ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Archives - All » Wanted beta testers for new MQ encryption tool

This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.
 Wanted beta testers for new MQ encryption tool « View previous topic :: View next topic » 
Author Message
RogerLacroix
PostPosted: Fri Jul 20, 2007 1:18 pm    Post subject: Wanted beta testers for new MQ encryption tool Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

All,

Capitalware is looking beta testers to test / trial a new message encryption product for FREE. There are no requirements to purchase the product if you / your company decides to participate in the free trial of a product (i.e. no strings attached). The product's tentative name is 'MQ Instant Secure Data'.

MQ Instant Secure Data works as a channel message exit or channel send/receive exit. It encrypts / decrypts message flows over a channel between any 2 queue managers or between a client application and a queue manager.

The encryption is done with TEA Variant (128-bit encryption) using a random (unique) key for each message sent. It is lightning fast (I'll have some specs soon.).

It can be configured for the following channels: SENDER, SERVER, CLUSRCVR, SVRCONN, RECEIVER, REQUESTER, CLUSSDR & CLNTCONN.

The following platforms are currently supported (32-bit & 64-bit):
- AIX v5.1, 5.2, 5.3
- HP-UX v11.00, v11.11
- Solaris SPARC 8,9,10
- Solaris x86_64 10
- Linux x86, x86_64, POWER, zLinux
- Windows 2000, XP, 2003
- z/OS


Finally, as always, Capitalware will offer active beta testers a substantial discount off the MSRP for participating in the beta program, if the beta tester wishes to purchase the GA release of the product (time limited, of course).

If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.


Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
RogerLacroix
PostPosted: Thu Aug 02, 2007 1:07 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

All,

Besides node-to-node (QMgr-to-QMgr) encryption, I have decided to also support end-to-end (client-to-client) encryption in MQ Instant Secure Data.

I have also added the ability for the MQ Admin or application to specify their own 15-character PassPhrase (120-bits and 8-bits will be a random number to keep hackers at bay).

I have just finished writing the Java component for MQ Instant Secure Data and it works with any Java and / or J2EE applications. It too supports both node-to-node and end-to-end encryption.

Besides securing your company's internal MQ network, MQ Instant Secure Data can be used to secure MQ traffic over VAN network or even the internet.

If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
RogerLacroix
PostPosted: Fri Aug 17, 2007 8:27 am    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

All,

After many comments and questions, I have decided to create a 'solution' rather than simply a MQ exit. MQISD has involved from a channel encryption exit to simply an encryption solution called Instant Secure Data (ISD).

Instant Secure Data will include:
- MQISD for message/send/receive exit to do encryption / decryption
- MQISDJ for Java send/receive exit to do encryption / decryption
- CWISD API for any C/COBOL/.NET to call to do encryption / decryption of a data buffer
- CWISDJ API for Java to call to do encryption / decryption of a data buffer
- A stand-alone program to encrypt/decrypt the entire contents of a file (i.e. for scripting)


For a Java application to call the ISD API, the code would look like:
Code:
String inPassPhrase = "A3d4F_g6HLj8K9l";
byte[] inData = "this is a test message.".getBytes();
MQISDJ isd = new MQISDJ();
byte[] encData = isd.encryptData( inData, inPassPhrase);


For a 'C' application to call the ISD DLL/shared-module API, the code would look like:
Code:
rcode = ISD_Init( &handle, NULL, NULL, NULL);
rcode = ISD_EncryptData(&handle, passPhrase, origData,origDataLen, encryptData, encryptDataLen);
rcode = ISD_Term( &handle);


If you are interested in being a beta tester for MQ Instant Secure Data then please let me know.


Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Fri Aug 17, 2007 9:55 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Roger,

Just to keep my mind at ease:
(how)Do you do decryption prior to CCSID conversion? Of course your solution would have to be included into any channel conversion exit, first decrypting then doing the conversion and finally encrypting again right?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
RogerLacroix
PostPosted: Fri Aug 17, 2007 12:13 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

fjb_saper wrote:
(how)Do you do decryption prior to CCSID conversion? Of course your solution would have to be included into any channel conversion exit, first decrypting then doing the conversion and finally encrypting again right?
Hi,

I'm guessing you mean that the sender (or server) channel has the 'Data Conversion' set to Yes.

Flow:
- The data is converted by the queue manager before it is passed to the channel message exit.
- The channel message exit will encrypt the data and passed it back to the MCA.
- The sender MCA sends the encrypted data to the receiver MCA.
- Receiver MCA invokes the channel message exit to decrypt the data. The decrypted data is passed back to the MCA.
- The MCA puts the message into the queue.

Hope that helps.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Fri Aug 17, 2007 6:27 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Quote:
Instant Secure Data will include:
- MQISD for message/send/receive exit to do encryption / decryption
- MQISDJ for Java send/receive exit to do encryption / decryption
- CWISD API for any C/COBOL/.NET to call to do encryption / decryption of a data buffer
- CWISDJ API for Java to call to do encryption / decryption of a data buffer
- A stand-alone program to encrypt/decrypt the entire contents of a file (i.e. for scripting)

Still quite unclear:
Here is the scenario (message going from ccsid 1208 to ccsid 500 on a MF.

  1. message exit encrypts the data on put
  2. the encrypted data is sent to the MF.
  3. MF receives encrypted data and puts the message to the queue (still encrypted)
  4. client does a get with convert
  5. the message exit decrypts the data (still in 1208)
  6. when does the data get converted ??
  7. How will JMS fit into the picture ?

The assumption here is of course for a text message and a get with conversion...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
RogerLacroix
PostPosted: Fri Aug 17, 2007 8:27 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3252
Location: London, ON Canada

Hi,

Sorry, I've not given more information and assumed that people would understand what I was talking about. My bad.

Definitions:

- ISD Node-to-Node encryption is between any 2 queue managers using channel message exit (see description above).

- ISD End-to-End encryption is between any 2 client applications using send and receive exits.

Now to your comments: You are mixing apples and oranges. By this, I mean you want End-to-End encryption between Unix and mainframe. But the problem is MQ does NOT support client applications on the mainframe. Hence, what you are describing is simply not possible using standard exits with MQ.

Therefore, any MQ platform that does not support client applications cannot use ISD End-to-End encryption.

Of course, there is always a twist. If you are running a mainframe J2EE container (i.e. WAS) then it DOES support MQ client applications and hence, you can use ISD End-to-End encryption.

So, a Unix app to a mainframe COBOL program cannot be used with ISD End-to-End encryption. But it can do a Unix app to a mainframe J2EE application and here is the description:

- Unix Client app puts a message to a remote queue (transmit queue) on a Unix queue manager
- Client MCA of CLNTCONN invokes the ISD send exit and the data is encrypted and then message is put to the remote queue (i.e. xmitq)
- Unix QMgr MCA transmits the encrypted message to the mainframe MCA.
- The mainframe MCA puts the encrypted message on the mainframe local queue.
- Finally, the mainframe J2EE client application does a Get with Convert and the following happens:
- - Get with Convert is issued
- - The mainframe client MCA retrieves the message from the queue and invokes the ISD receive exit.
- - The ISD receive exit decrypts the message and passes the data back to the MCA
- - The client MCA then calls its internal data conversion routine because of the convert option on the Get.
- - The client MCA passes the decrypted and converted message to the J2EE client application.

So, does that make it any clearly?

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
fjb_saper
PostPosted: Sat Aug 18, 2007 2:58 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

I believe this clarifies it much more.

Thanks
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies. Page 1 of 1

MQSeries.net Forum Index » Archives - All » Wanted beta testers for new MQ encryption tool
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.