Simulate encrypted inbound messages to AS2 server using Postman

0

Hi everyone!

I have settled up an AS2 server on AWS Transfer Family. The corresponding signing and encryption certificates were generated on CloudShell and imported into the local profile.

I want to simulate a scenario where an external partner sends AS2 messages; in other words, an inbound message to the AS2 server using Postman.

I am getting a 200 OK as the response to my HTTP request; however, the corresponding MDN has the following error: insufficient-message-security. I believe the reason is that the sent message payload is unencrypted.

I would like to know if it's possible to send a message with an encrypted payload from Postman to the AS2 server and how I should proceed.

Thanks in advance!

profile picture
asked 2 months ago176 views
1 Answer
1

Hi, regarding simulating a customer sending a message to an AWS Transfer AS2 server and the possibility of sending an encrypted payload using Postman. In response to your question, here are some options you can try:

  1. Recommended Approach: AWS Transfer Connectors: One approach is to utilize the AWS Transfer Connectors to send an AS2 payload directly to the Transfer AS2 server. The Transfer Connectors are designed to facilitate secure file transfers, including AS2 payloads. It is important to note that the recommended approach would be to leverage the native encryption capabilities of the AWS Transfer AS2 connector, as it is designed to handle secure file transfers and ensure compliance with relevant standards and regulations. https://docs.aws.amazon.com/transfer/latest/userguide/configure-as2-connector.html

  2. AWS Transfer AS2 CloudFormation Template: AWS Transfer Family provides a built-in CloudFormation template specifically for deploying and configuring an AS2 server and connector using AWS Transfer Family. This template can be leveraged to set up and test your AS2 server and connector. https://docs.aws.amazon.com/transfer/latest/userguide/as2-cfn-demo-template.html

  3. OpenSSL Encryption: While it is possible to use OpenSSL to encrypt the AS2 payload before sending it, this approach will require you to build the AS2 message properly.

openssl smime -outform pem -encrypt -aes256 ${publickeypath} | sed '1d;$d' | base64 -d
  1. Postman Interceptor: Similarly, utilizing a Postman interceptor or plugin to handle the encryption and decryption of the payload will also require you to build the AS2 message correctly. This solution would allow you to send encrypted payloads using Postman while ensuring compatibility with the AWS Transfer AS2 server's encryption mechanisms, but you would need to handle the AS2 message formatting yourself. If you insist on using Postman, we can share additional options. https://plainenglish.io/blog/how-to-send-encrypted-data-with-postman-6d5a052e21f5.
AWS
answered 2 months ago
  • Hi there,

    I have evaluated both options 1 and 2 mentioned, and I understand that they are not suitable for my scenario since my need is to send a message into the AS2 server (inbound), while the connector and the template are both aimed at the opposite scenario (outbound).

    I will take a better look and try to use options 3 and 4, and see if one of them can solve our need to send an encrypted payload to the server.

    Thanks for your reply.

  • A connector can send a message to an AS2 server. When you create a connector, you can set the URL to be your AS2 server's endpoint. The CloudFormation template in option 2 is configured this way: it creates an AS2 server, and then creates a connector that points to that server.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions