Microsoft KB Archive/276641

= Changing the default settings for BizTalk Server signatures and encryption algorithms =

Article ID: 276641

Article Last Modified on 10/11/2006

-

APPLIES TO


 * Microsoft BizTalk Server 2000 Standard Edition

-



This article was previously published under Q276641



SUMMARY
The BizTalk Messaging Manager design time application allows users to create ports and channels that describe how to process business documents. Ports and channels have properties that allow users to select certificates for the purpose of encrypting and signing their business documents.

When a user selects a certificate for encryption and signing, BizTalk Messaging Manager applies certain default encryption and signature algorithms. The BizTalk Messaging Manager application currently does not allow users to modify the default encryption and signature algorithms that are used to encrypt and sign business documents. The only way to modify these algorithms is to use the BizTalk Messaging Configuration Object Model.



MORE INFORMATION
The following code sample demonstrates how to access and modify the settings of a port and channel by using the BizTalk Messaging Configuration Object Model. ' ' Sample Constants. ' Const cPortName = &quot;SMIME Test&quot; Const cChannelName = &quot;To SMIME Test Port&quot; Const cSrcOrg = &quot;Home Organization&quot; Const cDstOrg = &quot;HR&quot; Const cInboundDoc = &quot;CommonPO&quot; Const cOutboundDoc = &quot;CommonPO&quot; Const cDstOrgSMTPAddress = &quot;mailto:UserA@microsoft.com&quot; Const cDstOrgSMTPReplyAddress = &quot;mailto:UserA@microsoft.com&quot;

' ' The Certificate Reference is made up of all of the properties that a user ' can set upon initial request. This information can be found in the ' &quot;Subject&quot; field of the Certificate's properties. Appropriate encryption ' and signature certificates must be present in the appropriate certificate ' stores (BizTalk Store and/or Personal store) for BizTalk to use the certificate(s). ' Const cEncryptCertRef = &quot;US, Washington, Redmond, Microsoft, BizTalk Server 2000, SERVER-A&quot; Const cSignCertRef = &quot;UserA@microsoft.com, US, Washington, Redmond, Microsoft, BizTalk Server 2000, User A&quot;

' 'BizTalk Object Model Constants. ' Const BIZTALK_OPENNESS_TYPE_NOTOPEN = 1 Const BIZTALK_OPENNESS_TYPE_SOURCE = 2 Const BIZTALK_OPENNESS_TYPE_DESTINATION = 4

Const BIZTALK_ENCODING_TYPE_NONE = 1 Const BIZTALK_ENCODING_TYPE_MIME = 2 Const BIZTALK_ENCODING_TYPE_CUSTOM = 3

Const BIZTALK_ENCRYPTION_TYPE_NONE = 1 Const BIZTALK_ENCRYPTION_TYPE_CUSTOM = 2 Const BIZTALK_ENCRYPTION_TYPE_SMIME = 4

Const BIZTALK_SIGNATURE_TYPE_NONE = 1 Const BIZTALK_SIGNATURE_TYPE_CUSTOM = 2 Const BIZTALK_SIGNATURE_TYPE_SMIME = 4

Const BIZTALK_STORE_TYPE_MY = 1 Const BIZTALK_STORE_TYPE_BIZTALK = 2

Const BIZTALK_TRANSPORT_TYPE_NONE = 1 Const BIZTALK_TRANSPORT_TYPE_HTTP = 4 Const BIZTALK_TRANSPORT_TYPE_SMTP = 8

Const BIZTALK_USAGE_TYPE_ENCRYPTION = 1 Const BIZTALK_USAGE_TYPE_SIGNATURE = 2 Const BIZTALK_USAGE_TYPE_BOTH = 4

Const BIZTALK_CONFIGDATA_TYPE_PRIMARYTRANSPORT = 0 Const BIZTALK_CONFIGDATA_TYPE_SECONDARYTRANSPORT = 1 Const BIZTALK_CONFIGDATA_TYPE_ENCRYPTION = 2 Const BIZTALK_CONFIGDATA_TYPE_ENCODING = 3 Const BIZTALK_CONFIGDATA_TYPE_SIGNATURE = 4 Const BIZTALK_CONFIGDATA_TYPE_SERIALIZER = 5

' ' The following constants are the encryption and signature algorithms that ' are available for use with BizTalk Server. The encryption algorithms ' that are 128-bit in strength and higher require that the Windows 2000 ' High Encryption Pack be installed. The High Encryption Pack ' installs the Microsoft Enhanced Cryptographic Provider that is ' capable of 128-bit encryption. ' ' Provided by Microsoft Base Cryptographic Provider. ' Const ENCRYPT_DES_56 = &quot;DES (56-bit)&quot; Const ENCRYPT_RC2_40 = &quot;RC2 (40-bit)&quot; Const ENCRYPT_RC4_40 = &quot;RC4 (40-bit)&quot;

' Provided by Microsoft Enhanced Cyrptographic Provider. ' Const ENCRYPT_RC4_128 = &quot;RC4 (128-bit)&quot; Const ENCRYPT_RC2_128 = &quot;RC2 (128-bit)&quot; Const ENCRYPT_3DES_112 = &quot;3DES (112-bit)&quot; Const ENCRYPT_3DES_168 = &quot;3DES (168-bit)&quot;

' Signature algorithms. ' Const SIGNATURE_SHA = &quot;SHA-1 (160-bit)&quot; Const SIGNATURE_MD5 = &quot;MD5 (128-bit)&quot;

' ' Create the BizTalk Messaging objects. ' Set objBTM = CreateObject(&quot;BizTalk.BizTalkConfig&quot;) Set Channel = objBTM.CreateChannel Set Port = objBTM.CreatePort Set Document = objBTM.CreateDocument Set Organization = objBTM.CreateOrganization

' ' Retrieve the organization information. ' Organization.Clear Organization.LoadByName cSrcOrg SrcOrgHandle = Organization.Handle SrcOrgAlias = Organization.GetDefaultAlias

Organization.Clear Organization.LoadByName cDstOrg DstOrgHandle = Organization.Handle DstOrgAlias = Organization.GetDefaultAlias

' ' Retrieve the document definition information. ' Document.Clear Document.LoadByName cInboundDoc InboundDocHandle = Document.Handle

Document.Clear Document.LoadByName cOutboundDoc OutboundDocHandle = Document.Handle

' ' Create the BizTalk Messaging Port. ' Port.Clear Port.Name = cPortName Port.DestinationEndpoint.Organization = DstOrgHandle Port.DestinationEndpoint.Alias = DstOrgAlias Port.PrimaryTransport.Type = BIZTALK_TRANSPORT_TYPE_SMTP Port.PrimaryTransport.Address = cDstOrgSMTPAddress Port.PrimaryTransport.Parameter = cDstOrgSMTPReplyAddress Port.EncodingType = BIZTALK_ENCODING_TYPE_MIME Port.EncryptionType = BIZTALK_ENCRYPTION_TYPE_SMIME Port.EncryptionCertificateInfo.Reference = cEncryptCertRef Port.EncryptionCertificateInfo.Store = BIZTALK_STORE_TYPE_BIZTALK Port.SignatureType = BIZTALK_SIGNATURE_TYPE_SMIME Port.Create PortHandle = Port.Handle

' ' Create the BizTalk Messaging Channel. ' Channel.Clear Channel.Name = cChannelName Channel.Port = PortHandle Channel.SourceEndpoint.Organization = SrcOrgHandle Channel.SourceEndpoint.Alias = SrcOrgAlias Channel.InputDocument = InboundDocHandle Channel.OutputDocument = OutboundDocHandle Channel.LoggingInfo.LogNativeInputDocument = 1 Channel.LoggingInfo.LogNativeOutputDocument = 1 Channel.LoggingInfo.LogXMLInputDocument = 1 Channel.LoggingInfo.LogXMLOutputDocument = 1 Channel.SignatureCertificateInfo.Reference = cSignCertRef Channel.SignatureCertificateInfo.Store = BIZTALK_STORE_TYPE_MY Channel.Create ChannelHandle = Channel.Handle

' ' Modify the channel default encryption dictionary settings. ' Channel.Clear Channel.Load ChannelHandle Set ConfigData = Channel.GetConfigData(BIZTALK_CONFIGDATA_TYPE_ENCRYPTION, _     PortHandle, BIZTALK_TRANSPORT_TYPE_SMTP) ConfigData.CurrentSignAlg = SIGNATURE_SHA ConfigData.CurrentEncryptAlg = ENCRYPT_RC4_128 Channel.SetConfigData BIZTALK_CONFIGDATA_TYPE_ENCRYPTION, PortHandle, ConfigData Channel.Save The default encryption and signature algorithms that are set by the BizTalk Messaging Manager application are &quot;RC2 (40-bit)&quot; for encryption and &quot;SHA-1 (160-bit)&quot; for signatures.

BizTalk Server can also use the encryption and signature algorithms specified below. The 128-bit strength encryption algorithms require the Microsoft Enhanced Cryptographic Provider version 1.0. The Enhanced Cryptographic Provider is only available with the Microsoft Windows 2000 High Encryption Pack. ' ' Provided by Microsoft Base Cryptographic Provider. ' Const ENCRYPT_DES_56 = &quot;DES (56-bit)&quot; Const ENCRYPT_RC2_40 = &quot;RC2 (40-bit)&quot; Const ENCRYPT_RC4_40 = &quot;RC4 (40-bit)&quot;

' Provided by Microsoft Enhanced Cyrptographic Provider. ' Const ENCRYPT_RC4_128 = &quot;RC4 (128-bit)&quot; Const ENCRYPT_RC2_128 = &quot;RC2 (128-bit)&quot; Const ENCRYPT_3DES_112 = &quot;3DES (112-bit)&quot; Const ENCRYPT_3DES_168 = &quot;3DES (168-bit)&quot;

