Encryption is required to pass HL7 messages across hostile networks such as the internet. Encryption is supported on the following network transport layers:
As there is no published standard for encryption of interfaces, the remote system must also be another HL7Connect to allow the use of encryption. This will be reviewed in the future, when HL7 standards for encryption have been published.
For technical details regarding encryption, consult Encryption Specifications
Encryption always uses TripleDES with rolling Cipher Block Chaining (CBC) across messages. The options that can be configured concern the way that the working session key is generated. A session key is generated for every startup, and any time that CBC fails.
This is only an option for TCP/IP (MLLP) interfaces. HTTP and Email interfaces must be configured to use encryption.
HL7Connect Certificates are a private key based key management system. In this system, both HL7Connect systems must share the same certificate. If you have good control over the distribution channels for the HL7Connect systems, which would often be the case, this is an easy to manage solution to key management.
If a certificate is in use, the Universal Unique Identifier (UUID) for the certificate will be shown. You are able to change the certificate by specifying a valid server file name for a new certificate. As a security precaution, the certificate must already be on the HL7Connect server.
Both HL7Connect systems must share the same certificate and UUID.
You can generate a certificate by:
You will receive a .kcert file, which contains the certificate.
Pretty Good Privacy (PGP) must be installed on the HL7Connect Server if you would like to use PGP as the key management system.
To use PGP, the following information must be supplied:
|Sender||The email address of the sender. The default PGP key ring on the HL7Connect server must have a full private key installed for the sender address.|
|Receiver||The email address of the receiver. The default PGP Key ring on the HL7Connect server must have a public key for this address.|
|Passphrase||This is the passphrase for the Sender's PGP Private Key. This passphrase will be stored encrypted in the interface configuration, however, this should not be regarded as a highly secure storage location.|
If the interface is an Email interface, then the Sender's and Receiver's address are taken automatically from the email interface configuration.
If the interface is not an email address, the addresses given do not need be valid, as they will not be used, but they must be properly installed in the PGP Key ring.
The values of Sender and Receiver must match across the two HL7Connect systems for encryption to work. The remote HL7Connect must have the values of Sender and Receiver reversed, so the sender on one HL7Connect matches the receiver on the other.