Siebel Security Guide > Communications and Data Encryption >

About Key Exchange for Microsoft Crypto or RSA Encryption

If you are using Microsoft Crypto or RSA encryption for communications between the Siebel Server and the Web server (SWSE), or between Siebel Servers, then the following steps explain how Siebel encryption keys are exchanged between the client (for example, the Web Server) and the server (for example, Siebel Server).

1. The client generates a private/public key pair. The public key is sent as part of the Hello SISNAPI message to the Siebel Server.
2. When the server receives a Hello message, it generates an RC4-based symmetrical session key and encrypts the symmetrical session key using the client's public key from the Hello message. The encrypted session key is sent back to the client as part of the Hello Acknowledge message.
3. The client uses its private key to decrypt the server-generated session key. From this point on, both the client and the server use the server-generated session key to encrypt and decrypt messages.
4. The session key is good for the lifetime of the connection.

If you are using SSL or TLS encryption between the Web server and Siebel Server or between Siebel Servers, then the key exchange is handled through a standard SSL or TLS handshake.