AS2 signature encoding

Integrator.io
1

Hi,
I just noticed when configuring an AS2 connection, on the Sending side we can choose how to encode the message, and how to encode the signature:

The image shows a form with options for 'Encoding' and 'Signature encoding' both set to 'Binary', each accompanied by a question mark icon. (Captioned by AI)
The image shows a form with options for 'Encoding' and 'Signature encoding' both set to 'Binary', each accompanied by a question mark icon. (Captioned by AI)514×298 10.9 KB

But on the receiving side, we can only choose the encoding for the message, not the signature.

image
image534×148 6.56 KB

How should a sending partner encode the signature? Does it follow the message encoding? Or is it a default value and if so which value?

1 Like
2

Hi Bas,

I believe the incoming signatures are always expected to be base64-encoded, so the partner should encode the signature as base64. I am waiting for internal feedback to confirm this, and will provide another update once I receive more information.

Best,
Simon

1 Like
3

Hi Bas - Currently all the incoming signatures are defaulted to Base64.

On a parallel note, we're working on improving the experience of configuring of AS2 connection. We don't have a timeline, but should see it in H2'25.

1 Like
4

Thanks Simon, I did some testing, sending from Celigo to Celigo, to try to better understand all AS2 options myself and it looks like Celigo accepts it incoming both ways.

For configuring an AS2 connection I think it would help if the options were grouped/sorted based on their function, making three groups:

  1. Credentials (where all certificates and keys go, because these are used both for sending and receiving)
  2. Receiving (current 'my station' group)
  3. Sending (current 'partner station' group)

and then for the settings in those groups show them in the order of the operations:

The image displays a security settings interface with fields for MDN verification algorithm, encryption type, signing, encoding, and signature encoding. (Captioned by AI)
The image displays a security settings interface with fields for MDN verification algorithm, encryption type, signing, encoding, and signature encoding. (Captioned by AI)1262×718 65.1 KB

Some extra things i noticed about as2:

  • Celigo defaults encoding to Base64, but in my experience most partners use binary. If they don't specify it in their profile its surely binary.
  • signature encoding governs how the signature is encoded in the mime-message, encoding governs how the complete encrypted mime-message (including the signature) is encoded.
  • If you set signature encoding to binary the mime-message will still be base-encoded before encrypting it as part of AS2 standard?