Announcement

A new release is in the box. Fully rewritten, it will based on Zend Framework to reuse config modules, log modules, and so more to easily fitt your needs by creating your owns adapters to load partner setup and/or handle as2 messages.
Java module has been rewritten to implement more than 10 crypto algorithms and to remove totally OpenSSL module.

Don't hesitate to contact me if you have specific requirements or bugs.

About

The AS2Secure Project allows you to send AS2 (for Applicability Statement 2) messages using SMIME encryption format.
Based on OpenSSL Lib, your can sign and/or encrypt files to send them over unsecured protocol such as HTTP with the security of HTTPS.

This project is released under LGPL v3 license.

AS2 Protocol

AS2 helps users connect, deliver, validate and reply to data that trading partners move securely through the Internet. This protocol thereby establishes a standard point-to-point connection in B2B (Business to Business) document transactions. Stated another way, AS2 provides the means by which vendor applications communicate EDI (Electronic Data Interchange) documents, or other data such as XML, over the Internet using HTTP (Hyper Text Transfer Protocol). Further, AS2 defines a security system that wraps the data in an envelope with a digital certificate.

Technical

  • Asyncronous and syncronous MDN
  • Partner setup
  • Digital signatures
  • Message encryption
  • Secure transport (SSL)
  • Support for SSL client authentication
  • Multiple attachments (AS2 1.2)
  • ZLib compression (external module written in Java - AS 1.1)

Encryption and signatures

The following encryption algorithms are supported

  • Triple DES
  • DES
  • RC2 64
  • RC2 128

The following hash algorithms are supported

  • SHA-1
  • MD5 (not yet)

Requirements

Below are the requirements that AS2Secure needs in order for it to work correctly:

  • PHP 5.2.0 or greater
  • HTTP Server (to handle partner request)
  • OpenSSL 0.9.8 or greater
  • Unix shell (to execute 'file' command line)
  • JRE 1.5 (or greater) to run Zlib decompress module

Known limitations

Current limitations are due to OpenSSL 0.9.8 restrictions.

In fact, current OpenSSL doesn't support :

  • Zlib Compression (AS2 1.1)
  • Binary content as mimepart

Additionnal part written in Java allow support of Zlib Compression.
But 'Binary content' has yet no solution.

Note : Future OpenSSL release seems to support at least compression.

History

Based on part of Horde framework, it combines openssl php functions and command lines to perform each steps that signing / crypting / checking / decrypting and extracting requires.

Still in development, a final release will soon append.

Contributor

A very small team of programmer/developer :