5.1 Security Considerations for Implementers

To provide the highest available message security, an implementer can consider adding support for the SHA-512 hash algorithm [FIPS180-2] and the AES encryption algorithm [FIPS197] with 256-bit key length.

For more details on message encryption, see [MS-MQQB] sections 3.1.5.8.3 and 3.1.7.1.5. For a list of various algorithms and message security options supported by the queue manager, see the Message.PrivacyLevel, Message.HashAlgorithm, and Message.EncryptionAlgorithm ADM attributes in section 3.1.1.12.

The strength of the RSA keys generated in section 3.1.3 is vital to the security of the RSA key exchange algorithm. To get started, implementers can refer to the example procedure for RSA key generation described in [CRYPTO] Section 8.2.1. To ensure strong keys, implementations can generate RSA keys through secure processes such as the industry standards described in [X9.31] Section 4.1 and [FIPS186] Section 5.1.