What are the SESAR configuration parameters?
As SESAR works by “tenant”, an organization could have several “tenants”. So the configuration file is built so that the service is installed only once, but can retrieve information from all tenants
So each SESAR is an instance that must be configured under "instances" in the configuration file, in the SESAR.exe.config file
So each SESAR is an instance that must be configured under "instances" in the configuration file, in the SESAR.exe.config file
<SESAR.configs>
<instances>
<add
Serial=""
APIUser=" "
APIKey=" "
RefreshInterval="300000"
ConfigName="YourConfigName"
Mode="Receive"
KeyExchangesMode="PKCS"
PathReceivedFolder="C:\SESAR\Temp\Receive"
PathStoreFolder="E:\SecureExchanges Backup\Messenging"
MaximumConcurentMessageDownload="10"
PKCSComKey=""
PrivateFilesKey=””
WebHook=””
WebHookKey=””
WebHookIv=””
/>
</instances>
</SESAR.configs>
Serial
The serial number assigned by Secure Exchanges to your SESAR service. This serial number must have a SESAR license
APIUser
The "user key" assigned by Secure Exchanges associated with your SESAR key
APIKey
The API key assigned by Secure Exchanges associated with your SESAR key
The API key assigned by Secure Exchanges associated with your SESAR key
RefreshInterval
The message retrieval refresh interval. Once SESAR has finished retrieving all the messages intended for it, it will check after this time. This value is in seconds. The minimum wait interval is 300000, or 5 minutes. If the value is 0, the service will ignore this configuration. When you double click on the SESAR.exe all, the instances at 0 will be executed only once.
The message retrieval refresh interval. Once SESAR has finished retrieving all the messages intended for it, it will check after this time. This value is in seconds. The minimum wait interval is 300000, or 5 minutes. If the value is 0, the service will ignore this configuration. When you double click on the SESAR.exe all, the instances at 0 will be executed only once.
ConfigName
The name of the configuration. This name will be used in the trace.
The name of the configuration. This name will be used in the trace.
Mode
Currently only Receive mode is supported.
Currently only Receive mode is supported.
KeyExchangesMode
SESAR is designed to work with several modes. Currently only PKCS mode is supported. Eventually you can configure 2 SESARs between two servers so that they exchange files automatically.
SESAR is designed to work with several modes. Currently only PKCS mode is supported. Eventually you can configure 2 SESARs between two servers so that they exchange files automatically.
PathReceivedFolder
The temporary folder where the chunks of each message will be downloaded
The temporary folder where the chunks of each message will be downloaded
PathStoreFolder
The folder where the messages that SESAR will have retrieved by user will be stored
PKCSComKey
Your private key in base64 which will be used to decrypt the communication
For an instance, the maximum number of concurrent messages that can be executed at the same time. This value can impact performance. Default value is 10.
PrivateFilesKey
A 4096-bit base64 RSA key generated with the SECT.exe tool. This key will be used to decrypt the files stored encrypted when using the SESAR restore. ATTENTION, you must share the public key of this key with the Secure Exchanges team. The public key will be used to encrypt your files on your server, and only your SESAR and your key will be able to decrypt the files. The files will then be kept under {filename}.see
WebHook
The webhook is a web endpoint that must receive a SesarHook object as a parameter. (Available in SDK.net)
The object is constructed as follows:
/// <summary>
/// The object used for SESAR webHook
/// </summary>
public class SesarWebHook
{
/// <summary>
/// The crypted manifest
/// </summary>
public string CryptedObject { get; set; }
/// <summary>
/// The hashkey of the crytped key used
/// </summary>
public string HashKey { get; set; }
}
The webhook is a web endpoint that must receive a SesarHook object as a parameter. (Available in SDK.net)
The object is constructed as follows:
/// <summary>
/// The object used for SESAR webHook
/// </summary>
public class SesarWebHook
{
/// <summary>
/// The crypted manifest
/// </summary>
public string CryptedObject { get; set; }
/// <summary>
/// The hashkey of the crytped key used
/// </summary>
public string HashKey { get; set; }
}
Example in C# for a service
ASMX
[WebMethod ]
[ScriptMethod(UseHttpGet =false, ResponseFormat = ResponseFormat.Json)]
public void SESARHook(SesarWebHook args)
MVC
[HttpPost]
public string SESARHook([FromBody] HookArgs SEManifest)
public class HookArgs
{
public SesarWebHook args { get; set; }
}
The value of the webhook will then be : https://[localhost]/[webservice]/[methode]
[localhost] = the address of your service
[webservice] = your end point. ASMX, MVC etc ..
[methode] = In our example it is SESARHook
Final value in our example would be : https://localhost/Test.asmx/SESARHook
ASMX
[WebMethod ]
[ScriptMethod(UseHttpGet =false, ResponseFormat = ResponseFormat.Json)]
public void SESARHook(SesarWebHook args)
MVC
[HttpPost]
public string SESARHook([FromBody] HookArgs SEManifest)
public class HookArgs
{
public SesarWebHook args { get; set; }
}
The value of the webhook will then be : https://[localhost]/[webservice]/[methode]
[localhost] = the address of your service
[webservice] = your end point. ASMX, MVC etc ..
[methode] = In our example it is SESARHook
Final value in our example would be : https://localhost/Test.asmx/SESARHook
The webhook is sent every 30 seconds, and processes all the files received. The webhook will have to throw an exception if something goes wrong. If the webhook returns an HttpStatus of 200, the hook will be considered successful.
Informations importantes :
The hook has a timeout of 5 minutes The content type sent is: "application/json" The parameter sent is: { args: { CryptedObject: '', HashKey: ''}} The crypted object is the Storemanifest object encrypted in base64 with the shared key The HashKey is the SHA512 result of the base64 key
Here is an example in c# to decrypt your StoreManifest using the Secure Exchanges SDK
var jsonObject = CryptoHelper.DecryptStringFromBytes(Convert.FromBase64String(cryptedObject), Convert.FromBase64String(base64Key), Convert.FromBase64String(base64Iv));
StoreManifest sesarStoreManifest = SerializationHelper.DeserializeFromJson<StoreManifest>(jsonObject);
WebHookKey
A 256-bit base64 AES key. You can generate this key with SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on the side of your webhook.
A 256-bit base64 AES key. You can generate this key with SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on the side of your webhook.
WebHookIv
A 128-bit base64 IV. You can generate this key with SECT tools. The SoteManifest will be encrypted with this key, so your webhook must know it. Protect the key on the side of your webhook.
** Please note, once the service has started, the values of WebHook, WebHookKey, WebHookIv, Serial, APIUser, APIKey PrivateFilesKey and PKCSComKey will be encrypted in a .sesar file in the name of your configuration. This file is not movable.
Related Articles
What is SESAR ?
Introduction to SESAR Service SESAR (Secure Exchanges Send And Receive) is a Windows service designed to integrate and secure your exchanges made via Secure Exchanges, whether they are stored locally or in the cloud. It acts as a true vault for your ...How do I generate my SESAR private key?
SESAR asks you to configure your private key. To do this, Secure Exchanges has made available to its customers a tool called SECT.exe (Secure Exchanges Crypto Tool). Double click on the tool and go to the “Generate keys” section Select PKCS 4096. ...How to configure SESAR with Azure Active Directory?
1. Creating an app: Head to Azure Active Directory. Then, on the left bar click on “App registration” and click on “New registration”. Enter a name and then, under "Supported account types", check the first option "Single tenant". Finally, click on ...How to uninstall SESAR?
To uninstall SESAR, you need to run the setup.exe again, and select "Remove Secure Exchanges Send And Receive (SESAR)"Where is SESAR installed?
SESAR is installed in your infrastructures. Only you have access to it. It can be installed on a cloud server or on a local server. See the technical specifications required on this article.