What are the configuration parameters for SESAR?
Because SESAR operates on a tenant basis, an organization could have multiple tenants. Therefore, the configuration file is structured so that the service is installed only once, but can retrieve information from all tenants.
Therefore, each SESAR is an instance that must be configured under "instances" in the configuration file, in the SESAR.exe.config file.
<SESAR.configs>
<instances>
<add
Serial=""
APIUser=" "
APIKey=" "
RefreshInterval="300000"
ConfigName="YourConfigName"
Mode="Receive"
KeyExchangesMode="PKCS"
PathReceivedFolder="C:\SESAR\Temp\Receive"
PathStoreFolder="E:\SecureExchanges Backup\Messenging"
MaximumConcurrentMessageDownload="10"
PKCSComKey=""
PrivateFilesKey=””
WebHook=””
WebHookKey=””
WebHookIv=””
/>
</instances>
</SESAR.configs>
See below for details of each parameter:
Serial
The serial number assigned by Secure Exchanges to your SESAR service. This serial number must be associated with a SESAR license.
The serial number assigned by Secure Exchanges to your SESAR service. This serial number must be associated with a SESAR license.
APIUser
The "user key" assigned by Secure Exchanges associated with your SESAR key
APIKey
The API key assigned by Secure Exchanges associated with your SESAR key
The API key assigned by Secure Exchanges associated with your SESAR key
RefreshInterval
The message retrieval refresh interval. Once SESAR has finished retrieving all messages addressed to it, it will perform a check after this period. This value is in seconds. The minimum interval is 300,000, or 5 minutes. If the value is set to 0, the service will ignore this setting. When you double-click SESAR.exe, instances with a value of 0 will be executed only once.
The message retrieval refresh interval. Once SESAR has finished retrieving all messages addressed to it, it will perform a check after this period. This value is in seconds. The minimum interval is 300,000, or 5 minutes. If the value is set to 0, the service will ignore this setting. When you double-click SESAR.exe, instances with a value of 0 will be executed only once.
ConfigName
The configuration name. This name will be used in the trace.
The configuration name. This name will be used in the trace.
Fashion
Currently, only Receive mode is supported.
Currently, only Receive mode is supported.
KeyExchangesMode
SESAR is designed to work with several modes. Currently, only PKCS mode is supported. Eventually, you will be able to configure two SESAR instances between two servers so that they can exchange files automatically.
SESAR is designed to work with several modes. Currently, only PKCS mode is supported. Eventually, you will be able to configure two SESAR instances between two servers so that they can exchange files automatically.
PathReceivedFolder
The temporary folder where the "chunks" of each message will be downloaded
The temporary folder where the "chunks" of each message will be downloaded
PathStoreFolder
The folder where the messages that SESAR has retrieved per user will be stored
The folder where the messages that SESAR has retrieved per user will be stored
PKCSComKey
Your private key in base64, which will be used to decrypt the communication.
MaximumConcurrentMessageDownload
For an instance, the maximum number of concurrent messages that can be executed at the same time. This value can impact performance. The default value is 10.
For an instance, the maximum number of concurrent messages that can be executed at the same time. This value can impact performance. The default value is 10.
PrivateFilesKey
A 4096-bit RSA key in base64 generated with the SECT.exe tool. This key will be used to decrypt the encrypted files when using SESAR restore. IMPORTANT: You must share the public key of this key with the Secure Exchanges team. The public key will be used to encrypt your files on your server, and only your SESAR key and your SESAR key will be able to decrypt them. The files will then be stored with the name {filename}.see
A 4096-bit RSA key in base64 generated with the SECT.exe tool. This key will be used to decrypt the encrypted files when using SESAR restore. IMPORTANT: You must share the public key of this key with the Secure Exchanges team. The public key will be used to encrypt your files on your server, and only your SESAR key and your SESAR key will be able to decrypt them. The files will then be stored with the name {filename}.see
WebHook
A webhook is a web endpoint that must receive a SesarHook object as a parameter. (Available in the SDK.NET)
The object is constructed in the following way:
/// <summary>
/// The object used for SESAR webHook
/// </summary>
public class SesarWebHook
{
/// <summary>
/// The encrypted manifest
/// </summary>
public string EncryptedObject { get; set; }
/// <summary>
/// The hashkey of the cryptped key used
/// </summary>
public string HashKey { get; set; }
}
Example in C# for a service
ASMX
[WebMethod]
[ScriptMethod(UseHttpGet =false, ResponseFormat = ResponseFormat.Json)]
public void SESARHook(SesarWebHook args)
MVC
[HttpPost]
public string SESARHook([FromBody] HookArgs SEManifest)
public class HookArgs
{
public SesarWebHook args { get; set; }
}
The value of the webhook will then be: https://[localhost]/[webservice]/[method]
[localhost] = the address of your service
[webservice] = your endpoint. ASMX, MVC etc.
[method] = In our example, this is SESARHook
The final value in our example would be: https://localhost/Test.asmx/SESARHook
The webhook is sent every 30 seconds and processes all received files. The webhook will throw an exception if anything goes wrong. If the webhook returns an HttpStatus of 200, the hook will be considered successful.
A webhook is a web endpoint that must receive a SesarHook object as a parameter. (Available in the SDK.NET)
The object is constructed in the following way:
/// <summary>
/// The object used for SESAR webHook
/// </summary>
public class SesarWebHook
{
/// <summary>
/// The encrypted manifest
/// </summary>
public string EncryptedObject { get; set; }
/// <summary>
/// The hashkey of the cryptped key used
/// </summary>
public string HashKey { get; set; }
}
Example in C# for a service
ASMX
[WebMethod]
[ScriptMethod(UseHttpGet =false, ResponseFormat = ResponseFormat.Json)]
public void SESARHook(SesarWebHook args)
MVC
[HttpPost]
public string SESARHook([FromBody] HookArgs SEManifest)
public class HookArgs
{
public SesarWebHook args { get; set; }
}
The value of the webhook will then be: https://[localhost]/[webservice]/[method]
[localhost] = the address of your service
[webservice] = your endpoint. ASMX, MVC etc.
[method] = In our example, this is SESARHook
The final value in our example would be: https://localhost/Test.asmx/SESARHook
The webhook is sent every 30 seconds and processes all received files. The webhook will throw an exception if anything goes wrong. If the webhook returns an HttpStatus of 200, the hook will be considered successful.
Important information:
The hook has a timeout of 5 minutes. The content type sent is: "application/json". The parameter sent is: { args: { CryptedObject: '', HashKey: ''}}. The encrypted object is the Storemanifest object encrypted in base64 with the shared key. The HashKey is the SHA512 hash of the key in base64.
The hook has a timeout of 5 minutes. The content type sent is: "application/json". The parameter sent is: { args: { CryptedObject: '', HashKey: ''}}. The encrypted object is the Storemanifest object encrypted in base64 with the shared key. The HashKey is the SHA512 hash of the key in base64.
Here is a C# example to decrypt your StoreManifest using the Secure Exchanges SDK
var jsonObject = CryptoHelper.DecryptStringFromBytes(Convert.FromBase64String(cryptedObject), Convert.FromBase64String(base64Key), Convert.FromBase64String(base64Iv));
StoreManifest sesarStoreManifest = SerializationHelper.DeserializeFromJson<StoreManifest>(jsonObject);
WebHookKey
A 256-bit AES key encoded in base64. You can generate this key using the SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on your webhook's end.
A 256-bit AES key encoded in base64. You can generate this key using the SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on your webhook's end.
WebHookIv
A 128-bit IV in base64. You can generate this key using the SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on your webhook's end.
A 128-bit IV in base64. You can generate this key using the SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on your webhook's end.
**Warning: Once the service is shut down, the values of WebHook, WebHookKey, WebHookIv, Serial, APIUser, APIKey, PrivateFilesKey, and PKCSComKey will be encrypted in a .sesar file named after your configuration. This file cannot be moved.
Related Articles
How to configure SESAR with Azure Active Directory?
1. Creating an application: Go to Azure Active Directory . Next, on the left bar click on "App registration" and click on "New registration". Enter a name and then, under "Supported account types", check the first option "Single tenant". Finally, ...What is SESAR?
Presentation of the SESAR Service SESAR ( Secure Exchanges Send and Receive ) is a Windows service designed to integrate and secure your communications sent via Secure Exchanges , whether stored locally or in the cloud. It acts as a true vault for ...How do I uninstall SESAR?
1. Uninstall SESAR Open the control panel Click the Windows "Start" button, then search for and select Control Panel. Access program management In the control panel, select "Programs", then "Uninstall a program". Search Secure Exchanges In the list ...How do I perform IP Sync with SESAR?
To allow a particular IP address to connect and retrieve your SESAR messages, you must contact your liaison agent at Secure Exchanges, your partner, to provide them with your IP address. Our support team will then add your IP address to your SESAR ...SESAR (Secure Exchanges Send And Received) Installation Guide
Here is a simple and detailed guide to help you configure and install SESAR. 1. Creating the SESAR user Start by installing the latest version of SESAR, available on our website. The machine on which SESAR will be installed must have the following ...