AS4 Key Concepts

This page lists some the AS4 key aspects and the sources of that.

Compression

When compression, signature and encryption are required, any attached payload(s) MUST be compressed prior to being signed and/or encrypted. (Source: AS4 1.0 specification, chapter 3.1)

Signing

When both signature and encryption are required of the MSH, the message MUST be signed prior to being encrypted. (Source: ebMS Core 3.0 specification, chapter 7.6)

AS4 MSH implementations are REQUIRED to use Detached Signatures as defined by the XML Signature Specification when signing AS4 user or signal messages. (Source: AS4 1.0 specification, chapter 5.1.4)

AS4 MSH implementations are REQUIRED to include the entire eb:Messaging SOAP header block and the (possibly empty) SOAP Body in the signature. (Source: AS4 1.0 specification, chapter 5.1.4)

Specific for SOAP with Attachments

AS4 MSH implementations are REQUIRED to use the Attachment-Content-Only transform when building application payloads using SOAP with Attachments. (Source: AS4 1.0 specification, chapter 5.1.5)

AS4 MSH implementations are REQUIRED to include the entire eb:Messaging header block and all MIME body parts of included payloads in the signature. (Source: AS4 1.0 specification, chapter 5.1.5)

Encryption

If an AS4 user message is to be encrypted, AS4 MSH implementations MUST encrypt ALL payload parts. However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header. (Source: AS4 1.0 specification, chapter 5.1.6)

If an AS4 user message is to be encrypted and the user-specified payload data is to be packaged in the SOAP Body, AS4 MSH implementations are REQUIRED to encrypt the SOAP Body. (Source: AS4 1.0 specification, chapter 5.1.6)

Specific for SOAP with Attachments

If an AS4 user message is to be encrypted ... AS4 MSH implementations are REQUIRED to encrypt the MIME Body parts of included payloads. (Source: AS4 1.0 specification, chapter 5.1.7)

Receipts

When a Receipt is to be used for Non Repudiation of Receipt, the content of the eb:Receipt element MUST be a valid ebbpsig:NonRepudiationInformation element. (Source: AS4 1.0 specification, chapter 5.1.8)

When a Receipt is to be used for Non Repudiation of Receipt (NRR), the sender of the Receipt MUST use ds:Reference elements containing digests of the original message parts for which NRR is required. Message parts MUST NOT be identified using ebbpsig:MessagePartIdentifier elements. (Source: AS4 1.0 specification, chapter 5.1.8)

When a Receipt is to be used for Non Repudiation of Receipt (NRR), the sender of the Receipt MUST sign the AS4 receipt Signal Message
(Source: AS4 1.0 specification, chapter 5.1.8)

An AS4 message that has been digitally signed MUST be acknowledged with a message containing an eb:Receipt signal that itself is digitally signed. (Source: AS4 1.0 specification, chapter 5.1.8)

Peppol specifics

Peppol AS4 specification: https://docs.peppol.eu/edelivery/as4/specification/
Based on EC eDelivery 1.14 specification: https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/eDelivery+AS4+-+1.14

Use only Message Exchange Pattern One-Way/Push. (Source Peppol AS4 specification, chapter 4.1)

Receiving access points MUST support TLS according to section 3.2.6 of CEF eDelivery AS4. Versions newer than TLS v1.2 might be used upon mutual agreement via the TLS handshake. Port 443 MUST be used for TLS. (Source Peppol AS4 specification, chapter 4.2)

All transmissions in the Peppol network MUST package content as an integrated part using SBDH according to [PEPPOL-Envelope] (Source Peppol AS4 specification, chapter 4.9)

The Access Point MUST include all payloads as MIME attachments (Source Peppol AS4 specification, chapter 4.10)

The PMode[].Security.X509.Signature.HashFunction parameter MUST be set to http://www.w3.org/2001/04/xmlenc#sha256. The PMode[].Security.X509.Signature.Algorithm parameter MUST be set to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. (Source EC eDelivery specification, chapter 3.2.6)

The parameter PMode[].Security.X509.Encryption.Algorithm MUST be set to http://www.w3.org/2009/xmlenc11#aes128-gcm. (Source EC eDelivery specification, chapter 3.2.6)

For encryption algorithm, http://www.w3.org/2009/xmlenc11#rsa-oaep. This is the algorithm used as value for the Algorithm attribute of xenc:EncryptionMethod on xenc:EncryptedKey. (Source EC eDelivery specification, chapter 3.2.6)

As mask generation function, http://www.w3.org/2009/xmlenc11#mgf1sha256. This is the algorithm used as value for the Algorithm attribute of xenc:MGF in xenc:EncryptionMethod. (Source EC eDelivery specification, chapter 3.2.6)

As digest generation function, http://www.w3.org/2001/04/xmlenc#sha256. This is the algorithm used as value for the Algorithm attribute on ds:DigestMethod in xenc:EncryptionMethod. (Source EC eDelivery specification, chapter 3.2.6)

My personal Coding Styleguide | It is appreciated if you star the GitHub project if you like it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

AS4 Key Concepts

Compression

Signing

Specific for SOAP with Attachments

Encryption

Specific for SOAP with Attachments

Receipts

Peppol specifics

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally