ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » AMS performed by MCA ?

Post new topic  Reply to topic
 AMS performed by MCA ? « View previous topic :: View next topic » 
Author Message
KIT_INC
PostPosted: Sun Apr 03, 2016 9:27 am    Post subject: AMS performed by MCA ? Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 589
My current program sends data between QM1 and QM2

QM1 - APPLA MQPUT to remote queue (RQA) using userId userA

DEF QR(RQA) RNAME(QB) RQMNAME(QM2)

QM2 - APPLB MQGET from QB using userId mqm

I want to use AMS to protect the message, so I set up according to the manual

1. Define Keystores and certificates for userA and mqm
2, def AMS policy for RQA and QB
- Policy for RQA is userA can encypt (-a) and mqm can decrypt (-r)
- Policy for QB is userB can encrypt and mqm can decrypt (-r)
3. set up keystore.conf under home directory of userA and mqm so that MQ AMS know where is the keystore and what cert to use.

Here is what I expect to happen
1.When APPLA puts the message to the RQA, AMS takes action , encrypt the message and put it to the XMITQ.
2.The encrypted message will be sent across the channel to QM2
MCA of QM2 will put the message to QB
3. APPLB on QM2 running under mqm, will using AMS info specified in /home/mqm/keystore.conf and GET the message off QB unprotected (i.e. decrypted).

My question is if the MCA of QM2 is running under mqm, when it MQPUT the message to QB, will the message be encrypted once more ?

If that is the case, how can userB decrypt twice to read the proper message ?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Apr 03, 2016 9:28 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Have you tried it? What happened?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
KIT_INC
PostPosted: Mon Apr 04, 2016 5:55 am    Post subject: Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 589
No, still waiting for scheduling of test server that has AMS install (MQ V701 with AMS V7).
The simple case I mentioned here is just to explain what I like to know. The fact is we have quite a number of program Getting message using the mqm userId. According to the manual, AMS is implemented as an API exit. Since MCA is using the MQ API, I think it will be invoked. But I am not sure if AMS can detected that the message already has the PDMQ indicator is skip the protection.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » AMS performed by MCA ?
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.