EDIINT AS2 digital signature

I have a problem with sending signed AS2 messages to a partner. Their software only accepts signed messages which includes the public key with which the signature can be verified. I cannot find anything about this in the EDIINT documentation, but I assume from the problem of this partner that the public key is not sent with the AS2 message.
Is this asumption right, and is there a way to send the public key with the digitally signed message?
I checked the S/MIME specification, and this specification provides in sending the key with the message.



From my understanding you need to send signed EDIINT messages to your partner. You therfore should have already exchanged public keys with your partner, and installed these in your TN Security Profile for that partner (i.e. your private key should be installed in the Sign/Decrypt tabs, and your partners public key should be installed in the Encrypt/Verify tabs).

Now, when using the wm.EDDINT:send service, if you select Type as “Signed”, the service should append the relevant signature to the mime message when sending the EDIINT transmission.

I hope this helps.




I have already exchanged public keys with the partner, but the partner is using an application which expects the public key as a part of the digitally signed message. This application verifies the digital signature after extracting the signature and the public key from the message. I think this application doesn’t have the same functionality as TN for storing the public key in a partner profile.


The send service will actually look into your TN profiles (for sender/reveiver) and place the digital signatures into your ediint message before sending it.

When you use the wm.EDIINT:send service it will expect the following inputs:

Type: Signed (webMethods will look for the relevant keys in the TN Profile and build the digital signature for the message)
Delivery Method: PrimaryHTTPS (webMethods will take the URL from the PrimaryHTTPS protocol for the receiving partner profile).
Data: content-type: application/edi & Stream: EDI
requestMDN: (Your MDN option)
requestSignedReceipt: (Your option for a signed MDN)
SenderID: TN Profile ID and type
Receiver ID: TN Profile ID and type
Conversation ID: Optional ID

The wm.EDIINT:send service will look into the profiles, extract public keys from your TN and place the digital signature INTO your message. Your partner’s system should now be able to receive that message (with the digital signature), extract the signature and verify the sender with your stored public key. If the partner is not storing your public key, he will be unable to verify the signature.

I hope this helps.