- Form: Choose the appropriate form to specify the key and certificate used for encryption.
- Actor: Enter a value to specify a SOAP actor.
- Add mustUnderstand="1" attribute: Specifies whether or not the receiver must recognize and decrypt the message. If this option is enabled, a SOAP fault will be sent back if the receiver does not know how to decrypt and deserialize the message.
- Add timestamp: Select to add a timestamp to the message. When this option is enabled, the following are available:
- Sign timestamp: Select to provide a digital signature with the timestamp.
- Add expiration: Select to enter an expiration value in the Time to Live field.
When selecting Target Elements from the left pane of the Tools Settings tab, the following options are available—if Encrypt is selected in the General tab:
- SOAP body/entire document: Select to encrypt the entire SOAP body or entire XML document.
- Click the Add button (only available if SOAP body/entire document is unselected) to specify an XPath and encrypt a specific element within the XML document. After clicking the Add button, a row will appear in the Element Selection list. The Element Selection list consists of the following two columns:
When selecting Emulation Options from the left pane of the Tools Settings tab, the following options are available:
|The following options are available only if WS-Security Mode is selected in the General tab.|
- Emulate: Select the application server you are using to automatically configure the emulation options. You can also select the appropriate version number of your application server from the Version drop-down menu.
- To manually configure the emulation options, select Custom from the Emulate drop-down menu. The following options will be available for you to manually configure:
- wsse URI: Select the namespace URI of the WS-Security specification used.
- wsu URI: Select the utility namespace URI of the WS-Security specification used.
- Qualify signed element ID attribute: Select to qualify signed element ID attribute.
- Qualify BinarySecurity Token attributes: Select to qualify binary security token attributes with the wsse namespace.
- Prefix BinarySecurity Token attribute values: Select to prefix binary security token attributes with the wsse URI.
With Encryption Options selected in the left pane of the Tools Settings tab, the following options are available:
- Security Header Layout: This property indicates which layout rules to apply when adding items to the security header. The following options are available:
- Lax: Items are added to the security header in any order that conforms to WSS: SOAP Message Security
- LaxTimestampFirst: Same as Lax, except that the first item in the security header MUST be a wsse:Timestamp
- LaxTimestampLast: Same as Lax, except that the last item in the security header MUST be a wsse:Timestamp
- Strict: Items are added to the security header following the numbered layout rules described below according to a general principle of 'declare before use'.
With Decryption Options selected in the left pane of the Tools Settings tab, the following options are available:
|The following options are available only if the Decrypt radio button is selected in the General tab.|
Input Type Tab
The Input Type tab is only available if the XML Encryption tool is added as a standalone tool and not chained to another tool. The following options are available from the Input Type tab:
- Text: Use this option if you want to type or copy the XML document into the UI. Select the appropriate MIME type, enter the XML in the text field below the Text radio button.
- File: Use this option if you want to use an existing file. Click the Browse button to choose a file.
Check the Persist as Relative Path option if you want the path to this file to be saved as a path that is relative to the current configuration file. Enabling this option makes it easier to share tools across multiple machines. If this option is not enabled, the test or Responder suite will save the path to this file as an absolute path.
You can chain the XML Encryption tool to a tool by right-clicking the desired tool node and selecting Add Output from the shortcut menu and then selecting XML Encryption from the dialog that opens. The tool will use the transformed XML.
You can chain the XML Encryption tool and the XML Signer tool to a messaging tool to perform both encryption and XML signature on a message. For more information on the XML Signer tool, see XML Signer.
You can also chain any tool, such as an Edit or Browse tool, to the XML Encryption Tool by right-clicking the desired XML Encryption Tool node and selecting Add Output from the shortcut menu and then selecting XML Encryption from the dialog that open
|Unlimited Strength Java Cryptography Extension|
|Unlimited Strength Java Cryptography Extension|
Unlimited Strength Java Cryptography Extension
|In order to perform security operations using the XML Signature Verifier, XML Signer, or XML Encryption tools, or if using Key Stores, you will need to download and install the Unlimited Strength Java Cryptography Extension. For details, see JCE Prerequisite.|