Encryption methods

Activator uses a combination of public-private key encryption (also known as asymmetric encryption) and symmetric key encryption. This hybrid system uses the best characteristics of each method and minimizes the shortcomings of each. It follows the widely adopted S/MIME standard for securing messages.

The advantage of symmetric key encryption is that it performs the encryption task more quickly than asymmetric encryption. The advantage of asymmetric encryption is that it enables you to send an encrypted message to a partner who does not hold your secret key.

To use the best of both, Activator uses the faster symmetric key to encrypt the document, such as a lengthy EDI transaction set, and the asymmetric key for the smaller task of encrypting the one-time session key. The session key can then be securely included with the message for transmission and allows your partner to decrypt the contents without sharing your secret key.

Symmetric key lengths

Activator supports several key lengths for the symmetric key you choose. Be sure to choose a key length your partner can support.

Public-private (asymmetric) key algorithms

Activator uses the RSA cryptosystem for asymmetric encryption and the digital signatures provided by using certificates.

You can use two types of asymmetric RSA keys:

  • Keys issued to you, typically by a certificate authority, and subsequently imported into Activator. Such keys are sometimes called managed keys.
  • Keys you generate in Activator. Such keys are called self-signed keys.

Public-private (asymmetric) key lengths

Activator supports encryption key lengths of 512, 1024, 2048, and 4096 bits for the public-private key. You must choose one of these key lengths when you generate or obtain your certificate. You do not need to choose the same key length as your trading partner.

Support for dual keys

Some EDIINT-interoperable software products use two keys: one for encrypting documents and the other for signing documents. Activator supports single- and dual-key certificates. You do not need to do anything different to trade documents with a partner who uses dual keys.

Related Links