ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mayank Mishra <mayank...@gmail.com>
Subject Re: WSS4J Encryption with public key ???
Date Fri, 13 Nov 2009 19:36:41 GMT
Hi,
superk888 wrote:
> Yep, I've figured it out afterward. But when working with asymmetric
> encryption, aren't we suppose to have 2 possibilities with one key pair? 
>
> - A encrypts with A's private key --> B decrypts with A's public key
>   
It's a signature operation which happens with A's private key and B 
verifies the signature with A's public key. if we use public key to 
decrypt then many guys 'C', 'D', 'E', etc would decrypt the message, 
which we don't want, we wanted only 'B' to decrypt as it's encrypted for 
'B' only. Hence, encryption won't work here. This is a Signature, where 
everyone can come to know that only 'A' has sent the message.

> - A encrypts with B's public key --> B decrypts with B's private key
>   
This is right for Encryption. We do encryption so that only one guy 'B' 
who has it's private key can decrypt. All other's won't be having 'B's 
private key, hence can't decrypt.
> Besides, there is something wrong with the WSPasswordCallback class from
> WSS4J : this class uses a private key to decrypt a message. It logically
> throws an exception when we try to decrypt with a public key. 
>
> But then, why the hell does it allow to encrypt with a private key?
>   
I hope this helps.

With Regards,
Mayank
>
> Colm O hEigeartaigh wrote:
>   
>>     
>>> For an unknown reason to me, the crypto engine is looking for a
>>>       
>> private 
>>     
>>> key in the specified keystore object, which actually only contains a 
>>> certificate since it is the server's public key:confused:
>>>       
>> The client needs a private key to decrypt the (encrypted) message
>> received from the server. The service should be configured to encrypt
>> the response using the client's public key.
>>
>> Colm.
>>
>> -----Original Message-----
>> From: superk888 [mailto:superk888@gmail.com] 
>> Sent: 12 November 2009 12:04
>> To: wss4j-dev@ws.apache.org
>> Subject: WSS4J Encryption with public key ???
>>
>>
>> Hi everyone, 
>>
>> I've implemented a Web Service that supports 2-ways encryption features
>> using the X.509 Certificates method. Everything works fine when using 2
>> pairs of keys as it is described in the Apache CXF documentation, but
>> what I
>> am trying to do, is to use only one pair of keys : server-side keeps its
>> own
>> private key and gives its public key to the service client.
>> Consequently,
>> client-side has to encrypt messages before sending with the server's
>> public
>> key, which should work since this is an asymmetric encryption method. 
>>
>> Nevertheless, my service client succeeds to encrypt a message with the
>> server's public key but when the latter sends a response, my service
>> client
>> fails to decode the encrypted response. Is this case, I got the
>> following
>> error : 
>>
>> 2009-11-12 12:55:22,261 [main] ERROR
>> org.apache.ws.security.components.crypto.CryptoBase - Cannot find key
>> for
>> alias: [myAlias] in keystore of type [jks] from provider [SUN version
>> 1.5]
>> with size [1] and aliases: {myAlias}
>> 12-nov.-2009 12:55:22
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
>> handleMessage
>> ATTENTION: 
>> org.apache.ws.security.WSSecurityException: The signature or decryption
>> was
>> invalid; nested exception is: 
>> 	java.lang.Exception: Cannot find key for alias: [myAlias]
>> 	at ...
>> ...
>> Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
>> 	at
>> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto
>> Base.java:214)
>> 	at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
>> y(EncryptedKeyProcessor.java:328)
>> 	... 71 more
>> 12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> ATTENTION: Interceptor has thrown exception, unwinding now
>> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
>> invalid; nested exception is: 
>>
>> For an unknown reason to me, the crypto engine is looking for a private
>> key
>> in the specified keystore object, which actually only contains a
>> certificate
>> since it is the server's public key:confused: 
>>
>> What am I missing?
>> -- 
>> View this message in context:
>> http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26
>> 316077.html
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>     
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message