cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Cornelis <i...@e-contract.be>
Subject DHKeyValue as ComputedKey
Date Tue, 28 Jul 2015 09:09:41 GMT
Hi,


For some application we would like to have a proof-of-possession key 
with perfect forward secrecy security property.
WS-Trust clearly defines how to compute such key using the PSHA1 
algorithm, but not how to properly do this using Diffie-Hellman.
Does anyone have an example on how this should best be incorporated 
within the WS-Trust protocol?

Request should contain something like:

<wst:ComputedKeyAlgorithm>
     http://www.w3.org/2001/04/xmlenc#DHKeyValue
</wst:ComputedKeyAlgorithm>
<wst:KeyType>
     http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
</wst:KeyType>
<???>
     <xenc:DHKeyValue>
         <xenc:P>...</xenc:P>
         <xenc:Q>...</xenc:Q>
         <xenc:Generator>...</xenc:Generator>
         <xenc:Public>...</xenc:Public>
     </xenc:DHKeyValue>
</???>




The response something like:

<wst:RequestedProofToken>
     <wst:ComputedKey>
         http://www.w3.org/2001/04/xmlenc#DHKeyValue
     </wst:ComputedKey>
     <???>
         <xenc:DHKeyValue>
             <xenc:P>...</xenc:P>
             <xenc:Q>...</xenc:Q>
             <xenc:Generator>...</xenc:Generator>
             <xenc:Public>...</xenc:Public>
         </xenc:DHKeyValue>
     </???>
</wst:RequestedProofToken>



Any suggestions here are welcome.


Mvg,
Frank.

Mime
View raw message