You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by Xinjun Chen <xj...@gmail.com> on 2006/08/31 12:24:23 UTC

Encryption and Signature using UsernameToken

Hi wss4j user,

In .NET, UsernameToken can be used for both signature and encryption.
I have some problem in interoperating the secure web services in .NET.
I am trying to use wss4j to add security headers to the SOAP Envelope.

My questions are:

1. If the UsernameToken is used for encryption, must it be a symmetric
encryption key(a shared secret key)? Can I use any random string to
act as the Shared Secret Key? Or shared secret key must be some
special strings?

2. Which one is actually the secret key, the password alone, the
combination of username and password, or other combination of username
password nonce and creationTime?

If my question is intuitive, could you please point me somewhere else?



Regards,

Xinjun

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org