specialist |
|
| Back to top |
|
|
|
|
