Asymmetric Cryptography

The Asymmetric Cryptography filter encrypts or decrypts messages using an asymmetric (public / private key) cryptography algorithm. The encryption operation generates a PKCS #7 Enveloped Message with a public key contained in the Certificate (also called Digital ID). This should be obtained from a trusted Certificating Authority (CA) such as Thawte or Verisign. The decryption operation is the inverse of the encryption operation where the corresponding private key is used to open the envelope.

Asymmetric keys are listed on the Symmetric Key tab of the Certificate Manager screen and can be managed using the Certificate Manager.

Configuration Properties

Property	Description
Maximum Concurrency	The maximum level of concurrency for this filter. A setting of `0` (zero) means unlimited. Limiting the level of concurrency limits memory usage. Refer to Maximum Concurrency for details.
Encrypt or Decrypt	Identifies whether a file processed by this filter is to be encrypted or decrypted. Encrypt mode generates a PKCS #7 enveloped message: `Encrypt` (default). `Decrypt`.
Recipients Certificates	The certificate to use for the encryption/decryption. Click the ... Browse button to display the list of certificates held in the Rhapsody certificate store. Manage this list using the Certificate Manager.
Private Key	The Private Key is used to decrypt the PKCS #7 enveloped message which must be associated with the Certificate. Click the ... Browse button to display the list of private keys held in the Rhapsody certificate store. Manage this list using the Certificate Manager. Only available if Encrypt or Decrypt is set to `Decrypt`.
Content Cipher	The name of the symmetric cipher and the block mode to use to encrypt the content of the message. Available algorithms are: `CAST5-CBC` `DES-EDE3-CBC` `IDEA-CBC` `RC2-CBC` Only available if Encrypt or Decrypt is set to `Encrypt`.

Cryptography Background

Cryptography is the art of combining an input message (the plain text) with a user-specified password to generate an encrypted output (the cipher text) in such a way that, given the cipher text, it is extremely difficult to recover the original plain text without knowing the encryption password. The algorithms that combine the password and plain text are called ciphers.

Many ciphers accept a fixed length password (also called a key). The currently secure key length for encryption ranges from 128 to 256 bits, with most modern algorithms using keys of at least 128 bits. A message encrypted with such a key is impregnable.

In certain countries there is now legislation which governs the level of encryption required for data protection. For example, companies involved in financial services or health care are often required to guarantee that they protect data with 128-bit encryption.