| Author |
Message
|
| George Carey |
 Posted: Thu May 03, 2012 1:28 pm Post subject: digital signature question |
 |
|
Knight
Joined: 29 Jan 2007
Posts: 500
Location: DC
|
As part of a Data Power digital signature, there is a timestamp with elements creation date/time and expires date/time . I believe the default value of 5 minutes is the normal delta between create and expires time.
Question(s): Does a receiving DP device ... processing the Digital signature signed by the sender (another Data Power) fail if the expired time on the signature is reached or exceeded? Does this expiration time have to be enforced or can it be ignored(or treated as a warning) via a DataPower setting of some kind to allow the message to be processed anyway ?
Regards,
GTC
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding") |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Thu May 03, 2012 4:10 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Can you be more specific when you refer to DataPower's digital signature?
5 mins sounds excessively short. Usually a CA cert is valid for a year... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| George Carey |
| Posted: Fri May 04, 2012 3:42 pm Post subject: Not the Cert itself |
|
|
Knight
Joined: 29 Jan 2007
Posts: 500
Location: DC
|
No not talking about the Cert itself ... yes that is normally 1-3 years.
I mean an actual XML message's signature that gets a timestamp as part of the XML digital signature protocol ...
The timestamp has a create date/time and expries date/time associated with the signature and that is typically 5 minutes ... basically a time to live delta for the signature.
With that ... then my original question.
GTC
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding") |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat May 05, 2012 1:23 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
you did not specify, what kind of cert are you using to sign the message.
DP is a little bit "quirky" with it's own certs. If it is a CA signed cert this sounds strange and certainly worthy of a PMR...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| sumit |
| Posted: Wed May 16, 2012 2:26 am Post subject: |
|
|
Partisan
Joined: 19 Jan 2006
Posts: 398
|
Open the 'Sign' action window of your rule and select the 'Advance' tab. A property here is 'Timestamp Expiration Override Period'. To me this looks like the key.
5 mins as you mentioned is the default time.
_________________
Regards
Sumit |
|
| Back to top |
|
|
|
|
