axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [Axis2] hmac-sha1 Signature
Date Thu, 08 Feb 2007 13:14:28 GMT
Hi folks,

In cases where we have to use a symmetric key and ensure integrity of
a message we use hmac-sha1 and compute the MAC value over the
canonicalized SignedInfo element and use that MAC value (base64ed) as
the SignatureValue:

<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' />
<ds:SignatureMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' />
...
...
</ds:SignedInfo>
...
...
</ds:Signature>

I support this is the scenario that Maxim mentioned.

Do you have a scenario where you should be able to do this with an
arbitrary key that you have? Can you also let us know how you are
planning to refer to the shared key used in the signature structure.
Specifically how the "KeyInfo" element of the Signature should be
setup.

Right now rampart supports this approach only with the WS-SecConv
implementation where we have to use the derived key to generate
signature as above.

Thanks,
Ruchith

On 2/8/07, Jyrki Saarinen <jyrki.saarinen@valimo.com> wrote:
> On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote:
> > Hi All
> >
> > I need to use hmac-sha1 Signature.
> >
> > How can I pass my SecretKey to rampart?
>
> You need to read some cryptography, HMAC-SHA1 isn't a digital signature
> algorithm, it is a MAC (Message Authentication Code).
>
> Jyrki
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message