To prevent anybody from eavesdropping on the bit repository data and messages exchanged, all communication is encrypted. Two levels of PKI are used.
Implemented in BITMAG-198@jira
Encrypting the communication between pillars/clients and the coordinating layer
All communication between pillars/clients and the coordinating layer may be encrypted using SSL. The certificates used in the communication between pillars/clients and coordinating layer must be trusted by the participants, and a mechanism for distributing (public) certificates is needed. A recipe for setting up Activemq pki can be found at http://activemq.apache.org/how-do-i-use-ssl.html
Additional information can be found here:
http://timbish.blogspot.com/2010/04/ussing-ssl-in-nmsactivemq.html
Signing and optionally encrypting messages and data transfers
To ensure the authenticity of exchanged messages, they may be signed and optionally encrypted for confidentiality. Data transfers may be encrypted as well, using HTTPS. The certificates used for signing og encrypting data and messages are issued by the parties involved. - possibly assisted by the coordinating body.