axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pham Hoai Van" <>
Subject WSS: encrypt SOAPMsg by SessionKey of a KerberosServiceTicket problem ???
Date Wed, 11 May 2005 09:47:38 GMT
Hi all,
According to Web Service Security Specification (OASIS), i'm building a package that use Kerberos
Ticket to secure web service.
WSS Spec indicates that we can use KerberosTicket embbed in SOAP Header to sign/encrypt SOAPMessage.
Now i'm doing some works with encrypting a SOAMessage by KerberosTicket.

I found that a SecretKey exchanged between client and kerberzied service is only 8 bytes length.
But i wanna encrypt my SOAPmessage use tripleDes that need a SecretKey of 24bytes. I use XMLSecurity
from Apache to sign/encrypt soapMsg and it  supports tripleDes not DES.

So any idea to solve my problem ?
Creating a Secretkey for tripleDES derived from just 8byte sessionkey ?
Any idea ?
Best Regards and many thanks.
Hoai Van

View raw message