5.1 Security Considerations for Implementers
To provide the highest available message security, an implementer can consider adding support for the SHA-512 hash algorithm [FIPS180-2] and the AES encryption algorithm [FIPS197] with 256-bit key length.
For more details on message encryption, see [MS-MQQB] sections 184.108.40.206.3 and 220.127.116.11.5. For a list of various algorithms and message security options supported by the queue manager, see the Message.PrivacyLevel, Message.HashAlgorithm, and Message.EncryptionAlgorithm ADM attributes in section 18.104.22.168.
The strength of the RSA keys generated in section 3.1.3 is vital to the security of the RSA key exchange algorithm. To get started, implementers can refer to the example procedure for RSA key generation described in [CRYPTO] Section 8.2.1. To ensure strong keys, implementations can generate RSA keys through secure processes such as the industry standards described in [X9.31] Section 4.1 and [FIPS186] Section 5.1.