Local AS3 settings reference

The AS3 tab contains three sections: Request, MDN Receipt, and Inbound Message Security.

Request

Encrypted

Signed

These fields allow you to specify the combination of attributes (with respect to S/MIME format ) of the message you want to send to the remote AS3 client.

Unsigned/unencrypted (neither the Encrypted nor Signed check boxes are selected)
Signed (only the Signed check box is selected)
Encrypted (only the Encrypted check box is selected)
Signed / Encrypted (both the Signed and Encrypted check boxes are selected)

Receipt

Enables the MDN Receipt section, where you specify attributes related to a receipt for your message.

Encryption Algorithm

This field is enabled when you select the Encrypted check box. It allows you to choose an encryption algorithm for the message. The remote AS3 client must be able to decrypt the message using the algorithm you choose. For a non-VersaLexCleo HarmonyCleo VLTraderCleo LexiCom AS3 client, it is important to verify the algorithms it is capable of handling prior to sending an encrypted message. The default encryption algorithm is TripleDES. See Cryptographic Services for more information on choosing an encryption algorithm.

Key Algorithm

When Encrypted is selected, the Key Algorithm field is enabled and allows you to choose the algorithm to encrypt the content encryption key with the public key of your trading partner’s encryption certificate. Your trading partner uses the private key of their encryption certificate to decrypt the content encryption key that is subsequently used to decrypt the content of the message.

Possible values:

RSA(default)
RSAES-OEAP

Signature Algorithm

When Signed is selected, the Signature Algorithm is used to encrypt the hash value of the signature with the private key of your signing certificate. Your trading partner uses the public key of your signing certificate to decrypt the hash value of the signature that authenticates you as the sender of the message. When RSA is selected, the selected Hash/MIC Algorithm is used to determine the appropriate signature algorithm, for example, rsaEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption or sha512WithRSAEncryption. If RSASSA-PSS is selected, the combination of the private key of your signing certificate and the hash algorithm is used in conjunction with the RSASSA-PSS algorithm to secure the signature.

Possible values:

RSA (default)
RSASSA-PSS

Hash/MIC Algorithm

When Signed in the Request section is selected, the combination of the signature algorithm and the selected hash algorithm is used to secure the signature.

Note: If the RSASSA-PSS signature algorithm is used and the SHA-512 hash algorithm is selected, the strength of the signature algorithm of your signing certificate must be SHA256withRSA or better.

When the Signed option in the MDN Receipt section is selected, the selected Hash/MIC Algorithm is used to compute the independent Message Integrity Check (MIC) value that is returned in the MDN Receipt.

Possible values:

SHA-1 (default)
MD5 (cryptographically weak and should not be used unless no other Hash/MIC algorithm is available)
SHA-256
SHA-384
SHA-512

Compress Content

Select this check box to enable ZLIB compression for the message.

Use compression to conserve bandwidth and improve security when sending large files.

MDN Receipt

When the Receipt check box is selected in the Request section, the fields in an MDN Receipt is enabled for editing. Otherwise, these fields will be disabled.

Signed: When you select the Signed check box, a hash is computed over the content of the sent message using the algorithm you select from the Hash/MIC Algorithm menu. The recipient returns the MDN with a digital signature and will compute an independent MIC value over the content of the message received (using the same MIC algorithm) and return this value as a Base64-encoded value in the human-readable portion of the MDN. When the MDN is received, the MIC you selected is compared against the received MIC. When the MIC values match, the sender is guaranteed that the message read by the recipient was identical to the message that came from the sender and not modified in any way.
Forward MDN to Email: Select this check box to forward a copy of the received MDN to recipient you specify in the Email Address field.
Synchronous
Asynchronous: Because an AS3 client must connect to your FTP server to send and receive messages, MDNs for AS3 can only be returned Asynchronously as part of a new FTP session. Depending on whether the user makes a clear or secure connection, MDNs will be returned either via FTP or FTPS.
Email Address: If you selected the Forward MDN to Email check box, specify the address to which the email should be sent.

Inbound Message Security

Enforce Encryption
Force Signature
Force MDN Signature: Select any combination of Force Encryption, Force Signature and Force MDN Signature options to configure inbound message security for this Local FTP User Mailbox. If a message is received but does agree with these settings, an error is logged and the message is rejected. If a given setting is not selected (which is the default), the message will not be checked for conformance with that security setting.