AS2 Mailbox: AS2 Tab

Note: By default, AS2 hosts have the REST Enabled advanced property set to On, which prevents the host from having more than one mailbox. If you want more than one mailbox for this host, set the REST Enabled advanced property to Off. See AS2 Host: Advanced Tab.

The mailbox's AS2 tab allows you to select the desired encryption and signing for sending messages and the optional desired security for receiving messages. If an MDN receipt is desired, you can also select the format and delivery method of that receipt.

Request
Specify the S/MIME format for messages to send to the remote host.
  • Unsigned / unencrypted (neither Encrypted nor Signed selected)
  • Signed (only Signed selected)
  • Encrypted (only Encrypted selected)
  • Signed / Encrypted (both Signed and Encrypted selected)
Receipt
Enables the MDN Receipt section. See MDN Receipt.
Encryption Algorithm
When Encrypted is selected, the Encryption Algorithm field is enabled and allows you to choose the encryption algorithm for the message to be sent to the remote host. The remote host must be able to decrypt the message using the algorithm you choose. For a non-VersaLexCleo HarmonyCleo VLTraderCleo LexiCom trading partner, it is important to verify that your trading partner can use the selected algorithm prior to sending an encrypted message. The default encryption algorithm is TripleDES.  See Cryptographic Services for more information on choosing an encryption algorithm.
Key Algorithm
When Encrypted is selected, the Key Algorithm field is enabled and allows you to choose the algorithm to encrypt the content encryption key with the public key of your trading partner’s encryption certificate. Your trading partner uses the private key of their encryption certificate to decrypt the content encryption key that is subsequently used to decrypt the content of the message.
Possible values:
  • RSA (default)
  • RSAES-OEAP
Signature Algorithm
When Signed is selected, the Signature Algorithm is used to encrypt the hash value of the signature with the private key of your signing certificate. Your trading partner uses the public key of your signing certificate to decrypt the hash value of the signature that authenticates you as the sender of the message. When RSA is selected, the selected Hash/MIC Algorithm is used to determine the appropriate signature algorithm, for example, rsaEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption or sha512WithRSAEncryption. If RSASSA-PSS is selected, the combination of the private key of your signing certificate and the hash algorithm is used in conjunction with the RSASSA-PSS algorithm to secure the signature.
Possible values:
  • RSA (default)
  • RSASSA-PSS
Hash/MIC Algorithm
When the Signed option in the Request section is selected, the combination of the signature algorithm and the selected hash algorithm is used to secure the signature.
Note: If the RSASSA-PSS signature algorithm is used and the SHA-512 hash algorithm is selected, the strength of the signature algorithm of your signing certificate must be SHA256withRSA or better.
When the Signed option in the MDN Receipt section is selected, the selected Hash/MIC Algorithm is used to compute the independent Message Integrity Check (MIC) that is returned in the MDN Receipt.
Possible values:
  • SHA-1 (default)
  • MD5 (cryptographically weak and should not be used unless no other Hash/MIC algorithm is available)
  • SHA-256
  • SHA-384
  • SHA-512
Compress Content
Compresses the message using ZLIB compression. Compression is generally used for large files so that the message will conserve bandwidth and be transferred more efficiently and securely over the Internet.
Inbound Message Security
Indicates how inbound messages should be received. 
Select any combination of Force Encryption, Force Signature and Force MDN Signature to check the level of inbound message security. If the message is not received according to the corresponding message security settings, the message is rejected and an error is logged.
By default, no settings are selected. If no settings are selected, the security level of the message is not checked.

See AS2 Checklist, item 13 for determining the type of request being sent.

MDN Receipt
Attributes of the Message Disposition Notification (MDN) receipt you requested.
Message Disposition Notifications can be returned Synchronously (as part of the same HTTP session, that is, the MDN is returned during the acknowledgement phase of the message response) or Asynchronously (as part of a new HTTP session, that is, just the HTTP status message is returned during the acknowledgment phase of the message response and the MDN is returned later in a separate HTTP POST message.) The receiver must be capable of handling the specified delivery method; some non-VersaLexCleo HarmonyCleo VLTraderCleo LexiCom hosts may not be able to return either a synchronous or asynchronous MDN. This information must be obtained and noted during the initial set-up of the trading relationship. VersaLexCleo HarmonyCleo VLTraderCleo LexiCom can handle either method of delivery.
Signed
Compute and remember an independent hash over the content of the sent message using the Hash/MIC Algorithm you select. The trading partner returns the MDN with a digital signature; and computes an independent MIC value over the content of the message it received (using the same MIC algorithm) and returns this value as a base64-encoded value in the human-readable portion of the MDN. When the MDN is received, the original MIC is compared against the received MIC. When the MIC values match, the sender is guaranteed that the message read by the trading partner is identical to the message that came from the sender and was not modified in any way.
Forward MDN to Email
Forward a copy of the MDN received via HTTP or HTTPS (either synchronously or asynchronously) to the email address specified in the Email Address field. When the asynchronous SMTP option is selected, the Forward MDN to Email field is disabled.

An additional feature available in VersaLexCleo HarmonyCleo VLTraderCleo LexiCom is the ability to forward a copy of the MDN received via HTTP or HTTPS (either synchronously or asynchronously) to an email recipient when Forward MDN to Email is selected.

Synchronous
Return the MDN as part of the same HTTP session, that is, the MDN is returned during the acknowledgment phase of the message response. You must determine whether the receiver can handle this delivery method and plan accordingly.
Asynchronously
Return the MDN as part of a new HTTP session, that is, just the HTTP status message is returned during the acknowledgment phase of the message response and the MDN is returned later in a separate HTTP POST message.
When you select Asynchronous, you can choose the method used to process the message returned:
  • HTTP: The MDN is received and processed by the local non-secure listener configured in the Local Listener Panel.
  • HTTPS: The MDN is received and processed by the local SSL listener configured in the Local Listener Panel.
  • SMTP: The MDN is emailed to the trading partner.
    Note: When you select SMTP, you must provide the Email Address where the MDN will be sent. The Email Address field is only enabled for editing when you select SMTP as the delivery method.

See AS2 Checklist, items 17 and 18, for determining the MDN delivery method.

See AS2 Checklist, items 15 and 16, to determine the type of MDN response that will be requested.