Sterling B2B Integrator - Managing Keys

You can insert, update, and retrieve certificates present in the Sterling B2B Integrator repository.

You can insert a base64-encoded certificate (public or private) and import and export certificates into the Sterling B2B Integrator repository.

You can also perform the following tasks in Sterling B2B Integrator:

Create a self-signed certificate with the key length 2048 for EBICS
Manage CA certificates
Store certificates, and manage the renewal and expiration of certificates
Accept a public certificate of a user
Validate the following subscriber keys using SHA256 as the hash algorithm:
- Identification and Authentication Key Hash Value (in Hex format)
- Encryption Key Hash Value (in Hex format)
- Electronic Signature Key Hash Value (in Hex format)

Use the EBICS Export Certificate service to export the certificates present in Sterling B2B Integrator to an external system. Use this service when you want to synchronize the certificates present in Sterling B2B Integrator with an external database or system.

Use the EBICS Import Certificate service to add certificates from an external repository to Sterling B2B Integrator. You can also delete the expired or invalid certificates.

Functions of the Key Manager

The Key Management and Storage performs the following functions:

Duplicate Key Validation – The certificate used for authentication or encryption cannot be the same as the ES certificate. Use a unique set of keys for authentication or encryption and signing.
X.509 Key Usage Extension – EBICS Banking Server supports the use of X.509 as the key usage extension.
OCSP and CRL certificate verification

The Key Manager manages the certificates in the Sterling B2B Integrator repository. It inserts, updates, and retrieves certificates in the Sterling B2B Integrator repository and runs functions such as, calculating the hash value of the certificate, on the certificates.

The Key Manager validates the client certificates checked into the server before they can be used. You must obtain the CA-signed certificates from a Certificate Authority. In a CA-signed certificate, the issuer signs the certificate. To verify the authenticity of the user certificate, the EBICS Banking Server performs chained signature verification up to the root CA certificate.

The EBICS administrator must check in the CA-signed certificates and Intermediate CA-signed certificates in the Sterling B2B Integrator CA certificate store before commencing the EBICS transactions.

The client must provide three types of certificates:

Authentication certificate
Encryption certificate
Electronic Signature (ES) certificate

The public key of the authentication certificate is used to verify digital signatures. Authentication certificates can be either CA-signed or self-signed. The value of the key usage field for an authentication certificate is Digital Signature. A digital signature is used for entity authentication and data origin authentication with integrity.

The public key of the encryption certificate is used to encrypt order data. Encryption certificates can be either CA-signed or self-signed. The value of the key usage field for an encryption certificate is Key Encipherment. In EBICS, a symmetric key is used to stream encrypted or decrypted order data. The symmetric key is encrypted with the public key value of encryption certificate for transportation. Key Encipherment is used when a certificate with a protocol that encrypts keys exists.

The public key of the Electronic Signature (ES) certificate is used to verify the signature of order data. The public key value of an Electronic Signature certificate should not be the same as an authentication or encryption certificate. The value of the key usage field for an electronic signature certificate is Non-Repudiation. Non-repudiation protects against the signing entity falsely denying an action, excluding certificate or CRL signing.

Electronic Signatures are of two types:

Transport Signature – can be CA-signed or self-signed
Personal Signature – must be CA-signed

Previous Topic

Managing EBICS Transactions

Parent Topic

Sterling B2B Integrator - EBICS Server Concepts

Next Topic

Generating and Retrieving EBICS Reports

Browse Categories

Share Blog Post

Pragma Edge (4.5/5)

 4.5/5

Source: IBM

Published on November 17, 2022

Recent Blog Posts - Read More

Pragma Edge, IBM Gold Partner, IBM, Pragmaedge,

Upgrading from IBM Control Desk 7.6.1.5 to Maximo IT

November 7, 2024 No Comments

In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.

MAS 9.0: An Overview of Support Policies and Version Updates

November 7, 2024 No Comments

In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.

Pragma Edge Inc Achieves SOC 2 Compliance

August 22, 2024 No Comments

In today’s fast-paced world of data analytics and AI, optimizing your data infrastructure is key to unlocking valuable insights and driving innovation.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Sterling B2B Integrator - Managing Keys

Functions of the Key Manager

Industries

Products

Who We Are

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard

Pragma Edge - API Connect