Isode Products

• All Products
• Directory
• Directory Synchronization
• Internet Messaging
• XMPP Instant Messaging
• X.400 Messaging
• Supported Platforms

Isode X.400 Products

• X.400 Messaging Overview
• M-Switch X.400
• M-Store X.400
• M-Switch MIXER
• X.400 Gateway APIs
• X.400 Client API
• Management Tools

 

STANAG 4406 API & Library

Isode provides an X.400 Gateway APIs and an X.400 Client API for use with its server products.

STANAG 4406 is a NATO Extension to X.400 that defines military message handling capabilities. Isode provides support for STANAG 4406 as an add-on to both of these core APIs. This page describes the capabilities of this API, noting STANAG 4406 features that are supported and those that are omitted.

Envelope Fields

STANAG 4406 defines one message envelope field: Priority Level Qualifier used to support military priorities in MTS Grade of Deliver. This is supported.

Headers

STANAG 4406 defines 16 message headers. 14 of these are fully supported with an easy to use interface. Two are supported by passing through the ASN.1 value:

• Security Information Labels (this is deprecated in S4406 ed2, in favour of the Annex B security labels (CMS) which are supported and described below)
• Pilot Forwarding Information.

Body Parts

STANAG 4406 defines five military body parts (ADatP3; Corrections; Forwarded Encrypted; MM Message; ACP 127 Data) which are supported by the API.

Security

STANAG 4406 ed 2 Annex B describes security capabilities are provided in the X400 Client API, but not in the gateway API. The design intention is that security handling is done by M-Switch, so that a gateway does not need to be aware of security functions.

The Isode API supports a simple model of signing, and verification, which hides most of the complexity from the API user. On submission, the message is signed by the sender. On reception, this single signature is verified. A security label can be provided on submission and will be available to the API user on reception. This gives easy access to the core security capabilities.

The following security capabilities are not currently provided:

1. Encryption (using triple wrap).
2. Use of multiple signatures. If a message is received with multiple signatures, only one will be verified.
3. Ability to forward signed messages and construct forwarded signed messages.
4. Ability to verify the signatures in forwarded messages. (Although signatures are not be verified, forwarded signed messages are decoded).

Conformance

• STANAG 4406, Edition 2. "Military Message Handling System", March 2005
  • Annexe A: "Military Message Handling System Extensions"
  • Annexe B: “Interoperability of Secure MMHS”
  • Annexe G: “Compatibility with PCT-based MMHS Security”
  • Annexe H: “NATO Security Label Guidelines for MMHS”
• STANAG 4631 “PROFILE FOR THE USE OF THE CRYPTOGRAPHIC MESSAGE SYNTAX (CMS) AND ENHANCED SECURITY SERVICES (ESS) FOR S/MIME”
• RFC 5652 Cryptographic Message Syntax (CMS), R. Housley, September 2009

API Definition and Documentation

• The Isode manual, describing all of the Isode messaging APIs is here.
• The 'C' language Isode X.400 Client API definitions are available here and example programs are available here.
• The Java language Isode X.400 Client API definitions and example programs are available here .
• Examples of the Tcl language Isode X.400 Client API are in the product release and are described here.

© Isode Ltd 2012

sitemap    privacy   feedback