EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Evaluating BizCrypto

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 10/13/2015 09:44:20
by David Syskowski (Basic support level)
Joined: 10/08/2015
Posts: 7

Let me describe how things are set up. Maybe context would provide a clue.

We are using BizTalk 2009 for AS2 inbound and outbound message processing when an EDI partner specifies AS2 communication. The reason why we are looking at the Eldos adapter is because none of the current BizTalk versions apparently support SHA-256, and the manner in which particular protocols are managed is awkward. We have partners migrating to the more secure encryptions levels and leaving SHA-1 and SSL3 behind, yet others that are not ready to move. Being able to control that at the send port level seem ideal.

To send outbound:
1. We have a file system receive location that grabs an outbound file generated by our EDI system.
2. A send port has a BTS.ReceivePortName filter that listens to the proper receive port to capture this message.
3. The send port is configured with the partner certificate, and uses the HTTP adapter to perform the send.
4. The BizTalk party is configured with the AS2 propterties we want. Typically: Sign Message, Encrypt Message (DES3), application/edix12 content type, request MDN (SHA1).
5. Some partners want synchronous MDN so a solicit-response send port is set up. Others want asynchronous and so a one-way port is used. All are static.
6. Some partners use HTTPS and so on the HTTP Transport Properties tab our client certificate thumbprint is entered for authentication.
7. The AS2 Send pipeline is used.
8. Our send handler is a 32 bit host reserved for external AS2 facing.

To test the Eldos adapter I have changed the send port transport type to BizCrypto AS2 Adapter and then the send pipeline to PassThruTransmit for one partner in test mode.

The BizCrypto adapter settings were configured as best I could. But no other changes were made on the send port. This chosen partner is one that wants HTTPS.
Posted: 10/20/2015 08:45:28
by Ken Ivanov (EldoS Corp.)

Hi David,

Thank you for the detailed reply. Your scenario and configuration looks absolutely fine, and the transition of your BizTalk-powered solution to BizCrypto is correct.

I elected to try your suggestion of the store="ADDRESSBOOK", accesstype="LocalMachine" setting. And this time it reports back with having found one certificate

Did as instructed. Other people shows 59 certificates.

I believe I slightly misled you above, sorry. Due to specifics of the adapter implementation, the progress on encryption certificates is not reported in the trace file. The '1 certificate(s) loaded' line reports about the trusted certificates, which are controlled by the Trusted Certificates property and are used for establishing trust to HTTPS and signing party certificates. The trusted certificates have no relation to the encryption certificates.

We will implement proper reporting on encryption certificates in the future BizCrypto update. I believe that the encryption certificates are actually loaded just fine for you, but the only way to check that with the current version of BizCrypto would be to create and send out a test encrypted message.

We are still in progress with establishing the reason for the 'No content type' issue. Hope to get back to you with some results shortly.




Topic viewed 7685 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!