SMIME Pipeline Component
Properties Configuration Settings
The SMIME pipeline component implements the S/MIME standard for encryption and decryption with public key cryptography and X.509 digital certificates.
Remarks
The SMIME pipeline component is used for encrypting, decrypting, signing, and verifying messages. The pipeline component uses the S/MIME V3 standard for encryption and decryption and can also generate and verify RSA digital signatures.
Using the SMIME Encoder Pipeline Component
The Encoder takes an unencrypted/unsigned data entity and generates an SMIME entity as output.
Encrypting
The Encoder will only encrypt incoming data if the EncryptData property is set to True. Encrypting requires that the RecipientCert property is set to a certificate containing the public key that should be used to encrypt the data. The EncryptingAlgorithm and UseOAEP properties can be specified for further control of encryption.
Signing
The Encoder will only sign the data if the SignData property is set to True. Signing requires that the Certificate property is set to a certificate containing the private key that should be used to sign the data. The SigningAlgorithm and UsePSS properties can be specified for further control of the signature.
Using the SMIME Decoder Pipeline Component
The Decoder takes an encrypted/signed SMIME entity and will decrypt/verify the message and produce the original message.
Decrypting
The Decoder will only attempt to decrypt incoming data if the DecryptData property is set to True. Decryption requires that the Certificate property is set to a certificate containing the private key that can decrypt the data (the private key that is paired with the public key that was used to encrypt the data). The RequireOAEP property can be set to True to instruct the pipeline component to throw an error if the data was not encrypted with OAEP (Optimal Asymmetric Encryption Padding).
Verifying Signatures
The Decoder will only attempt to verify the signature of the incoming data if the VerifySignature property is set to True. Verification requires that the certificate used to sign the data was attached to the message, or that the SignerCert property is set to the signer's certificate. The RequirePSS property can be set to True to instruct the pipeline component to throw an error if the data was not signed with RSA-PSS (RSA Probabilistic Signature Scheme).
Encoder Property List
The following is the full list of the properties of the encoder pipeline component with short descriptions. Click on the links for further details.
Certificate | The Certificate used to sign (Encoder) and decrypt (Decoder) messages. |
EncryptData | Whether to encrypt the MIME data. |
EncryptingAlgorithm | The algorithm to use for encryption. |
IncludeCertificate | Specifies whether to include the signer's certificate with the signed message. |
IncludeChain | Specifies whether to include the signer's certificate chain with the signed message. |
IncludeHeaders | Specifies whether to include the message headers while encoding the message. |
Other | Defines a set of configuration settings to be used by the pipeline component. |
RecipientCert | The certificate used to encrypt the MIME data. |
SignData | Whether to sign the MIME data. |
SigningAlgorithm | Textual description of the signature hash algorithm. |
TempPath | The path to which temporary files are written at runtime. |
TransportLog | Tells the adapter where and how to report information about its operations. |
UseOAEP | Whether to use OAEP when encrypting the MIME data. |
UsePSS | Whether to use RSA-PSS when signing. |
Decoder Property List
The following is the full list of the properties of the decoder pipeline component with short descriptions. Click on the links for further details.
BodyPartIndex | If set, determines which MIME part to treat as the BizTalk Message Body. |
Certificate | The Certificate used to sign (Encoder) and decrypt (Decoder) messages. |
DecryptData | Whether to decrypt the incoming SMIME data. |
Other | Defines a set of configuration settings to be used by the pipeline component. |
RequireOAEP | Whether an error should be thrown if OAEP was not used to encrypt the incoming message. |
RequirePSS | Whether an error should be thrown if RSA-PSS was not used to encrypt the incoming message. |
SignerCert | Contains the certificate of the message signer. |
TempPath | The path to which temporary files are written at runtime. |
TransportLog | Tells the adapter where and how to report information about its operations. |
VerifySignature | Whether to attempt to verify the signature on the SMIME data. |
Configuration Settings
The following is a list of configuration settings for the pipeline component with short descriptions. Click on the links for further details.
ApplyB64Encoding | Instructs the adapter to base64 encode the message when signing or encrypting. |
GenerateSignatureTimestamp | Whether to generate timestamps in signatures. |
IncludeHeaders | Tells the adapter whether to include the headers when encoding the message. |
IncludeInternalHeaders | Tells the adapter whether or not to include the internal headers when encoding the message. |