Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MQ Series encryption across plaforms.

Status
Not open for further replies.
BeanieNCecil

BeanieNCecil

Programmer
Feb 22, 2002
3
US
I need more information on encryption and MQ Series. I have two machines running MQ Series 5.2 on Windows NT/2000. Encryption/decryption between these two machines, though not implemented, does not appear to be problematic as long as both are set up with the same software e.g. MQCHEXIT.dll and CSSD.EXE. The problem comes in between two other machines.

One is running MQ 5.2 on Windows 2000 and one is running MQ 5.2 on a Sun Solaris UNIX box. Both support encryption but so far the Sun installation seems to support encryption in an entirely different way. Of course this makes perfect sense, but how do I get these two installations to use the same encryption keys or methodology? Is it even possible.

Thanks,
Bill
 
Sort by date Sort by votes
Actually I found the answer to this myself. I'm responding to my own query in case someone else encounters a need for encryption and needs additional information on this.

I acquired a "redbook" on this titled "MQSeries Security: Example of using a channel security exit." In that document are not only examples of setting up security exits but also source code for the key generator (CSSD.EXE) and encryption engine (MQCHEXIT.dll). Since this information was readily available in the redbook I made the assumption that this was IBM's own solution that that encyrption would be support on other platforms in a similar manner.

This was a bad assumption. The source code presented in the redbook is the property of the authors, Dieter Wackerow and David Shogren, and is not actively supported by IBM. Worse yet examples of encryption for other MQSeries platforms uses different methodoloy and more often than not no source code.

It became obvious, with this knowledge, that to support encryption between Windows NT/2000 and Sun Solaris a development effort would need to be made using the above named author's source code as an example. The code would then need to be modified for compilation on the different platforms. Clearly a development effort instead of an integration effort.

Perhaps there are third party solutions to this, but once our team here realized that a development effort was require decided on an alternative course of action. That of securing the networks the data is transported across.
 
Upvote 0 Downvote
Both authenticating connections and encrypting data are possible within MQSeries but as you've discovered, are not particularly easy.

There are a number of 3rd party vendor solutions from companies such as Candle, Primeur and others. Unless you already use a common security mechanism across your platforms it is usually safer to go for one of these products.

Cheers,
Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

OlliP
  • Locked
  • Question
MQ Series V9 - MQCONNX ended with reason code 2035 with new user
Replies
0
Views
207
OlliP
OlliP
gauravrajbehl
  • Locked
  • Question
IBM MQ PUT Message Format: MQSTR issue
Replies
0
Views
671
gauravrajbehl
gauravrajbehl
pavloNP
  • Locked
  • Question
receive message from IBM MQ in js app
Replies
0
Views
148
pavloNP
pavloNP
sahasudipta
  • Locked
  • Question
how to solve mqdc.dll error in IBM MQ connection
Replies
0
Views
167
sahasudipta
sahasudipta
CZR
  • Locked
  • Question
MQ iSeries - *DEPTH Trigger not working
Replies
0
Views
118
CZR
CZR

Part and Inventory Search

Sponsor

Back
Top