camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Newcomb <rich.newc...@gmail.com>
Subject Re: XMLSecurity key recovery fails when keystore and key use different passwords
Date Wed, 29 Aug 2012 05:16:41 GMT
Quick follow up.  I went ahead and created the patch to enable a
"keyPassword" to be specified.  In the patch, the key password will only be
used to retrieve a private key during the unmarshal action.

For example:

<unmarshal>
  <secureXML
     secureTag="//cheese:cheesesites/italy"
     secureTagContents="true"
     xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
     keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
     recipientKeyAlias="recipient"
     keyOrTrustStoreParametersId="keyStoreParams"
     keyPassword="keyPassword"/>

</unmarshal>

I'm not sure if the patch will be accepted straight away, but feel free to
give it a try and provide comments as useful.

Thanks,
Rich

On Tue, Aug 28, 2012 at 10:49 PM, Rich Newcomb <rich.newcomb@gmail.com>wrote:

> Hi Dominik,
>
> The example you provided is a little bit confusing.  The PUBLIC key of the
> recipient is applied for asymmetric encryption.  So, there no need to
> access a password-protected key when the data is being marshalled.
>  However, the recipient will use a PRIVATE key from a key store to decrypt
> / unmarshall the message.
>
> It is possible that the private key could have a password that is
> different than the keystore password.  That feature is not currently
> supported, but in my opinion it should be.
>
> I created a ticket for this:
> https://issues.apache.org/jira/browse/CAMEL-5545
>
> I'll try to have a look at this in the next several days.
>
> -Rich
>
>
> On Tue, Aug 28, 2012 at 6:18 PM, ychawla <premiergeneration@yahoo.com>wrote:
>
>> Hi Dominik,
>> I think this is the default behavior in Java.  Whenever I work with
>> keystores, the keystore password must match the key password.
>>
>> This could be due to the KeyManagerFactory implementation:
>>
>>
>> http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/KeyManagerFactory.html#init%28java.security.KeyStore,%20char[]%29
>>
>> It only allows for a single password.
>>
>> Thanks,
>> Yogesh
>>
>>
>>
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/XMLSecurity-key-recovery-fails-when-keystore-and-key-use-different-passwords-tp5718094p5718217.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message