Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Monday, November 21, 2016

PGP SupportPac for IBM Integration Bus


 

PGP SupportPac Features

Easily pluggable to IBM Integration Bus Toolkit

Once PGP SupportPac plugins is applied to the IBM Integration Bus Toolkit, PGP Encrypter/Decrypter nodes will be available in the PGP drawer of the message flow node palette.

Easy Runtime Installation

It requires standard UserDefined Node installation process. SupportPac ships with following runtime libraries (.jar files) which needs to be placed at Broker's User Lil Path.
bcpg-jdk15on-149.jar
bcprov-ext-jdk15on-149.jar
com.ibm.broker.supportpac.PGP.jar

PGP key pair generation and key/repository management

This SupportPac ships with a Java based command-line tool (pgpkeytool) for PGP key generation and key/repository management. You do not need any third-party open source or commercial tool for PGP key/repository management.

Centralized key repository and some default parameters configuration through UserDefined Configurable Service

You do not need to specify private/public key repository details, default sign key and passphrase, decryption key passphrase information at each PGP Encrypter/Decrypter node used in the messageflow.
Just create a UserDefined Configurable Service for all (or a group of messageflows) and specify the service name at node properties.
In general just one Configurable Service is sufficient for all the messageflows deployed in a Broker.

PGP Encrypter Node

  • Provides PGP signature generation (optional) and encryption functionalities.
  • Supports both Message and File encryption regardless of transport protocol or message domain.
  • Node can be configured to write encrypted data into Output Message Tree or File System directly.
  • In case of File encryption, Input file can be deleted or archived (with or without timestamp suffix) after successful encryption process.
  • Some node properties can be overridden at node's input local environment during runtime. Node properties overridden at input local environment are applicable at current invocation of the messageflow only.
  • Node reads PGP private/public keys and default signature key/passphrase information configured at UserDefined Configurable Service.
  • Key information can be provided as either Key User Id (e.g. Sender sender-pgp-keys@ibm.com) or Hexadecimal Key Id (e.g. 0x73E56D78)
  • Supports wide range of required algorithms.
  1. Hash (Digest) Algorithms: MD5, SHA1, RIPEMD160, MD2, SHA256, SHA384, SHA512, SHA224
  2. Cipher Algorithms: IDEA, TRIPLE_DES, CAST5, BLOWFISH, DES, AES_128, AES_192, AES_256, TWOFISH
  3. Compression Algorithms: UNCOMPRESSED, ZIP, ZLIB, BZIP2

PGP Decrypter Node

  • Provides PGP signature validation (optional) and decryption functionalities.
  • Supports both Message and File decryption.
  • Node can be configured to write decrypted data into Output Message Tree or File System directly.
  • In case of File decryption, Input file can be deleted or archived (with or without timestamp suffix) after successful decryption process.
  • Some node properties can be overridden at node's input local environment during runtime. Node properties overridden at input local environment are applicable at current invocation of the messageflow only.
  • Node reads PGP private/public keys and default decryption key passphrase information configured at UserDefined Configurable Service.

Conclusion

  • This SupportPac provides application-layer security enforcing data confidentiality and integrity powered by PGP cryptographic solution.
  • Current version (v1.0.0.1) of this SupportPac only supports signature generation/validation integrated with encryption/decryption process.
  • Future version will provide isolated signature generation/validation functionalities.
  • Future version will provide better GUI at node properties view.
  • Future version of pgpkeytool will be powered by user-friendly GUI similar to IBM Key Management tool shipped with Websphere MQ.
  •  Reference: https://www.ibm.com/developerworks/community/groups/community/pgpsupportpaciib
at No comments:
Labels: , , , , , , , ,

Tuesday, October 11, 2016

SSL

mqsichangeproperties PPSBKRQB01 -e INT3000_INT3099 -o HTTPSConnector -n sslProtocol -v SSLv3
mqsichangeproperties PPSBKRQB01 –e INT3000_INT3099 -o HTTPSConnector -n explicitlySetPortNumber -v 7849


mqsichangeproperties PPSBKRQB01 -e INT3000_INT3099 -o HTTPSConnector -n keystoreFile -v /home/eimb/PPSBKRQB01.jks


mqsichangeproperties PPSBKRQB01 -e INT3000_INT3099 -o HTTPSConnector -n keystoreType -v JKS


mqsichangeproperties PPSBKRQB01 -e INT3000_INT3099 -o HTTPSConnector -n keystorePass -v passw0rd



keytool -genkey -alias PPSBKRQB01 -keystore PPSBKRQB01.jks -keysize 2048 -validity 3650

keytool -export -alias PPSBKRQB01_PSES -file PPSBKRQB01_PSES.cer -keystore PPSBKRQB01_PSES.jks


mqsichangeproperties PPSBKRD01  -o BrokerRegistry  -n brokerKeystoreFile  -v /MQHA/PPSBKRD01/data/mqsi/ssl/PPSBKRD01.jks
mqsisetdbparms PPSBKRDB01  -n brokerKeystore::password  -u ignore  -p passw0rd
mqsichangeproperties PPSBKRDB01   -b httplistener   -o HTTPSConnector   -n keystoreFile   -v /MQHA/PPSBKRD01/data/mqsi/ssl/PPSBKRD01.jks
mqsichangeproperties PPSBKRDB01   -b httplistener   -o HTTPSConnector   -n keystorePass   -v passw0rd
mqsichangeproperties PPSBKRDB01 –e INT3000_INT3099 -o HTTPSConnector -n explicitlySetPortNumber -v 7849
at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

Distributed Computing: A Guide to Comparing Data Between Hive Tables Using Spark

In big data, efficient data comparison is essential for ensuring data integrity and validating data migrations. Apache Spark, with its in-me...