axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arlindo Luis Marcon Junior <arlindomarco...@gmail.com>
Subject Re: Question about Rampart's policy sample 3
Date Sun, 16 Mar 2008 16:28:58 GMT
Hi Thawan...

Yes,,, you can import the Public Key with the keytool ( you need import 
a certificate with the Public key that you need...)...

You need change the name of the keystore,,, the passwords,, and the 
alias...  in the policy.xml file and in the PWCBHandler...
( I dont remember now if is needed more changes... )... :-(

[/'s]
jr
sorry my poor english,,, please...



Thawan Kooburat escreveu:
> Hi,
>     Thanks for your reply,
>
>   
>>  If you import the "Public key" of the server to inside your
>>  client.jks,,, then,,, only the server ( in theory ) can decrypt the
>>  message with the Server Private Key...
>>     
>
>    Can I achieve this with Java keytool?  And do I need to modify
> policy.xml other than changing parameters in <ramp:RampartConfig> part
> ?
>
> Thanks,
>
> Thawan
>
>
> On Sat, Mar 15, 2008 at 11:35 PM, Arlindo Luis Marcon Junior
> <arlindomarconjr@gmail.com> wrote:
>   
>> Hi
>>
>>  Thawan
>>
>>
>>  anyone who intercept the package can decrypt and verify the signature of
>>  the message,,, IF you used the "private" key of "client"...
>>  In other words,,, if you sign and encrypt with the private key of the
>>  "client",,, you ensure/assure the identity of the issuer,,,
>>  non-repudiation of the issuer...
>>
>>  If you import the "Public key" of the server to inside your
>>  client.jks,,, then,,, only the server ( in theory ) can decrypt the
>>  message with the Server Private Key...
>>
>>
>>  [/'s]
>>  jr
>>
>>  Thawan Kooburat escreveu:
>>
>>
>>     
>>> Hi,
>>>       
>>  >     I have sucessfully deployed  Rampart policy sample 3 with Axis2
>>  > and Rampart 1.3
>>  >     I am not sure about how the security mechanism work in this sample.
>>  >     This is what I think:
>>  >     The client sign and encrypt its message using private key stored
>>  > in client.jks.  When a server receive the message, it decrypt and
>>  > verify the message by using public key extracted from the message
>>  > header.
>>  >
>>  >     This means that anyone who intercept the package can decrypt the message?
>>  >
>>  > Thanks,
>>  >
>>  > Thawan Kooburat
>>  >
>>  > Department of Computer Engineering
>>  > Faculty of Engineering
>>  > Chulalongkorn University
>>  > Bangkok Thailand
>>  >
>>  > ---------------------------------------------------------------------
>>  > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>  > For additional commands, e-mail: axis-user-help@ws.apache.org
>>  >
>>  >
>>  >
>>
>>  ---------------------------------------------------------------------
>>  To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>  For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>>     
>
>
>
>   


-- 
Arlindo Luis Marcon Junior
E-mail: arlindomarconjr@gmail.com
Internet Web Page: http://lattes.cnpq.br/6483462042489662
ICQ: 138864173
Curitiba - ParanĂ¡ - Brasil



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message