axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yaniv Ofer" <>
Subject RE: [Axis2] hmac-sha1 Signature
Date Sun, 11 Feb 2007 06:05:57 GMT


From: Tonkikh Maxim [] 
Sent: Friday, February 09, 2007 11:03 PM
Subject: FW: [Axis2] hmac-sha1 Signature

From: Yaniv Ofer
Subject: RE: [Axis2] hmac-sha1 Signature

Hello Ruchith, 

Thanks very much for your support, time & effort. 

I would like to provide few details that may clarify the issue. 

The related mailService.wsdl was provided by Microsoft for generating
the Hotmail Mail Client for retrieving/sending mail using the MSP 3.0
protocol ( based on .NET WSE 3.0 extension ).

We are trying to generate a Java/C++ client over Windows/Linux using
Axis 2.0 out of the attached Microsoft mailService.wsdl.

The generated SOAP request should be sent to Microsoft Hotmail Mail

The Secret Key that should be used for the HMAC-SHA1 signature value is
returned by a different (non WSDL) call to Microsoft Passport server
(different than the Microsoft Hotmail Mail Server). 

The Passport server request includes the Hotmail account
username/password. The Passport server response includes a Mobile Token
& a Secret Key.

The Mobile Token should be provided as the wsse:BinarySecurityToken &
the Secret Key should be used for the generation of the HMAC-SHA1

( Each SignedInfo DigestValue element is generated using SHA1 ). 

Attached is a sample SyncMailFolders Request that should be generated
out of the attached WSDL using Axis 2.0 


-----Original Message----- 
From: Tonkikh Maxim 
Sent: Thursday, February 08, 2007 3:58 PM 
To: Yaniv Ofer 
Subject: FW: [Axis2] hmac-sha1 Signature 

-----Original Message----- 
From: Ruchith Fernando [] 
Sent: Thursday, 08 February, 2007 15:14 
Subject: Re: [Axis2] hmac-sha1 Signature 

Hi folks, 

In cases where we have to use a symmetric key and ensure integrity of a
message we use hmac-sha1 and compute the MAC value over the
canonicalized SignedInfo element and use that MAC value (base64ed) as
the SignatureValue:

<ds:Signature xmlns:ds='' >
<ds:SignedInfo> <ds:CanonicalizationMethod
Algorithm='' />
Algorithm='' /> ...


I support this is the scenario that Maxim mentioned. 

Do you have a scenario where you should be able to do this with an
arbitrary key that you have? Can you also let us know how you are
planning to refer to the shared key used in the signature structure.

Specifically how the "KeyInfo" element of the Signature should be setup.

Right now rampart supports this approach only with the WS-SecConv
implementation where we have to use the derived key to generate
signature as above.


On 2/8/07, Jyrki Saarinen <> wrote: 
> On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote: 
> > Hi All 
> > 
> > I need to use hmac-sha1 Signature. 
> > 
> > How can I pass my SecretKey to rampart? 
> You need to read some cryptography, HMAC-SHA1 isn't a digital 
> signature algorithm, it is a MAC (Message Authentication Code). 
> Jyrki 
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: 
> For additional commands, e-mail: 


To unsubscribe, e-mail: 
For additional commands, e-mail: 

View raw message