Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 26261 invoked from network); 11 Feb 2007 06:06:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Feb 2007 06:06:46 -0000 Received: (qmail 42993 invoked by uid 500); 11 Feb 2007 06:06:44 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 42974 invoked by uid 500); 11 Feb 2007 06:06:44 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 42963 invoked by uid 99); 11 Feb 2007 06:06:44 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Feb 2007 22:06:44 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [192.118.49.220] (HELO ns6.comverse.com) (192.118.49.220) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Feb 2007 22:06:34 -0800 X-SBRS: None X-IronPort-AV: i="4.13,310,1167602400"; d="scan'208,217"; a="104480670:sNHT46417420" Received: from il-tlv-mail01.comverse.com ([10.115.242.87]) by il-tlv-bridge02.comverse.com with Microsoft SMTPSVC(6.0.3790.2499); Sun, 11 Feb 2007 08:06:10 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C74DA2.B9FDA930" Subject: RE: [Axis2] hmac-sha1 Signature Date: Sun, 11 Feb 2007 08:05:57 +0200 Message-ID: In-Reply-To: <3C6776F9DAAEC744A88BF0784A87BB231061C3@il-tlv-mail01.comverse.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Axis2] hmac-sha1 Signature Thread-Index: AcdLgyfD2GcJWCMFRASe4NDzrCx6rAABgAqgACtVjBAAFc7GwQBFPcKw From: "Yaniv Ofer" To: X-OriginalArrivalTime: 11 Feb 2007 06:06:10.0910 (UTC) FILETIME=[BA4E8FE0:01C74DA2] X-Virus-Checked: Checked by ClamAV on apache.org ------_=_NextPart_001_01C74DA2.B9FDA930 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks! ________________________________ From: Tonkikh Maxim [mailto:Maxim.Tonkikh@comverse.com]=20 Sent: Friday, February 09, 2007 11:03 PM To: ruchith.fernando@gmail.com Cc: axis-user@ws.apache.org Subject: FW: [Axis2] hmac-sha1 Signature From: Yaniv Ofer .... Subject: RE: [Axis2] hmac-sha1 Signature Hello Ruchith,=20 Thanks very much for your support, time & effort.=20 I would like to provide few details that may clarify the issue.=20 The related mailService.wsdl was provided by Microsoft for generating the Hotmail Mail Client for retrieving/sending mail using the MSP 3.0 protocol ( based on .NET WSE 3.0 extension ). We are trying to generate a Java/C++ client over Windows/Linux using Axis 2.0 out of the attached Microsoft mailService.wsdl. The generated SOAP request should be sent to Microsoft Hotmail Mail Server.=20 The Secret Key that should be used for the HMAC-SHA1 signature value is returned by a different (non WSDL) call to Microsoft Passport server (different than the Microsoft Hotmail Mail Server).=20 The Passport server request includes the Hotmail account username/password. The Passport server response includes a Mobile Token & a Secret Key. The Mobile Token should be provided as the wsse:BinarySecurityToken & the Secret Key should be used for the generation of the HMAC-SHA1 ds:SignatureValue. ( Each SignedInfo DigestValue element is generated using SHA1 ).=20 Attached is a sample SyncMailFolders Request that should be generated out of the attached WSDL using Axis 2.0=20 Thanks=20 Ofer=20 -----Original Message-----=20 From: Tonkikh Maxim=20 Sent: Thursday, February 08, 2007 3:58 PM=20 To: Yaniv Ofer=20 Subject: FW: [Axis2] hmac-sha1 Signature=20 -----Original Message-----=20 From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]=20 Sent: Thursday, 08 February, 2007 15:14=20 To: axis-user@ws.apache.org=20 Subject: Re: [Axis2] hmac-sha1 Signature=20 Hi folks,=20 In cases where we have to use a symmetric key and ensure integrity of a message we use hmac-sha1 and compute the MAC value over the canonicalized SignedInfo element and use that MAC value (base64ed) as the SignatureValue: ... ...=20 =20 ...=20 ...=20 =20 I support this is the scenario that Maxim mentioned.=20 Do you have a scenario where you should be able to do this with an arbitrary key that you have? Can you also let us know how you are planning to refer to the shared key used in the signature structure. Specifically how the "KeyInfo" element of the Signature should be setup. Right now rampart supports this approach only with the WS-SecConv implementation where we have to use the derived key to generate signature as above. Thanks,=20 Ruchith=20 On 2/8/07, Jyrki Saarinen wrote:=20 > On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote:=20 > > Hi All=20 > >=20 > > I need to use hmac-sha1 Signature.=20 > >=20 > > How can I pass my SecretKey to rampart?=20 >=20 > You need to read some cryptography, HMAC-SHA1 isn't a digital=20 > signature algorithm, it is a MAC (Message Authentication Code).=20 >=20 > Jyrki=20 >=20 >=20 >=20 > ---------------------------------------------------------------------=20 > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org=20 > For additional commands, e-mail: axis-user-help@ws.apache.org=20 >=20 >=20 --=20 www.ruchith.org=20 www.wso2.org=20 ---------------------------------------------------------------------=20 To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org=20 For additional commands, e-mail: axis-user-help@ws.apache.org=20 ------_=_NextPart_001_01C74DA2.B9FDA930 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable RE: [Axis2] hmac-sha1 Signature
Thanks!

From: Tonkikh Maxim=20 [mailto:Maxim.Tonkikh@comverse.com]
Sent: Friday, February = 09, 2007=20 11:03 PM
To: ruchith.fernando@gmail.com
Cc:=20 axis-user@ws.apache.org
Subject: FW: [Axis2] hmac-sha1=20 Signature

From: Yaniv=20 Ofer
....
Subject: RE: [Axis2] = hmac-sha1=20 Signature

Hello Ruchith,

Thanks very much for your support, time & = effort.=20

I would like to provide few details that may clarify = the=20 issue.

The related mailService.wsdl was provided by Microsoft = for=20 generating the Hotmail Mail Client for retrieving/sending mail using the = MSP 3.0=20 protocol ( based on .NET WSE 3.0 extension ).

We are trying to generate a Java/C++ client over = Windows/Linux=20 using Axis 2.0 out of the attached Microsoft = mailService.wsdl.

The generated SOAP request should be sent to Microsoft = Hotmail=20 Mail Server.

The Secret Key that should be used for the HMAC-SHA1 = signature=20 value is returned by a different (non WSDL) call to Microsoft Passport = server=20 (different than the Microsoft Hotmail Mail Server).

The Passport server request includes the Hotmail = account=20 username/password. The Passport server response includes a Mobile Token = & a=20 Secret Key.

The Mobile Token should be provided as the=20 wsse:BinarySecurityToken & the Secret Key should be used for the = generation=20 of the HMAC-SHA1 ds:SignatureValue.

( Each SignedInfo DigestValue element is generated = using SHA1=20 ).

Attached is a sample SyncMailFolders Request that = should be=20 generated out of the attached WSDL using Axis 2.0

Thanks
 Ofer =

-----Original Message-----
From: Tonkikh=20 Maxim
Sent: Thursday, February 08, 2007 3:58 = PM=20
To: Yaniv Ofer
Subject: FW: = [Axis2]=20 hmac-sha1 Signature

-----Original Message-----
From: Ruchith=20 Fernando [mailto:ruchith.fernando@gmail.= com]=20
Sent: Thursday, 08 February, 2007 15:14 =
To: axis-user@ws.apache.org
Subject: = Re: [Axis2]=20 hmac-sha1 Signature

Hi folks,

In cases where we have to use a symmetric key and = ensure=20 integrity of a message we use hmac-sha1 and compute the MAC value over = the=20 canonicalized SignedInfo element and use that MAC value (base64ed) as = the=20 SignatureValue:

<ds:Signature xmlns:ds=3D'http://www.w3.org/2000/09/xm= ldsig#'=20 > <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=3D'http://www.w3.org/2001/= 10/xml-exc-c14n#'=20 /> <ds:SignatureMethod Algorithm=3D'http://www.w3.org/2= 000/09/xmldsig#hmac-sha1'=20 /> ...

...
</ds:SignedInfo>=20
...
...
</ds:Signature>

I support this is the scenario that Maxim = mentioned.

Do you have a scenario where you should be able to do = this with=20 an arbitrary key that you have? Can you also let us know how you are = planning to=20 refer to the shared key used in the signature structure.

Specifically how the "KeyInfo" element of the = Signature should=20 be setup.

Right now rampart supports this approach only with the = WS-SecConv implementation where we have to use the derived key to = generate=20 signature as above.

Thanks,
Ruchith

On 2/8/07, Jyrki Saarinen = <jyrki.saarinen@valimo.com>=20 wrote:
> On Thu, 2007-02-08 at 13:58 +0200, = Tonkikh=20 Maxim wrote:
> > Hi All
> >
> > I need to use = hmac-sha1=20 Signature.
> >
> >=20 How can I pass my SecretKey to rampart?
>=20
> You need to read some cryptography, HMAC-SHA1 = isn't a=20 digital
> signature algorithm, it is a MAC = (Message=20 Authentication Code).
>
>=20 Jyrki
>
>
>
>=20 ---------------------------------------------------------------------=20
> To unsubscribe, e-mail:=20 axis-user-unsubscribe@ws.apache.org
> For = additional=20 commands, e-mail: axis-user-help@ws.apache.org
>
>


--
www.ruchith.org =
www.wso2.org

----------------------------------------------------------------= -----=20
To unsubscribe, e-mail:=20 axis-user-unsubscribe@ws.apache.org
For = additional=20 commands, e-mail: axis-user-help@ws.apache.org =

------_=_NextPart_001_01C74DA2.B9FDA930--