Filter by Category

What is AS2? Common Protocol Explained

What is AS2 Protocol? A common protocol explained.

For those that ask "What is AS2?," AS2 is an abbreviation for Applicability Statement 2, which is a popular file transfer protocol that allows businesses to exchange data with their trading partners.

AS2 protocol combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive EDI files.

AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.

Related Reading: Which is Better: AS2 vs. SFTP?

 


Key Features of AS2 Protocol

  • Message Encryption - By using the recipient's public certificate, the AS2 message contents can be encrypted to keep the data secure. Only the recipient will be able to decrypt the contents using their private certificate.
  • Digital Signatures - The message can be signed using the sender's private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient's system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a username, password, and/or certificate.
  • Compression - In order to improve transmission time, compression can be added to decrease the size of the message.
  • Receipt - The Message Disposition Notification (MDN, which is commonly referred to as a receipt) plays an important role in AS2 protocol as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
  • Message Integrity Check - With AS2, the recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
  • Non-repudiation of Receipt -The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event, which is considered legal proof of delivery.

Related Reading: An Introduction to AS2

Challenges with AS2

Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.

GoAnywhere MFT is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.

Learn More about AS2 Protocol

Dive deeper into AS2 protocol's clients and servers with this short video.

AS2-Certified Software for Secure File Transfer

As a Drummond-approved solution, GoAnywhere MFT can meet your AS2 needs. See a live customized demo of our secure file transfer software to see firsthand how GoAnywhere simplifies and supports the data you exchange with your trading partners.

Latest Posts


Is Your Product Configuration Secure and Reliable?

March 2, 2021

Health. It’s the hot topic on everyone’s minds these days. Preventative measures and routine checkups are highly recommended for both personal well-being, as well as for the health of your…


How Azure Works with GoAnywhere MFT

March 1, 2021

What is Azure? Microsoft Azure is a cloud computing platform comprised of more than 200 separate products and cloud services. Most organizations use Azure to host sites and applications in the…


What is PeSIT?

February 26, 2021

What is PeSIT? PeSIT, short for Protocol d'Echanges pour un Systeme Interbancaire de Telecompensation (Protocol for data Exchange within the French Systems for Interbank Tele-clearance), is an…


What is GPG?

February 23, 2021

What is GPG? GPG, also known as GNU Privacy Guard (GnuPG), is a different adaption, but popular implementation of the Open PGP standard as defined by RFC 4880. GPG in Depth GPG is an open-source…


Is Transferring Files Through Email Secure?

February 18, 2021

You know the feeling. That need to cross your fingers and hold your breath when you hit “send” on an email, or at the moment you click on a link within an email with a pang of regret. While a…