axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <>
Subject Re: ws-security: Encryption using UserToken
Date Sun, 30 Dec 2007 07:58:01 GMT
Hi Patrick,

On 12/30/07, qvall <> wrote:
> Hi,
> I would like to encrypt and sign my requests any responses using WSS4J and
> UserToken
> but can't figure it out how to make it.guess I should play with
> "encryptionKeyIdentifier", "EmbeddedKeyName",
> "encryptionPropFile"
> "encryptionSymAlgorithm" according to other link that works. However i
> still
> don't know how
> to make it. Especially how can i reference UserToken that is generated to
> be
> used to
> signature and encryption ?

I think the Rampart basic sample 9 -  [1] which uses the embedded key name
as the encryption key identifier will help you understand the usage.

> is there any way to
> encrypt
> response from server (using x509 Certificates) without knowing client's
> public key in advance?
> I mean in many samples I saw that server's keystore had client's cert. I
> would like to
> avoid it since this requires modifing server with each new client. Does
> "useReqSigCert"
> has something to do it with?

    Yes, if we use "useReqSigCert", the certificate used to sign the request
message will
be used to encrypt the response message back to the client. So the
server may either get
the certificate from the key store or extract it from the request. In the
latter case,  the server
must be able to verify the trust for the client's certificate.
   If you are using policy based configuration of Rampart, you have another
option. You can
use a Symmetric Binding. If you use symmetric binding, then the
client doesn't need to have
a certificate at all to do the encryption and signature.


[1] -

View raw message