You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "vlad.balan" <vl...@gmail.com> on 2018/08/14 11:39:22 UTC

Encrypt directly with user certificate or with EncryptedKey?

Helloin asymmetric bindings, i never quite understand why sometimes
encryption is done DIRECTLY with receipient's certificate and sometimes with
an EncryptedKey protected with receipient's
certificate.http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.htmlExamples
2.13 and 2.2.1 use exactly the same policy (let appart the username token in
the first example) and still, in the rel messages, the first encrypts
directly with the certificate and the secon example passes through an
intermediary key (of course protected with receipient's certificate).Thanks.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Encrypt directly with user certificate or with EncryptedKey?

Posted by "vlad.balan" <vl...@gmail.com>.

Thanks a lot for the response.

See section 2.1.3 (WSS 1.0) here 

http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html


It's using directly the certificate.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Encrypt directly with user certificate or with EncryptedKey?

Posted by Colm O hEigeartaigh <co...@apache.org>.

I think the typical use-case is to use EncryptedKey for the
AsymmetricBinding. I'm not sure off-hand how the policy resulted in a
message referring directly to the certificates.

Colm.

On Tue, Aug 14, 2018 at 12:39 PM, vlad.balan <vl...@gmail.com> wrote:

> Helloin asymmetric bindings, i never quite understand why sometimes
> encryption is done DIRECTLY with receipient's certificate and sometimes
> with
> an EncryptedKey protected with receipient's
> certificate.http://docs.oasis-open.org/ws-sx/security-
> policy/examples/ws-sp-usecases-examples.htmlExamples
> 2.13 and 2.2.1 use exactly the same policy (let appart the username token
> in
> the first example) and still, in the rel messages, the first encrypts
> directly with the certificate and the secon example passes through an
> intermediary key (of course protected with receipient's
> certificate).Thanks.
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com