You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by dm...@gmx.de on 2012/09/02 10:33:43 UTC
Re: XMLSecurity key recovery fails when keystore and key use different
passwords
Hi Rich,
Sorry for the delay. And thanks for the patch, that's exactly what I was looking for! I will give that I try soon.
Regards, Dominik
-------- Original-Nachricht --------
> Datum: Wed, 29 Aug 2012 01:16:41 -0400
> Von: Rich Newcomb <ri...@gmail.com>
> An: users@camel.apache.org
> Betreff: Re: XMLSecurity key recovery fails when keystore and key use different passwords
> Quick follow up. I went ahead and created the patch to enable a
> "keyPassword" to be specified. In the patch, the key password will only
> be
> used to retrieve a private key during the unmarshal action.
>
> For example:
>
> <unmarshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="keyStoreParams"
> keyPassword="keyPassword"/>
>
> </unmarshal>
>
> I'm not sure if the patch will be accepted straight away, but feel free to
> give it a try and provide comments as useful.
>
> Thanks,
> Rich
>
> On Tue, Aug 28, 2012 at 10:49 PM, Rich Newcomb
> <ri...@gmail.com>wrote:
>
> > Hi Dominik,
> >
> > The example you provided is a little bit confusing. The PUBLIC key of
> the
> > recipient is applied for asymmetric encryption. So, there no need to
> > access a password-protected key when the data is being marshalled.
> > However, the recipient will use a PRIVATE key from a key store to
> decrypt
> > / unmarshall the message.
> >
> > It is possible that the private key could have a password that is
> > different than the keystore password. That feature is not currently
> > supported, but in my opinion it should be.
> >
> > I created a ticket for this:
> > https://issues.apache.org/jira/browse/CAMEL-5545
> >
> > I'll try to have a look at this in the next several days.
> >
> > -Rich
> >
> >
> > On Tue, Aug 28, 2012 at 6:18 PM, ychawla
> <pr...@yahoo.com>wrote:
> >
> >> Hi Dominik,
> >> I think this is the default behavior in Java. Whenever I work with
> >> keystores, the keystore password must match the key password.
> >>
> >> This could be due to the KeyManagerFactory implementation:
> >>
> >>
> >>
> http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/KeyManagerFactory.html#init%28java.security.KeyStore,%20char[]%29
> >>
> >> It only allows for a single password.
> >>
> >> Thanks,
> >> Yogesh
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >>
> http://camel.465427.n5.nabble.com/XMLSecurity-key-recovery-fails-when-keystore-and-key-use-different-passwords-tp5718094p5718217.html
> >> Sent from the Camel - Users mailing list archive at Nabble.com.
> >>
> >
> >