Thanks for the reply Jon. I saw what you noted earlier in the RPG group's note and tried to indicate the answer it my last note on this group. That I didn't address your instruction shows my ignorance around MQ--in too many ways I don't even know what to ask.
I hope this isn't too much information but is adequate:
<From the service provider>
We require messages exchanged with Service Participants to be cryptographically signed using asymmetric public and private key pairs. Keys in a key pair are mathematically related and are used to sign and validate the signature on messages. Digital signatures help the receiver to verify that a message originated from the sender and the message content is unchanged.
Participants create public and private keys and can choose to generate key pairs using any key management service or standard enterprise protocol. Participants then must register their key pairs with the Service. (Methods for doing that are provided) Only the Participant public key should be sent to the Service, not the full key pair. The Service verifies the public key-based predefined specifications and associates it with the caller’s profile(s) based on the provided metadata.
</From the service provider>
I'm hoping it's simply a matter of creating and installing some keys/certificates and registering them somehow with the MQ client. But unfortunately, at this point I still don't even know what I don't know.
Thanks.
On 8/26/2023 11:34 AM, Jon Paris wrote:
As I said before you need to ask the folks supplying the service what they need in terms of a signature. MQ can use any number of different signing methods and even if you had the AMS package you still wouldn't know which one to use. Jon P.
On Aug 26, 2023, at 10:21 AM, Troy Hyde <troy.hyde@xxxxxxxxxxx> [mailto:troy.hyde@xxxxxxxxxxx] wrote: I've posted a couple of questions on the RPG list but I think that my problem is more general than RPG so I thought I'd shoot it up the flag pole here and hope someone salutes. I'm hoping someone has some IBM MQ experience on the IBM i. My company needs to connect to a Federal Reserve MQ server. From their documentation: "The Service uses message signatures as one of multiple layers of security controls to help verify the integrity and authenticity of messages sent and received through the service. Message signing occurs point-to-point." IBM's documentation indicates "Message security in IBM® MQ infrastructure is provided by Advanced Message Security. Advanced Message Security ( AMS ) expands IBM MQ security services to provide data signing and encryption at the message level."
https://www.ibm.com/docs/en/ibm-mq/9.3?topic=mechanisms-message-security-in-mq [
https://www.ibm.com/docs/en/ibm-mq/9.3?topic=mechanisms-message-security-in-mq] I would like to run my MQ processing from our IBM i servers. I've installed the client software on one IBM i and the server software (trial license) on another and can communicate between the two. Via my RPG programs I can put and get messages on the queues from multiple locations but don't know how to configure the client software to sign messages. I'd thought it was my program but am beginning to think my problems are an MQ configuration problem rather than a programming (RPG) problem. I'd hate to surrender and pass this to some of our Java guys but there seems to be so much more community support for IBM MQ in the java and AIX worlds. If there are any MQ adherents/experts in the shadows, I'd appreciate any direction on configuring an IBM I system for AMS. Thanks, Troy -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx [mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx] To subscribe, unsubscribe, or change list options, visit:
https://lists.midrange.com/mailman/listinfo/midrange-l [
https://lists.midrange.com/mailman/listinfo/midrange-l] or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx [mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx] Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l [
https://archive.midrange.com/midrange-l]. Please contact support@xxxxxxxxxxxxxxxxxxxx [mailto:support@xxxxxxxxxxxxxxxxxxxx] for any subscription related questions.
As an Amazon Associate we earn from qualifying purchases.