Blog

Managed File Transfer and Network Solutions

Applying AS2 Encryption

Posted by John Carl Villanueva on Tue, Feb 02, 2016 @ 02:17 AM

Overview

If your AS2 connection already runs over HTTPS, your EDI messages should already be protected by the data-in-motion encryption that comes with SSL/TLS. But what if you want an added layer of security or if you're somehow only using HTTP and want to encrypt your transmission? You'll need something like this. 


I'll assume you already have an operational AS2 service running on JSCAPE MFT Server and that's it's protected by HTTPS. In case you don't have that yet, this post should help you get one up and running in no time:

The Quickstart Guide To Setting Up An AS2 Server

 

Already got that AS2 server up? Let's proceed with our main topic then.

Let's start by discussing what you need to do on the receiving end of an AS2 connection.

receiving_as2_server.png

Setting up decryption on the AS2 receiver

The destination server or receiver is the server that will be receiving the encrypted AS2 message. You need to configure this server so that it will be capable of decrypting the encrypted message. To do that, go to Server > Settings > Web > AS2 tab.

Tick the Decryption key check box and select an existing server key from the drop-down list. In our example, we choose the server key that has been assigned the alias "example_rsa". This tells our server to use the private key of server key example_rsa for decrypting incoming AS2 messages.

To learn more about server keys and where to create them, read the post Roles of Server and Client Keys in Secure File Transfers.

 

as2_decryption.png

 

As soon as you're done, click the Save changes button found at the lower-right corner of that screen. 

With that, this server should now be capable of decrypting AS2 messages. However, it's important to note that it will only be capable of decrypting those AS2 messages that have been encrypted by copies of example_rsa's corresponding public key.

Thus, if you want this server to decrypt AS2 messages coming from a particular trading partner, that trading partner should have in its possession a copy of the said public key. Only those AS2 messages coming from trading partners that have encrypted using that particular public key can be decrypted by our AS2 receiver.

 

as2_sender_receiver_encrypted_message.png

To furnish trading partners with the needed public key, navigate to Server > Key Manager > Server Keys. Select the server key whose public key you want to export and then click the Export button. Choose Certificate from the drop-down list. This digital certificate will already contain the needed public key.

 

server_key_export_certificate.png

 

Choose the X509 format and click the OK button.

 

export_x509_certificate.png

 

As soon as you're prompted, click the Save File button.

 

save_exported_digital_certificate.png

 

Save the certificate file and then hand it over to your trading partner. Your trading partner should then import that certificate/public key into their AS2 server. 

 

Setting up encryption on the AS2 sender

If the sending AS2 server is a JSCAPE MFT Server, importing public key certificates for encrypting AS2 messages should be easy. Go to Server > Key Manager  and navigate to the Host Keys tab. Next, click the Import button.

 

import_digital_certificate_host_keys.png

 

Give the key an alias (this is just an arbitrary name that you'll use to refer to this key in this particular JSCAPE MFT Server installation) and browse to the folder that contains the public key certificate file. Select the file and then click the OK button to import. 

 

import_public_key.png

 

Your our newly imported certificate should then be added to your list of Host Keys.

 

imported_host_key_for_as2.png

 

The last part is to assign this certificate/public key to the trading partner object that represents the AS2 receiver. To understand what I mean, review section "Configuring Trading Partner settings for sending AS2 messages" in the post The Quickstart Guide To Setting Up An AS2 Server.

Just edit the trading partner object, tick the Encryption key checkbox, and select the recently imported host key/public key certificate.

Click OK to finalize.

select_encryption_key_for_as2_trading_partner.png

 

That's it! That's all you need to do to enable AS2 encryption between two AS2 trading partners. 

 

Still haven't installed JSCAPE MFT Server? Download a free, fully-functional evaluation edition now

 

Download Now

 

 

 

Topics: JSCAPE MFT Server, Managed File Transfer, Business Process Automation, Tutorials, Secure File Transfer, AS2