Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 28796 invoked from network); 21 Apr 2008 15:03:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Apr 2008 15:03:55 -0000 Received: (qmail 24067 invoked by uid 500); 21 Apr 2008 15:03:48 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 24040 invoked by uid 500); 21 Apr 2008 15:03:48 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 24029 invoked by uid 99); 21 Apr 2008 15:03:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Apr 2008 08:03:48 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jose.ferreiro@gmail.com designates 216.239.58.190 as permitted sender) Received: from [216.239.58.190] (HELO gv-out-0910.google.com) (216.239.58.190) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Apr 2008 15:02:56 +0000 Received: by gv-out-0910.google.com with SMTP id p33so93355gvf.22 for ; Mon, 21 Apr 2008 08:03:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:mime-version:content-type; bh=U6+a2Hsdqx9sPh/0OrrQ47bW19dHBfj3RgbHZMrwYW4=; b=nySApVtDtIGwVg9WGXLf+E3cP5GYDBtbmvPmJ6J8evLv5VtWBRsYBvU6Emx18qN/CAuXrV9mh7wLq6HKFvd2rC2pq0+H4abep6PKPJG1ITem0e/X5sr1cGJmmYruK985G2wrE5Iafq+2KsDs5ebIFe9Cf9AHk0itwQTmoBasSAo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:mime-version:content-type; b=O843d06/avHiQ8Reck2Dj9G5jfTq11FZB6vyHceDgvPYhEN974Kah/3rKl230QUanETje1ay8SgNidc9k5aMAprzzevV0OKl+y2fL6axOZ9N0YHyj6PBbnW2xxxcRySmfRfz2m1DNXpTCUzI2uu+HJSgfDSvd4G84yB7YZbWDV4= Received: by 10.150.220.19 with SMTP id s19mr7057086ybg.147.1208790179024; Mon, 21 Apr 2008 08:02:59 -0700 (PDT) Received: by 10.150.11.7 with HTTP; Mon, 21 Apr 2008 08:02:58 -0700 (PDT) Message-ID: <4e3ba4880804210802v136fb7ct975e958d3d2e6a51@mail.gmail.com> Date: Mon, 21 Apr 2008 17:02:58 +0200 From: "=?UTF-8?Q?Jos=C3=A9_Ferreiro?=" Reply-To: j.o.s.e.f.e.r.r.e.i.r.o@gmail.com To: wss4j-dev@ws.apache.org, axis-user@ws.apache.org Subject: WSS4J: Hybrid system (Symmetric and asymmetric cryptography) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_14424_22904612.1208790178997" X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_14424_22904612.1208790178997 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline *Hello,* ** Definitions: Asymmetric cryptography: Form of cryptography in which a user has a pair of cryptographic keys (a *public key* and a *private key*) Symmetric cryptography: Form of cryptography in which many user shared a secret-key (*single key*) *WSS4J works as follows for encryption*: WSS4J generates a random session key (*single key*) for every new "session" (SOAP message), encrypts the data using the *single key*. The server's *public key* (usually contained in a X.509 certificate) encrypts the *session key* and packs it into the relevant SOAP header structure. Is this correct? Which is the default *symmetric* algorithm to encrypt the SOAP body data in WSS4J? Is it aes128-cbc? Which is the default *asymmetric* algorithm to encrypt the symmetric key (*single key*) in WSS4J? Is it RSA? *WSS4J works as follows for signing*: The client uses its *private key* to sign the SOAP body. The server uses the client's public key to check the signature of the SOAP body content using a cryptographic hash fuction. The client's public key is usually contained in a signed certificate by a Certificate Authority (such as Verisign) Is this correct? Which is the default hash algorithm to sign the SOA body data in WSS4J? Is it SHA-1? Thank you in advance for your comments. Jose Ferreiro ------=_Part_14424_22904612.1208790178997 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Hello,
 
Definitions:
Asymmetric cryptography: Form of cryptography in which a user has a pair of cryptographic keys (a public key and a private key)
Symmetric cryptography:  Form of cryptography in which many user shared a secret-key (single key)
 
WSS4J works as follows for encryption:
 
WSS4J generates a random session key (single key) for every new "session" (SOAP message), encrypts the data using the single key.
The server's public key (usually contained in a X.509 certificate) encrypts the session key and packs it into the relevant SOAP header structure.
 
Is this correct?
Which is the default symmetric algorithm to encrypt the SOAP body data in WSS4J? Is it aes128-cbc?
Which is the default asymmetric algorithm to encrypt the symmetric key (single key) in WSS4J? Is it RSA?
 
 
WSS4J works as follows for signing:
 
The client uses its private key to sign the SOAP body. The server uses the client's public key to check the signature of the SOAP body content using a cryptographic hash fuction.
The client's public key is usually contained in a signed certificate by a Certificate Authority (such as Verisign)
 
Is this correct?
Which is the default hash algorithm to sign the SOA body data in WSS4J? Is it SHA-1?
 
Thank you in advance for your comments.
 
Jose Ferreiro
 
 
 
 
------=_Part_14424_22904612.1208790178997--