# Pagero AS2 server and client solutions

# Introduction

Applicability Statement 2 (AS2) is a secure and reliable protocol for transferring business documents over the internet. It achieves security using digital certificates for signature and encryption.

AS2 is built to secure data in the protocol and is using the HTTP protocol which means that transport layer security (TLS) can also be applied.

AS2 is one of the most common protocols for transfer of business data today.


# What we offer

We offer customers both the possibility to send files to the Pagero AS2 server and receive files from Pagero with the AS2 client solution.


# Prerequisites

Prior to being able to utilize the Pagero AS2 offering, your internal integration solution needs to support sending of data through an AS2 client or being able to receive data through an AS2 server.

We support the AS2 protocol as defined in RFC4130.

When ordering the AS2 Connectivity Setup, either from Pagero Store or by your sales representative, and the setup has been finalized by Pagero you will receive an interconnect specification with the connectivity details.


# Security

Security is achieved by the exchange of public certificates and the use of asymmetric encryption.

  • Verification of sender. Sender signs the payload with a private key. Receiver verifies with public key earlier received by sender.
  • Encryption is made with the receiver's public key, that way only the receiver of the business document can decrypt the message therefore only the application holding the private key can read the data. Private keys are never exchanged and always stored securely.

# Encryption

# Pagero AS2 client

Below is a list of supported encryption standards in the Pagero AS2 Client.

  • DES_EDE3_CBC
  • CAST5_CBC
  • IDEA_CBC
  • RC2_CBC

# Pagero AS2 server

Below is a list of supported encryption standards in the Pagero AS2 Server.

  • DES_EDE3_CBC
  • CAST5_CBC
  • IDEA_CBC
  • RC2_CBC
  • AES128_CBC, AES192_CBC, AES256_CBC
  • AES128_CCM, AES192_CCM, AES256_CCM
  • AES128_GCM, AES192_GCM, AES256_GCM

If necessary we have the possibility to extend our solutions with encryption standards. The list above is what is most commonly used today. We are continuously updating encryption standards so that deprecated ciphers are removed.

For more information, see Wikipedia article on cryptography standards.


# Signing

We recommend that you use non deprecated signing algorithms since deprecated standards will continuously be removed and not supported by the Pagero AS2 solutions. Please find a list below of signing algorithms to use from the SHA2 family.

  • SHA224
  • SHA256
  • SHA384
  • SHA512

For more information, see Wikipedia article on secure hash algorithms.


# AS2 settings

Below are our recommendations for some common AS2 settings.

Setting Comment
AS2 ID Recommended to have separate AS2 IDs for Test and Production environments
Transport layer security (TLS) Mandatory, version 1.2 or higher.
Encryption Highly recommended
Signature Highly recommended
Signed MDN Highly recommended
Synchronous MDN Mandatory

# Send modes

For more information about different send modes, please see the send modes section.

Send modes
../../../additional-functionality/send-modes/


# Attachment handling

This section shows available options for sending and receiving attachments with Pagero AS2 solutions.

For more information about attachments, please see the attachment section.

Attachments
../../../additional-functionality/attachments/

# Embedded in the format

Transfer of the attachment can also be done by embedding the attachment in the business document if the document format you send supports it.

There are several ways to embed an attachment but the most common one is to encode the attachment using base64 and add to the business document according to format specification.

Embedded attachments
../../../additional-functionality/attachments/#embedded

# Batched

There are several different ways to batch files, one of the most common alternatives is to compress the files into a zip file. Please note that even though all files are batched and sent as one file there would still need to be a file naming convention inside the zip file to match attachments to the main document.

We recommend sending one business document with corresponding attachments per batched file. We do not recommend sending several business documents within the same file.

Batched attachments
../../../additional-functionality/attachments/#batched-attachments