SMIME Module
Properties Configuration Settings
The SMIME transformer implements the S/MIME standard for encryption and decryption with public key cryptography and X.509 digital certificates.
Remarks
The SMIME module is used for encrypting, decrypting, signing, and verifying messages. The module uses the S/MIME V3 standard for encryption and decryption and can also generate and verify RSA digital signatures.
SMIME Encoder Module
The Encoder takes an unencrypted/unsigned data entity and generates an SMIME entity as output.
Encrypting
The Encoder will only encrypt incoming data if the EncryptData property is set to True. Encrypting requires that the RecipientCert property is set to a certificate containing the public key that should be used to encrypt the data. The EncryptingAlgorithm and UseOAEP properties can be specified for further control of encryption.
Signing
The Encoder will only sign the data if the SignData property is set to True. Signing requires that the Certificate property is set to a certificate containing the private key that should be used to sign the data. The SigningAlgorithm and UsePSS properties can be specified for further control of the signature.
Encryption and Signing Example
Drag and drop the SMIME Encoder into a flow. The message you want to encode should be passed by another connector.
The EncryptData property is enabled by default, so all you need to do to set up encryption is set the RecipientCert property to the certificate that will be used to decode the message.
To enable signing, set the SignData property to True, then set the SignerCert property to your own certificate. SMIME Decoder Module
The Decoder takes an encrypted/signed SMIME entity and will decrypt/verify the message and produce the original message.
Decrypting
The Decoder will only attempt to decrypt incoming data if the DecryptData property is set to True. Decryption requires that the Certificate property is set to a certificate containing the private key that can decrypt the data (the private key that is paired with the public key that was used to encrypt the data). The RequireOAEP property can be set to True to instruct the module to throw an error if the data was not encrypted with OAEP (Optimal Asymmetric Encryption Padding).
Verifying Signatures
The Decoder will only attempt to verify the signature of the incoming data if the VerifySignature property is set to True. Verification requires that the certificate used to sign the data was attached to the message, or that the SignerCert property is set to the signer's certificate. The RequirePSS property can be set to True to instruct the module to throw an error if the data was not signed with RSA-PSS (RSA Probabilistic Signature Scheme).
Decryption and Verification Example
Drag and drop the SMIME Decoder into a flow. The message you want to decode should be passed by another connector.
The DecryptData property is enabled by default, so all you need to do to set up decryption is set the Certificate property to the certificate you want to use to decode the message.
To enable signature verification, set the VerifySignature property to True, then set the SignerCert property to the certificate that was used to sign the message.
Encoder Property List
The following is the full list of the properties of the encoder module with short descriptions. Click on the links for further details.
Certificate | The Certificate used to sign (Encoder) and decrypt (Decoder) messages. |
DetachedSignature | Specifies whether to include a detached signature when signing a message. |
EncryptData | Whether to encrypt the MIME data. |
EncryptingAlgorithm | The algorithm to use for encryption. |
IncludeCertificate | Specifies whether to include the signer's certificate with the signed message. |
IncludeChain | Specifies whether to include the signer's certificate chain with the signed message. |
IncludeHeaders | Specifies whether to include the message headers while encoding the message. |
InputMessageHeadersString | Headers from the SMIME message. |
LogFile | The file to write logging information to at runtime. |
LogMode | What information gets logged during component execution. |
LogType | How information gets logged during component execution. |
Other | Defines a set of configuration settings to be used by the transformer. |
RecipientCert | The certificate used to encrypt the MIME data. |
RuntimeLicense | Specifies the component runtime license key. |
SignData | Whether to sign the MIME data. |
SigningAlgorithm | Textual description of the signature hash algorithm. |
TempPath | The path to which temporary files are written at runtime. |
UseOAEP | Whether to use OAEP when encrypting the MIME data. |
UsePSS | Whether to use RSA-PSS when signing. |
Decoder Property List
The following is the full list of the properties of the decoder module with short descriptions. Click on the links for further details.
Certificate | The Certificate used to sign (Encoder) and decrypt (Decoder) messages. |
DecryptData | Whether to decrypt the incoming SMIME data. |
LogFile | The file to write logging information to at runtime. |
LogMode | What information gets logged during component execution. |
LogType | How information gets logged during component execution. |
Other | Defines a set of configuration settings to be used by the transformer. |
RequireOAEP | Whether an error should be thrown if OAEP was not used to encrypt the incoming message. |
RequirePSS | Whether an error should be thrown if RSA-PSS was not used to encrypt the incoming message. |
RuntimeLicense | Specifies the component runtime license key. |
SignerCert | Contains the certificate of the message signer. |
TempPath | The path to which temporary files are written at runtime. |
VerifySignature | Whether to attempt to verify the signature on the SMIME data. |
Configuration Settings
The following is a list of configuration settings for the module with short descriptions. Click on the links for further details.
ApplyB64Encoding | Instructs the component to base64 encode the message when signing or encrypting. |
GenerateSignatureTimestamp | Whether to generate timestamps in signatures. |
IncludeHeaders | Tells the component whether to include the headers when encoding the message. |
IncludeInternalHeaders | Tells the component whether or not to include the internal headers when encoding the message. |
UseMimeHeaderFilename | Tells the component to set the Filename based on the MIME headers. |