axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yaniv Ofer" <Ofer.Ya...@comverse.com>
Subject RE: [Axis2] hmac-sha1 Signature
Date Sun, 11 Feb 2007 06:05:57 GMT
Thanks!

________________________________

From: Tonkikh Maxim [mailto:Maxim.Tonkikh@comverse.com] 
Sent: Friday, February 09, 2007 11:03 PM
To: ruchith.fernando@gmail.com
Cc: axis-user@ws.apache.org
Subject: FW: [Axis2] hmac-sha1 Signature


From: Yaniv Ofer
....
Subject: RE: [Axis2] hmac-sha1 Signature


Hello Ruchith, 

Thanks very much for your support, time & effort. 

I would like to provide few details that may clarify the issue. 

The related mailService.wsdl was provided by Microsoft for generating
the Hotmail Mail Client for retrieving/sending mail using the MSP 3.0
protocol ( based on .NET WSE 3.0 extension ).

We are trying to generate a Java/C++ client over Windows/Linux using
Axis 2.0 out of the attached Microsoft mailService.wsdl.

The generated SOAP request should be sent to Microsoft Hotmail Mail
Server. 

The Secret Key that should be used for the HMAC-SHA1 signature value is
returned by a different (non WSDL) call to Microsoft Passport server
(different than the Microsoft Hotmail Mail Server). 

The Passport server request includes the Hotmail account
username/password. The Passport server response includes a Mobile Token
& a Secret Key.

The Mobile Token should be provided as the wsse:BinarySecurityToken &
the Secret Key should be used for the generation of the HMAC-SHA1
ds:SignatureValue.

( Each SignedInfo DigestValue element is generated using SHA1 ). 

Attached is a sample SyncMailFolders Request that should be generated
out of the attached WSDL using Axis 2.0 

Thanks 
 Ofer 

-----Original Message----- 
From: Tonkikh Maxim 
Sent: Thursday, February 08, 2007 3:58 PM 
To: Yaniv Ofer 
Subject: FW: [Axis2] hmac-sha1 Signature 

-----Original Message----- 
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] 
Sent: Thursday, 08 February, 2007 15:14 
To: axis-user@ws.apache.org 
Subject: Re: [Axis2] hmac-sha1 Signature 

Hi folks, 

In cases where we have to use a symmetric key and ensure integrity of a
message we use hmac-sha1 and compute the MAC value over the
canonicalized SignedInfo element and use that MAC value (base64ed) as
the SignatureValue:

<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#' >
<ds:SignedInfo> <ds:CanonicalizationMethod
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' />
<ds:SignatureMethod
Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' /> ...

... 
</ds:SignedInfo> 
... 
... 
</ds:Signature> 

I support this is the scenario that Maxim mentioned. 

Do you have a scenario where you should be able to do this with an
arbitrary key that you have? Can you also let us know how you are
planning to refer to the shared key used in the signature structure.

Specifically how the "KeyInfo" element of the Signature should be setup.


Right now rampart supports this approach only with the WS-SecConv
implementation where we have to use the derived key to generate
signature as above.

Thanks, 
Ruchith 

On 2/8/07, Jyrki Saarinen <jyrki.saarinen@valimo.com> wrote: 
> On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote: 
> > Hi All 
> > 
> > I need to use hmac-sha1 Signature. 
> > 
> > How can I pass my SecretKey to rampart? 
> 
> You need to read some cryptography, HMAC-SHA1 isn't a digital 
> signature algorithm, it is a MAC (Message Authentication Code). 
> 
> Jyrki 
> 
> 
> 
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org 
> For additional commands, e-mail: axis-user-help@ws.apache.org 
> 
> 


-- 
www.ruchith.org 
www.wso2.org 

--------------------------------------------------------------------- 
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org 
For additional commands, e-mail: axis-user-help@ws.apache.org 


Mime
View raw message