PGP SupportPac for IBM Integration Bus

 

PGP SupportPac Features

Easily pluggable to IBM Integration Bus Toolkit

Once PGP SupportPac plugins is applied to the IBM Integration Bus Toolkit, PGP Encrypter/Decrypter nodes will be available in the PGP drawer of the message flow node palette.

Easy Runtime Installation

It requires standard UserDefined Node installation process. SupportPac ships with following runtime libraries (.jar files) which needs to be placed at Broker's User Lil Path.

bcpg-jdk15on-149.jar
bcprov-ext-jdk15on-149.jar
com.ibm.broker.supportpac.PGP.jar

PGP key pair generation and key/repository management

This SupportPac ships with a Java based command-line tool (pgpkeytool) for PGP key generation and key/repository management. You do not need any third-party open source or commercial tool for PGP key/repository management.

Centralized key repository and some default parameters configuration through UserDefined Configurable Service

You do not need to specify private/public key repository details, default sign key and passphrase, decryption key passphrase information at each PGP Encrypter/Decrypter node used in the messageflow.
Just create a UserDefined Configurable Service for all (or a group of messageflows) and specify the service name at node properties.
In general just one Configurable Service is sufficient for all the messageflows deployed in a Broker.

PGP Encrypter Node

• Provides PGP signature generation (optional) and encryption functionalities.
• Supports both Message and File encryption regardless of transport protocol or message domain.
• Node can be configured to write encrypted data into Output Message Tree or File System directly.
• In case of File encryption, Input file can be deleted or archived (with or without timestamp suffix) after successful encryption process.
• Some node properties can be overridden at node's input local environment during runtime. Node properties overridden at input local environment are applicable at current invocation of the messageflow only.
• Node reads PGP private/public keys and default signature key/passphrase information configured at UserDefined Configurable Service.
• Key information can be provided as either Key User Id (e.g. Sender sender-pgp-keys@ibm.com) or Hexadecimal Key Id (e.g. 0x73E56D78)
• Supports wide range of required algorithms.

1. Hash (Digest) Algorithms: MD5, SHA1, RIPEMD160, MD2, SHA256, SHA384, SHA512, SHA224
2. Cipher Algorithms: IDEA, TRIPLE_DES, CAST5, BLOWFISH, DES, AES_128, AES_192, AES_256, TWOFISH
3. Compression Algorithms: UNCOMPRESSED, ZIP, ZLIB, BZIP2

PGP Decrypter Node

• Provides PGP signature validation (optional) and decryption functionalities.
• Supports both Message and File decryption.
• Node can be configured to write decrypted data into Output Message Tree or File System directly.
• In case of File decryption, Input file can be deleted or archived (with or without timestamp suffix) after successful decryption process.
• Some node properties can be overridden at node's input local environment during runtime. Node properties overridden at input local environment are applicable at current invocation of the messageflow only.
• Node reads PGP private/public keys and default decryption key passphrase information configured at UserDefined Configurable Service.

Conclusion

• This SupportPac provides application-layer security enforcing data confidentiality and integrity powered by PGP cryptographic solution.
• Current version (v1.0.0.1) of this SupportPac only supports signature generation/validation integrated with encryption/decryption process.
• Future version will provide isolated signature generation/validation functionalities.
• Future version will provide better GUI at node properties view.
• Future version of pgpkeytool will be powered by user-friendly GUI similar to IBM Key Management tool shipped with Websphere MQ.
•  Reference: https://www.ibm.com/developerworks/community/groups/community/pgpsupportpaciib