*Hello,*
**
Definitions:
Asymmetric cryptography: Form of cryptography in which a user has a pair of
cryptographic keys (a *public key* and a *private key*)
Symmetric cryptography: Form of cryptography in which many user shared a
secretkey (*single key*)
*WSS4J works as follows for encryption*:
WSS4J generates a random session key (*single key*) for every new "session"
(SOAP message), encrypts the data using the *single key*.
The server's *public key* (usually contained in a X.509 certificate)
encrypts the *session key* and packs it into the relevant SOAP header
structure.
Is this correct?
Which is the default *symmetric* algorithm to encrypt the SOAP body data in
WSS4J? Is it aes128cbc?
Which is the default *asymmetric* algorithm to encrypt the symmetric
key (*single
key*) in WSS4J? Is it RSA?
*WSS4J works as follows for signing*:
The client uses its *private key* to sign the SOAP body. The server uses the
client's public key to check the signature of the SOAP body content using a
cryptographic hash fuction.
The client's public key is usually contained in a signed certificate by a
Certificate Authority (such as Verisign)
Is this correct?
Which is the default hash algorithm to sign the SOA body data in WSS4J? Is
it SHA1?
Thank you in advance for your comments.
Jose Ferreiro
