The AS2, Applicability Standard 2 for EDI, is quickly becoming one of the most secure, reliable and popular methods for sending and receiving data over the internet. The concept for AS2 involves sending data between two points via the web within a container or envelope created by the AS2, the created certificate and public and private keys keep the information secure. Only a few components are necessary for an organization to utilize AS2: two servers to connect; internet access; and the data to be sent and received. The AS2 server wraps or envelopes the data, using digital encryption and certificates, which allows the data to be transmitted securely over the internet. To clarify the role of the certificate, public and private keys within AS2 transactions review the following definitions:
The Public Key: is used to encrypt and verify digital signatures. The public key is safe to distribute to your trading partners. The trading partner will use this key to encrypt the data that will be sent to your AS2 server.
The Private Key: is used to decrypt, digitally sign and is always kept private and protected. This key is installed in your BridgeGate key store on the AS2 server.
The Certificate: much like a driver’s license, is used for identification purposes, identifying the issuer of the certificate, show expiry and give a unique number assigned to the certificate called a serial number. Every certificate will have its own unique serial number
This explanation of the AS2 cert/public/private key relationship and how the AS2 is used to send and receive EDI. When an AS2 certificate is created two keys are generated which are linked together by an algorithm, one is a Private Key and one is a Public Key. The Private Key is stored in the BridgeGate keystore on the AS2 Server, while the cert along with the Public Key is sent to the Trading Partner. The keys are then used to access the data contained within the AS2 envelope. The following is an example of a typical AS2 exchange between BridgeGate and A-TradingPartner:
AS2 Example – Typical AS2 Process between BridgeGate and A-TradingPartner
- EDI payload is encrypted using the A-TradingPartner cert/public key (on BridgeGate AS2 server)
- EDI payload is signed using the BridgeGate (Sender) private key (on BridgeGate AS2 server)
- AS2 connection is made to the A-TradingPartner AS2 server https://a-tradingpartner.com:10443 (on BridgeGate AS2 server)
- Payload contains a request to return an MDN, either sync or async (on BridgeGate AS2 server)
- AS2 IDs/Names are used to identify the AS2 relationship (on A-TradingPartner AS2 server)
- EDI payload is decrypted using the A-TradingPartner private key (on A-TradingPartner AS2 server)
- EDI payload has its digital signature verified using the BridgeGate cert/public key (on A-TradingPartner AS2 server)
- MDN is returned with a “processed” or “Decryption failure” or “Authentication, unable to verify signature…” status (on A-TradingPartner AS2 server)