You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Nachiappan Narayanan <Na...@infravio.com> on 2004/03/02 15:35:40 UTC

XML Encryption

All,

  Im exploring XML Encryption. Im not sure whether my approach towards XML Encryption is this:

1. Client Sends the public key to the Server
2. Server Generates the Shared Secret Key
3. Server Encrypts the Shared Secret Key with the Client's Public Key
4. Server Sends the Encrypted Shared Secret Key to the Client
5. Client Decrypts & fetches the Shared Secret Key
6. For each and every SOAP Request, the Client encrypts the SOAP Request with the Shared Secret Key
7. The Server upon receiving the Encrypted SOAP Request, the server decrypts with the Shared Secret Key and obtains the original Request.
8. Similarly, the Server Response is encrypted with Shared Secret Key
9. The Server Response is decrypted by the client using the Shared Secret Key.

  Is this the one and only mechanisms by which XML Encryption can be achieved? I think the above procedure is symmetric key XML Encryption. If so, is there any steps such as this for Asymmetric Key XML Encryption?

  Here the Key generation should be automated rite? If i convert any string into byte array, i get Invalid Key Size exception. Is there any standard to generate such shared key? 

  Can anyone please help me out?

Regards,
Nachiappan.N