Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 13424 invoked from network); 22 May 2006 23:21:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 May 2006 23:21:42 -0000 Received: (qmail 50010 invoked by uid 500); 22 May 2006 23:21:24 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 49963 invoked by uid 500); 22 May 2006 23:21:24 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 49917 invoked by uid 99); 22 May 2006 23:21:24 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 May 2006 16:21:24 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of Jeffrey.W.Scudder@boeing.com designates 130.76.32.69 as permitted sender) Received: from [130.76.32.69] (HELO blv-smtpout-01.boeing.com) (130.76.32.69) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 May 2006 16:21:21 -0700 Received: from stl-av-01.boeing.com ([192.76.190.6]) by blv-smtpout-01.boeing.com (8.9.2.MG.10092003/8.8.5-M2) with ESMTP id QAA20410 for ; Mon, 22 May 2006 16:21:00 -0700 (PDT) Received: from xch-swbh-11.sw.nos.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.11.3/8.11.3/MBS-AV-LDAP-01) with ESMTP id k4MNKxG21412 for ; Mon, 22 May 2006 18:20:59 -0500 (CDT) Received: from XCH-SW-4V1.sw.nos.boeing.com ([129.172.87.226]) by xch-swbh-11.sw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 22 May 2006 16:20:56 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Adding Digital Signatures to all outgoing SOAP envelopes Date: Mon, 22 May 2006 16:20:06 -0700 Message-ID: In-Reply-To: <20060522203655.83086.qmail@web38913.mail.mud.yahoo.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Adding Digital Signatures to all outgoing SOAP envelopes Thread-Index: AcZ9346OX6K4qXqBQfCXrgk4kzpRXgAFqdSg From: "Scudder, Jeffrey W" To: X-OriginalArrivalTime: 22 May 2006 23:20:56.0334 (UTC) FILETIME=[60A2B2E0:01C67DF6] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Thank you very much -Jeff=20 -----Original Message----- From: Ali Sadik Kumlali [mailto:as_kumlali@yahoo.com]=20 Sent: Monday, May 22, 2006 1:37 PM To: axis-user@ws.apache.org Subject: Re: Adding Digital Signatures to all outgoing SOAP envelopes Hi Jeffrey, Followings are the first steps that come to my mind: 1) Find yourself a tool that ease your work. portecle[1] is my favorite. Other tools such as OpenSSL[2] and keytool[3] are very popular, though. 2) You need to create a keystore file for both client and the server. Later you will store private key and public key certificates in it. 3) Format of keystore file can be either JKS or PKCS#12. Let's use JKS. 4) server.jks should contain private key of server and the public key of the client.=20 5) client.jks should contain private key of client and the public key of the server.=20 6) You need to create a keypair which implicitly has your private key. 7) By using portecle, you need to export public key certificate which will later be imported in other jks. 8) Exported public key certificate should be a "cer" file. 9) Now, you need to import the public key certificate into the other jks . 10) Consequently, the keystore file should be as follows: client.jks client private server public server.jks server private client public =20 11) Here are InflowSecurity and OutflowSecurity of each side. Please note that we use only signing here. There is no encryption. axis2.xml of client ------------------- Signature client_user =20 =20 com.mycompany.service.security.client.PWCallback< /passwordCallbackClass> client_security.properties SKIKeyIdentifier Signature client_security.properties axis2.xml of server ------------------- Signature server_user =20 =20 com.mycompany.service.security.server.PWCallback< /passwordCallbackClass> server_security.properties SKIKeyIdentifier Signature server_security.properties 12) Additional resources I've come through http://jetty.mortbay.org/jetty/faq?s=3D400-Security&t=3Dssl#step3 http://www.devx.com/Java/Article/28816/0/page/2 http://www.rsasecurity.com/rsalabs/node.asp?id=3D2124 Hope this helps. Regards, Ali Sadik Kumlali [1] http://portecle.sourceforge.net/ [2] http://www.openssl.org/ [3] http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html --- "Scudder, Jeffrey W" wrote: > I am trying to configure Axis2 v1.0 to add digital signatures to all=20 > outgoing soap messages by configuring the rampart module. While=20 > filling in the blanks in the OutflowSecurity parameter I realized I=20 > have no idea how to obtain a signature key or have it signed by a CA. >=20 > The implementation will be used in a closed lab, so there is no need=20 > to use an Internet CA (Verisign etc.) >=20 > How do I create a signature key and import is into the Axis2=20 > framework? > I'm new at this. >=20 > Thank you, >=20 > Jeff Scudder >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org > For additional commands, e-mail: axis-user-help@ws.apache.org >=20 >=20 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com=20 --------------------------------------------------------------------- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org For additional commands, e-mail: axis-user-help@ws.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org For additional commands, e-mail: axis-user-help@ws.apache.org