---

OS

•MS Windows Operating System. Windows 10, Windows 11, Windows Server 2008 or higher

•100 MB Memory + variable depending on HL7 messages loaded.

•Microsoft .Net Framework 4.7.2

•This version of the software is FREE and has no trial period.

 

---

 

CORE HL7 IPSec End Points (Client To Listener)

A CORE HL7 IPSec Tunnel Client (Sender) can only connect to a CORE HL7 IPSec Tunnel TCP/IP Listener, like the implementation used in the CORE HL7 Postmaster software.

Since the Tunnel Client is a one-way interface (IE it only SENDS HL7 data to the Tunnel Listener) there is no X509 certificate required for the Tunnel Client software. Here's an expanded explanation of how connection and encryption works.

Certificate Exchange: The Tunnel Client initiates the connection to the Tunnel Listener, which responds by presenting its X509 certificate. This certificate contains the Tunnel Listener's public key and is typically signed by a trusted certificate authority (CA). The CORE HL7 Postmaster creates a “Default” X509 certificate which is “self-signed” but is fully acceptable and functionally identical to certificates you might purchase from a trusted certificate authority (CA). The owner of the Tunnel Listener has the option to provide their own X509 certificate which can be either “self-signed” by their organization or purchased from a trusted certificate authority (CA).

Certificate Validation: The Tunnel Client validates the Tunnel Listener's certificate to ensure it is authentic and valid. This involves verifying the certificate's digital signature, checking the certificate's expiration date and ensuring that it supports TLS 1.2 encryption. We do not require that the certificate be issued by a trusted CA.

Public Key Extraction: Once the certificate is validated, the Tunnel Client extracts the Tunnel Listener's public key from the certificate. This public key will be used for encrypting data that will be sent to the Tunnel Listener.

Data Encryption: When the Tunnel Client wants to send data to the Tunnel Listener, it encrypts the data using the extracted public key. This ensures that only the Tunnel Listener, with its corresponding private key, can decrypt and read the data.

Data Decryption: On the Tunnel Listener side, when encrypted data is received, it uses its private key (associated with the X509 certificate) to decrypt the data and retrieve the original message.

To sum up, instead of a traditional key exchange where both parties generate shared secret keys, the Tunnel Client relies on the Tunnel Listener's X509 certificate for the encryption process. The Tunnel Client uses the Tunnel Listener's public key from the certificate to encrypt the data, and the Tunnel Listener, possessing the corresponding private key, can decrypt and access the data.

It's important to note that the X509 certificate serves as a means of trust and identity verification, ensuring that the communication is secure and authenticating the Tunnel Listener as the intended recipient.