Decrypting PKCS #7 documents

How to decrypt PKCS #7 documents. This action accepts the PKCS #7 envelopedData type from a cryptographic binary encrypt action.

About this task

Availability: DataPower® Gateway with the Binary processing (DataGlue) feature.

By default, the decrypting of PKCS #7 documents uses the pkcs7-decrypt.xsl stylesheet. To use another stylesheet, use the Advanced tab to identify the stylesheet and any parameters that this stylesheet requires.

This action does not support ECDSA keys. When you use credentials that contain ECDSA keys for this action, the system returns an error and the action fails.

Procedure

  1. Drag the Advanced icon to the configuration path.
  2. Double-click the Advanced icon.
  3. From the action list, select Crypto binary.
  4. Click Next.
  5. In the Input field, specify the context of the message to process.
  6. Click PKCS#7 decrypt. The display refreshes with operational-specific parameters.
  7. Set the Asynchronous property to indicate whether to process asynchronously. When enabled, the action does not need to complete before the rule starts processing its next action.
  8. From the Input encoding format list, select the input format to characterize the encrypted PKCS #7 object (EnvelopedData type) to decrypt.
  9. From the Output encoding format list, select to output format of the decrypted data.
  10. Specify the Recipients settings. Use the Add and Delete buttons to select the ID credentials, certificate, and private key for each message recipient. The private key decrypts the key-wrapping key.
  11. Optional: Define advanced settings.
  12. Click Done.

What to do next

If this action is the last one for the rule, click Apply policy. Otherwise, drag another icon to the configuration path.