You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Vignesh M.P.N." <ma...@iit.edu> on 2006/05/13 00:15:36 UTC
Doubts in implementing XML encryption
Hi all
I am facing problems in implementing XML encryption. I am new to web
services and security, so please help me on this. I could not understand key
management.
>From my understanding of XML encryption in WS-Security, it uses combination
of shared and public key cryptography wherein the message is encrypted using
the shared key and then the shared key is encrypted by the recipient's
(server) public key. So that the server decrypts the shared key using its
private key and decrypts the message using the shared key. Please correct me
if I am wrong.
I have created and self-signed the private key and public certificate using
the Java's keytool and both of them are in the same keystore called
"privkeystore". I created them based on this article:
http://www.devx.com/Java/Article/28816/0/page/2
My doubt is reg. how do I use these keys?
What should I provide to the setUserinfo() method of WSSecEncrypt? If I give
the alias name of my private key, how will it encrypt this client's private
key (shared key) using the server's public key. I could not understand this
part. Please help me understanding this.
The following is my code for implementing XML encryption:
private Message encryptSOAPEnvelope(SOAPEnvelope unsecureEnvelope, Message
axisMsg)
throws Exception
{
WSSecEncrypt encryptBody = new WSSecEncrypt();
encryptBody.setUserInfo("privkey", "tempass");
Document doc = unsecureEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
//Build SOAP envelope with encrypted body and add encrypted key.
Document encryptDoc = encryptBody.build(doc, crypto, secHeader);
// Convert the document into a SOAP message.
Message encryptMsg = (Message) toSOAPMessage(encryptDoc);
String soapPart = encryptMsg.getSOAPPartAsString();
((SOAPPart)axisMsg.getSOAPPart()).setCurrentMessage(soapPart,
SOAPPart.FORM_STRING);
encryptDoc = axisMsg.getSOAPEnvelope().getAsDocument();
Message encryptSOAPMsg = (Message)toSOAPMessage(encryptDoc);
return encryptSOAPMsg;
}
Thanks
Vignesh
RE: Doubts in implementing XML encryption
Posted by "Vignesh M.P.N." <ma...@iit.edu>.
As mentioned in the code I've specified, I use the alias name of my private
key "privkey" in the setUserinfo() method of WSSecEncrypt.
In that case the output I get is:
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/
<http://www.w3.org/2001/04/xmlenc#rsa-1_5> >
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509IssuerSerial>
<ds:X509IssuerName>
CN=privkey </ds:X509IssuerName>
<ds:X509SerialNumber>
1146010922 </ds:X509SerialNumber>
</ds:X509IssuerSerial>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
DT+Y0OTk41GzlR1+g0PoAco3nX7fkZjCMio0LZvJYAM6ePo6lAK8vMii0ckL20MN11hgf2OoFumO
18Fbc8uz2Y0/U2sWlPHigFseR1qJlu4M1U79zxFfkQp7DZGwppkSn9YVWDNmUP8tOsT8PfVtXBld
ndYxwh7DOsai/x27C/k= </xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-6781414"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
The <IssuerName> in the <SecurityTokenReference> is referring to
"CN=privkey" which is the dname of my private key. I hope this is wrong.
>From my reading from the book "Securing Web Services with WS-Security" by
Jothy Rosenburg and David Remy, the <KeyInfo> under the <EncryptedKey> holds
the info of recipient's public key. If that is the case how will my client
know the recipient's public key?!
Please help me understand this.
Thanks
Vignesh.
-----Original Message-----
From: Vignesh M.P.N. [mailto:manivig@iit.edu]
Sent: Friday, May 12, 2006 5:16 PM
To: wss4j-dev@ws.apache.org
Subject: Doubts in implementing XML encryption
Hi all
I am facing problems in implementing XML encryption. I am new to web
services and security, so please help me on this. I could not understand key
management.
>From my understanding of XML encryption in WS-Security, it uses combination
of shared and public key cryptography wherein the message is encrypted using
the shared key and then the shared key is encrypted by the recipient's
(server) public key. So that the server decrypts the shared key using its
private key and decrypts the message using the shared key. Please correct me
if I am wrong.
I have created and self-signed the private key and public certificate using
the Java's keytool and both of them are in the same keystore called
"privkeystore". I created them based on this article:
http://www.devx.com/Java/Article/28816/0/page/2
My doubt is reg. how do I use these keys?
What should I provide to the setUserinfo() method of WSSecEncrypt? If I give
the alias name of my private key, how will it encrypt this client's private
key (shared key) using the server's public key. I could not understand this
part. Please help me understanding this.
The following is my code for implementing XML encryption:
private Message encryptSOAPEnvelope(SOAPEnvelope unsecureEnvelope, Message
axisMsg)
throws Exception
{
WSSecEncrypt encryptBody = new WSSecEncrypt();
encryptBody.setUserInfo("privkey", "tempass");
Document doc = unsecureEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
//Build SOAP envelope with encrypted body and add encrypted key.
Document encryptDoc = encryptBody.build(doc, crypto, secHeader);
// Convert the document into a SOAP message.
Message encryptMsg = (Message) toSOAPMessage(encryptDoc);
String soapPart = encryptMsg.getSOAPPartAsString();
((SOAPPart)axisMsg.getSOAPPart()).setCurrentMessage(soapPart,
SOAPPart.FORM_STRING);
encryptDoc = axisMsg.getSOAPEnvelope().getAsDocument();
Message encryptSOAPMsg = (Message)toSOAPMessage(encryptDoc);
return encryptSOAPMsg;
}
Thanks
Vignesh
RE: Doubts in implementing XML encryption
Posted by "Vignesh M.P.N." <ma...@iit.edu>.
As mentioned in the code I've specified, I use the alias name of my private
key "privkey" in the setUserinfo() method of WSSecEncrypt.
In that case the output I get is:
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/
<http://www.w3.org/2001/04/xmlenc#rsa-1_5> >
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509IssuerSerial>
<ds:X509IssuerName>
CN=privkey </ds:X509IssuerName>
<ds:X509SerialNumber>
1146010922 </ds:X509SerialNumber>
</ds:X509IssuerSerial>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
DT+Y0OTk41GzlR1+g0PoAco3nX7fkZjCMio0LZvJYAM6ePo6lAK8vMii0ckL20MN11hgf2OoFumO
18Fbc8uz2Y0/U2sWlPHigFseR1qJlu4M1U79zxFfkQp7DZGwppkSn9YVWDNmUP8tOsT8PfVtXBld
ndYxwh7DOsai/x27C/k= </xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-6781414"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
The <IssuerName> in the <SecurityTokenReference> is referring to
"CN=privkey" which is the dname of my private key. I hope this is wrong.
>From my reading from the book "Securing Web Services with WS-Security" by
Jothy Rosenburg and David Remy, the <KeyInfo> under the <EncryptedKey> holds
the info of recipient's public key. If that is the case how will my client
know the recipient's public key?!
Please help me understand this.
Thanks
Vignesh.
-----Original Message-----
From: Vignesh M.P.N. [mailto:manivig@iit.edu]
Sent: Friday, May 12, 2006 5:16 PM
To: wss4j-dev@ws.apache.org
Subject: Doubts in implementing XML encryption
Hi all
I am facing problems in implementing XML encryption. I am new to web
services and security, so please help me on this. I could not understand key
management.
>From my understanding of XML encryption in WS-Security, it uses combination
of shared and public key cryptography wherein the message is encrypted using
the shared key and then the shared key is encrypted by the recipient's
(server) public key. So that the server decrypts the shared key using its
private key and decrypts the message using the shared key. Please correct me
if I am wrong.
I have created and self-signed the private key and public certificate using
the Java's keytool and both of them are in the same keystore called
"privkeystore". I created them based on this article:
http://www.devx.com/Java/Article/28816/0/page/2
My doubt is reg. how do I use these keys?
What should I provide to the setUserinfo() method of WSSecEncrypt? If I give
the alias name of my private key, how will it encrypt this client's private
key (shared key) using the server's public key. I could not understand this
part. Please help me understanding this.
The following is my code for implementing XML encryption:
private Message encryptSOAPEnvelope(SOAPEnvelope unsecureEnvelope, Message
axisMsg)
throws Exception
{
WSSecEncrypt encryptBody = new WSSecEncrypt();
encryptBody.setUserInfo("privkey", "tempass");
Document doc = unsecureEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
//Build SOAP envelope with encrypted body and add encrypted key.
Document encryptDoc = encryptBody.build(doc, crypto, secHeader);
// Convert the document into a SOAP message.
Message encryptMsg = (Message) toSOAPMessage(encryptDoc);
String soapPart = encryptMsg.getSOAPPartAsString();
((SOAPPart)axisMsg.getSOAPPart()).setCurrentMessage(soapPart,
SOAPPart.FORM_STRING);
encryptDoc = axisMsg.getSOAPEnvelope().getAsDocument();
Message encryptSOAPMsg = (Message)toSOAPMessage(encryptDoc);
return encryptSOAPMsg;
}
Thanks
Vignesh