Configuring Signing, Compression, and Encryption in AS2 Transport

You can configure digital signatures, signature verification, encryption, and decryption from within the BizTalk Server 2006 Administration Console. This configuration requires that you set the appropriate properties for the AS2 pipelines and BizTalk parties.

Using AS2 Pipelines

To help secure an inbound AS2 message, use an AS2 receive pipeline (AS2EdiReceive or AS2Receive) in your receive location. The AS2 Decoder decrypts, decompresses, and/or performs signature verification on AS2 messages. For more information on how it does so, see the "AS2 Decoder" section of AS2 Receive Components.

To help secure an outbound AS2 message, use an AS2 send pipeline (AS2EdiSend or AS2Send) in your send port. The AS2 Encoder signs, compresses, and encrypts outbound AS2 messages. For more information on how it does so, see the "AS2 Encoder" section of AS2 Send Components.

The ContentTransferEncoding property for the AS2 Encoder in the send pipeline properties indicates which method will be used for representing binary data in ASCII text format. For more information, see Configuring AS2 Pipeline Properties.

Bb728062.Important(en-us,BTS.20).gifImportant
The AS2 pipelines do not include the BOM (byte order mark) character in the MIC (Message Integrity Check) that they calculate. Other AS2 systems may include the BOM while calculating the MIC. This could result in a mismatch in the MIC calculated by BizTalk Server and the MIC calculated by a trading partner.

Bb728062.Important(en-us,BTS.20).gifImportant
Once a message has been signed, the signature blob must not be changed. If changed, the signature would be corrupted. The boundary header, or anything outside the boundary headers, can be changed, but anything within the boundary headers must not be changed.

Setting AS2 Party Properties

You configure signature and encryption processing by setting AS2 party properties as follows:

  • To sign, compress, and/or encrypt an outbound message, check the "Sign Message", "Compress Message", and "Encrypt Message" properties on the Party as AS2 Message Receiver page of the AS2 Properties dialog box.

  • To request a signed MDN in response to an outbound message, check the "Request MDN" and "Request signed MDN" properties on the Party as AS2 Message Receiver page of the AS2 Properties dialog box.

  • To specify that an inbound message is signed, compressed, and/or encrypted, check "the Override inbound message properties", "Message should be signed", "Message should be compressed", and "Message should be encrypted" properties on the Party as AS2 Message Sender page of the AS2 Properties dialog box.

  • To specify a signed MDN in response to an inbound message, when the inbound message properties are overridden, check the "Sign MDN" property on the Party as AS2 Message Sender page of the AS2 Properties dialog box.

  • To specify a signed MDN in response to an inbound message, when the inbound message properties are not overridden, but the message headers do not specify signing, check the "Sign requested MDN if Disposition-Notification-Option header is not present or if Signed-Receipt-Protocol header is set to optional" property on the Party as AS2 Message Sender page of the AS2 Properties dialog box.

  • To specify a different signing certificate than the one specified in the BizTalk Group properties, select Override Group Signature Certificate and specify a signing certificate on the Certificate page of the AS2 Properties dialog box for a specific party.

    Bb728062.note(en-us,BTS.20).gifNote
    The option to configure a different certificate to sign outgoing messages for a specific party is applicable only if you have BizTalk Server 2006 R2 SP1 installed.

For more information about setting up party properties, see Configuring AS2 Party Properties.

Community Additions

ADD
Show: