Windows C User Exits › Windows Client Middleware User Exits › Client Manager - Windows User Exits › DECRYPT—Cooperative Flow Decryption Exit (Windows) › Purpose
Purpose
The CFB data transmitted from a DPC application can optionally be encrypted. A flag byte in the CFB header notifies the receiver of the CFB that the CFB has been encrypted. It is the receiver's responsibility to decrypt the CFB prior to using it.
The runtime's WRSECTOKEN user exit controls if and where within the CFB the client application's security data is placed. If the WRSECTOKEN user exit returns SecurityUsedEnhanced, the client's security data will be placed in the security offset section of the CFB. This portion of the CFB can optionally be encrypted by the client runtime's WRSECENCRPT user exit.
If the derived security level of the selected target server is Remote, the Client Manager can need to decrypt the CFB to access the security data placed into the security offset section of the CFB.
The Client Manager will invoke its DECRYPT user exit if each of the following conditions is met:
- The derived security level of the selected target server is Remote. Remote indicates that the Client Manager will attempt to associate security data for flows that target this server.
- The CFB Being processed is an Enhanced CFB indicating that the CFB contains a security offset area.
- The CFB's bClntMgrSecurity flag is set. This flag is set by the client runtime if the client's WRSECTOKEN user exit sets its bClntMgrSecurity argument to TRUE. This CFB flag informs the Client Manager that it should use the security data contained within the security offset area of the CFB rather than the security data it maintains as part of its configuration.
- The CFB has been encrypted by the client runtime. The DPC encrypts the CFB using the WRSECENCRYPT user exit. If the client encrypts the CFB, then the Client Manager must decrypt the CFB to extract the security data from the security offset area.
Client Manager's DECRYPT user exit will not be invoked if:
- The target server's derived security level is None.
- The CFB being processed by the Client Manager is a Standard CFB. In this case, the CFB does not contain a security offset.
- The CFB being processed is not encrypted.
Note: For more information about security configuration, see the Distributed Processing—Client Manager User Guide.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|