Changing the default settings for BizTalk Server signatures and encryption algorithms (276641)


The information in this article applies to:

  • Microsoft BizTalk Server 2000
This article was previously published under Q276641

SUMMARY

The BizTalk Messaging Manager design time application allows users to create ports and channels that describe how to process business documents. Ports and channels have properties that allow users to select certificates for the purpose of encrypting and signing their business documents.

When a user selects a certificate for encryption and signing, BizTalk Messaging Manager applies certain default encryption and signature algorithms. The BizTalk Messaging Manager application currently does not allow users to modify the default encryption and signature algorithms that are used to encrypt and sign business documents. The only way to modify these algorithms is to use the BizTalk Messaging Configuration Object Model.

MORE INFORMATION

The following code sample demonstrates how to access and modify the settings of a port and channel by using the BizTalk Messaging Configuration Object Model.
'
' Sample Constants.
'
Const cPortName = "SMIME Test"
Const cChannelName = "To SMIME Test Port"
Const cSrcOrg = "Home Organization"
Const cDstOrg = "HR"
Const cInboundDoc = "CommonPO"
Const cOutboundDoc = "CommonPO"
Const cDstOrgSMTPAddress = "mailto:UserA@microsoft.com"
Const cDstOrgSMTPReplyAddress = "mailto:UserA@microsoft.com"

'
' The Certificate Reference is made up of all of the properties that a user
' can set upon initial request. This information can be found in the
' "Subject" field of the Certificate's properties. Appropriate encryption
' and signature certificates must be present in the appropriate certificate
' stores (BizTalk Store and/or Personal store) for BizTalk to use the certificate(s).
'
Const cEncryptCertRef = "US, Washington, Redmond, Microsoft, BizTalk Server 2000, SERVER-A"
Const cSignCertRef = "UserA@microsoft.com, US, Washington, Redmond, Microsoft, BizTalk Server 2000, User A"

'
'BizTalk Object Model Constants.
'
Const BIZTALK_OPENNESS_TYPE_NOTOPEN = 1
Const BIZTALK_OPENNESS_TYPE_SOURCE = 2
Const BIZTALK_OPENNESS_TYPE_DESTINATION = 4

Const BIZTALK_ENCODING_TYPE_NONE = 1
Const BIZTALK_ENCODING_TYPE_MIME = 2
Const BIZTALK_ENCODING_TYPE_CUSTOM = 3

Const BIZTALK_ENCRYPTION_TYPE_NONE = 1
Const BIZTALK_ENCRYPTION_TYPE_CUSTOM = 2
Const BIZTALK_ENCRYPTION_TYPE_SMIME = 4

Const BIZTALK_SIGNATURE_TYPE_NONE = 1
Const BIZTALK_SIGNATURE_TYPE_CUSTOM = 2
Const BIZTALK_SIGNATURE_TYPE_SMIME = 4

Const BIZTALK_STORE_TYPE_MY = 1
Const BIZTALK_STORE_TYPE_BIZTALK = 2

Const BIZTALK_TRANSPORT_TYPE_NONE = 1
Const BIZTALK_TRANSPORT_TYPE_HTTP = 4
Const BIZTALK_TRANSPORT_TYPE_SMTP = 8

Const BIZTALK_USAGE_TYPE_ENCRYPTION = 1
Const BIZTALK_USAGE_TYPE_SIGNATURE = 2
Const BIZTALK_USAGE_TYPE_BOTH = 4

Const BIZTALK_CONFIGDATA_TYPE_PRIMARYTRANSPORT = 0
Const BIZTALK_CONFIGDATA_TYPE_SECONDARYTRANSPORT = 1
Const BIZTALK_CONFIGDATA_TYPE_ENCRYPTION = 2
Const BIZTALK_CONFIGDATA_TYPE_ENCODING = 3
Const BIZTALK_CONFIGDATA_TYPE_SIGNATURE = 4
Const BIZTALK_CONFIGDATA_TYPE_SERIALIZER = 5

'
' The following constants are the encryption and signature algorithms that
' are available for use with BizTalk Server. The encryption algorithms
' that are 128-bit in strength and higher require that the Windows 2000
' High Encryption Pack be installed. The High Encryption Pack
' installs the Microsoft Enhanced Cryptographic Provider that is
' capable of 128-bit encryption.
'
' Provided by Microsoft Base Cryptographic Provider.
'
Const ENCRYPT_DES_56 = "DES (56-bit)"
Const ENCRYPT_RC2_40 = "RC2 (40-bit)"
Const ENCRYPT_RC4_40 = "RC4 (40-bit)"

' Provided by Microsoft Enhanced Cyrptographic Provider.
'
Const ENCRYPT_RC4_128 = "RC4 (128-bit)"
Const ENCRYPT_RC2_128 = "RC2 (128-bit)"
Const ENCRYPT_3DES_112 = "3DES (112-bit)"
Const ENCRYPT_3DES_168 = "3DES (168-bit)"

' Signature algorithms.
'
Const SIGNATURE_SHA = "SHA-1 (160-bit)"
Const SIGNATURE_MD5 = "MD5 (128-bit)"

'
' Create the BizTalk Messaging objects.
'
Set objBTM = CreateObject("BizTalk.BizTalkConfig")
Set Channel = objBTM.CreateChannel
Set Port = objBTM.CreatePort
Set Document = objBTM.CreateDocument
Set Organization = objBTM.CreateOrganization

'
' Retrieve the organization information.
'
Organization.Clear
Organization.LoadByName cSrcOrg
SrcOrgHandle = Organization.Handle
SrcOrgAlias = Organization.GetDefaultAlias

Organization.Clear
Organization.LoadByName cDstOrg
DstOrgHandle = Organization.Handle
DstOrgAlias = Organization.GetDefaultAlias

'
' Retrieve the document definition information.
'
Document.Clear
Document.LoadByName cInboundDoc
InboundDocHandle = Document.Handle

Document.Clear
Document.LoadByName cOutboundDoc
OutboundDocHandle = Document.Handle

'
' Create the BizTalk Messaging Port.
'
Port.Clear
Port.Name = cPortName
Port.DestinationEndpoint.Organization = DstOrgHandle
Port.DestinationEndpoint.Alias = DstOrgAlias
Port.PrimaryTransport.Type = BIZTALK_TRANSPORT_TYPE_SMTP
Port.PrimaryTransport.Address = cDstOrgSMTPAddress
Port.PrimaryTransport.Parameter = cDstOrgSMTPReplyAddress
Port.EncodingType = BIZTALK_ENCODING_TYPE_MIME
Port.EncryptionType = BIZTALK_ENCRYPTION_TYPE_SMIME
Port.EncryptionCertificateInfo.Reference = cEncryptCertRef
Port.EncryptionCertificateInfo.Store = BIZTALK_STORE_TYPE_BIZTALK
Port.SignatureType = BIZTALK_SIGNATURE_TYPE_SMIME
Port.Create
PortHandle = Port.Handle

'
' Create the BizTalk Messaging Channel.
'
Channel.Clear
Channel.Name = cChannelName
Channel.Port = PortHandle
Channel.SourceEndpoint.Organization = SrcOrgHandle
Channel.SourceEndpoint.Alias = SrcOrgAlias
Channel.InputDocument = InboundDocHandle
Channel.OutputDocument = OutboundDocHandle
Channel.LoggingInfo.LogNativeInputDocument = 1
Channel.LoggingInfo.LogNativeOutputDocument = 1
Channel.LoggingInfo.LogXMLInputDocument = 1
Channel.LoggingInfo.LogXMLOutputDocument = 1
Channel.SignatureCertificateInfo.Reference = cSignCertRef
Channel.SignatureCertificateInfo.Store = BIZTALK_STORE_TYPE_MY
Channel.Create
ChannelHandle = Channel.Handle

'
' Modify the channel default encryption dictionary settings.
'
Channel.Clear
Channel.Load ChannelHandle
Set ConfigData = Channel.GetConfigData(BIZTALK_CONFIGDATA_TYPE_ENCRYPTION, _
      PortHandle, BIZTALK_TRANSPORT_TYPE_SMTP)
ConfigData.CurrentSignAlg = SIGNATURE_SHA
ConfigData.CurrentEncryptAlg = ENCRYPT_RC4_128
Channel.SetConfigData BIZTALK_CONFIGDATA_TYPE_ENCRYPTION, PortHandle, ConfigData
Channel.Save
The default encryption and signature algorithms that are set by the BizTalk Messaging Manager application are "RC2 (40-bit)" for encryption and "SHA-1 (160-bit)" for signatures.

BizTalk Server can also use the encryption and signature algorithms specified below. The 128-bit strength encryption algorithms require the Microsoft Enhanced Cryptographic Provider version 1.0. The Enhanced Cryptographic Provider is only available with the Microsoft Windows 2000 High Encryption Pack. 
'
' Provided by Microsoft Base Cryptographic Provider.
'
Const ENCRYPT_DES_56 = "DES (56-bit)"
Const ENCRYPT_RC2_40 = "RC2 (40-bit)"
Const ENCRYPT_RC4_40 = "RC4 (40-bit)"

' Provided by Microsoft Enhanced Cyrptographic Provider.
'
Const ENCRYPT_RC4_128 = "RC4 (128-bit)"
Const ENCRYPT_RC2_128 = "RC2 (128-bit)"
Const ENCRYPT_3DES_112 = "3DES (112-bit)"
Const ENCRYPT_3DES_168 = "3DES (168-bit)"

REFERENCES

For more information about the BizTalk Messaging Configuration Object Model, see the product documentation for BizTalk Server 2000 Enterprise Edition. To obtain this documentation, visit the following Microsoft Web site:

http://www.microsoft.com/biztalk/techinfo/productdoc/2000/btdownload.mspx

For more information about encryption and signatures, click the following link to download the white paper "An introduction to the Windows 2000 public-key infrastructure":

http://www.microsoft.com/windows2000/docs/PKIIntro.doc

For more information about the Windows 2000 High Encryption Pack, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/docs/encread-RTM.txt

Modification Type:MajorLast Reviewed:10/11/2006
Keywords:kbinfo kbpending KB276641
©2004 Microsoft Corporation. All rights reserved.