You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Tabin Cédric -[ thecaptain ]-" <ta...@netplus.ch> on 2006/02/15 13:47:42 UTC

[Certificate] public key / private key

Hi all,

I've got a little understanding problem with those certificates. I follow
theses steps (with keytool) :
1) I create 2 keystores, with a key for each one of them
2) I sign (with -selfcert) both keys
3) I export the key (public key) into a file certificate.cer from the 1st
keystore
4) I import the certificater.cer into the 2nd keystore.

Now I've got 2 keys in my keystore : keyEntry (privatekey) and
trustedCertEntry (publickey)

So no I want to use this certificate to encrypt a soap message... so I
build my file crypto.properties and wsdd files to redirect onto the key.
But when I'm executing the program I obtain this error :
RemoteException : WSDoAllSender: Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: Signature creation
failed; nested exception is:
	java.lang.Exception: Cannot find key for alias: publickey

I don't understand this exception... the private key isn't needed to
encrypt the soap body ???

Best regards

Tabin Cédric



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by "Tabin Cédric -[ thecaptain ]-" <ta...@netplus.ch>.

re,

I updated my wss4j to 1.1 (on the website it is wrote "Latest version of
WSS4J is 1.0.0"). The encryption looks like working :) but the Server
Error is still thrown :( No one on the dev-axis mailing list answer me at
the moment... I don't know where I can find out more information about
this problem.

Best regards

Tabin cédric

> My working encryption on axis 1.3 and wss4j 1.1:
>
> wsdd client config file:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Encrypt" />
> <parameter name="encryptionPropFile" value="x509encrypt.props" />
> <parameter name="encryptionKeyIdentifier" value="DirectReference" />
> <parameter name="encryptionUser" value="test" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> x509encrypt.props:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.file=testpub.keystore
>
> I'm using the PasswordCallbackClass to set the password for the alias
> "test".
>
> Emanuel
>
> On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> wrote:
>> re,
>>
>> I found out that it works if I don't use only Encrypt (no Signature)
>> but my Server Error comes back again :( Here are my files :
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=security
>> org.apache.ws.security.crypto.merlin.keystore.alias=publickey
>> org.apache.ws.security.crypto.merlin.alias.password=security
>> org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore
>>
>> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>  <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>>  <globalConfiguration >
>>   <requestFlow >
>>    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>>     <parameter name="action" value="Encrypt"/>
>>     <parameter name="user" value="publickey"/>
>>     <parameter name="passwordCallbackClass"
>> value="eteaching.webservice.security.WSMainPasswordCallback"/>
>>     <parameter name="encryptionUser" value="publickey" />
>>     <parameter name="encryptionPropFile" value="crypto.properties" />
>> <parameter name="encryptionKeyIdentifier" value="DirectReference"
>> />
>>    </handler>
>>   </requestFlow>
>>  </globalConfiguration>
>> </deployment>
>>
>> Best regards
>>
>> Tabin Cédric
>>
>> > Make sure to point the client wsdd to use the keystore file in which
>> you have imported the exported certificate. And make sure to search
>> for the real alias (you can check this with keytool -list -keystore
>> keystore).
>> >
>> > If none works, post the client's wsdd and crypto.properties.
>> >
>> > Emanuel
>> >
>> > On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
>> wrote:
>> >> Hi all,
>> >>
>> >> I've got a little understanding problem with those certificates. I
>> follow theses steps (with keytool) :
>> >> 1) I create 2 keystores, with a key for each one of them
>> >> 2) I sign (with -selfcert) both keys
>> >> 3) I export the key (public key) into a file certificate.cer from
>> the 1st keystore
>> >> 4) I import the certificater.cer into the 2nd keystore.
>> >>
>> >> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
>> trustedCertEntry (publickey)
>> >>
>> >> So no I want to use this certificate to encrypt a soap message...
>> so I build my file crypto.properties and wsdd files to redirect
>> onto the key. But when I'm executing the program I obtain this
>> error : RemoteException : WSDoAllSender: Signature: error during
>> message procesingorg.apache.ws.security.WSSecurityException:
>> Signature creation failed; nested exception is:
>> >>        java.lang.Exception: Cannot find key for alias: publickey
>> >>
>> >> I don't understand this exception... the private key isn't needed
>> to encrypt the soap body ???
>> >>
>> >> Best regards
>> >>
>> >> Tabin Cédric
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by "Tabin Cédric -[ thecaptain ]-" <ta...@netplus.ch>.

re,

I updated my wss4j to 1.1 (on the website it is wrote "Latest version of
WSS4J is 1.0.0"). The encryption looks like working :) but the Server
Error is still thrown :( No one on the dev-axis mailing list answer me at
the moment... I don't know where I can find out more information about
this problem.

Best regards

Tabin cédric

> My working encryption on axis 1.3 and wss4j 1.1:
>
> wsdd client config file:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender" />
> <globalConfiguration>
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="action" value="Encrypt" />
> <parameter name="encryptionPropFile" value="x509encrypt.props" />
> <parameter name="encryptionKeyIdentifier" value="DirectReference" />
> <parameter name="encryptionUser" value="test" />
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> x509encrypt.props:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=foobar
> org.apache.ws.security.crypto.merlin.file=testpub.keystore
>
> I'm using the PasswordCallbackClass to set the password for the alias
> "test".
>
> Emanuel
>
> On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> wrote:
>> re,
>>
>> I found out that it works if I don't use only Encrypt (no Signature)
>> but my Server Error comes back again :( Here are my files :
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=security
>> org.apache.ws.security.crypto.merlin.keystore.alias=publickey
>> org.apache.ws.security.crypto.merlin.alias.password=security
>> org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore
>>
>> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>>  <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>>  <globalConfiguration >
>>   <requestFlow >
>>    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>>     <parameter name="action" value="Encrypt"/>
>>     <parameter name="user" value="publickey"/>
>>     <parameter name="passwordCallbackClass"
>> value="eteaching.webservice.security.WSMainPasswordCallback"/>
>>     <parameter name="encryptionUser" value="publickey" />
>>     <parameter name="encryptionPropFile" value="crypto.properties" />
>> <parameter name="encryptionKeyIdentifier" value="DirectReference"
>> />
>>    </handler>
>>   </requestFlow>
>>  </globalConfiguration>
>> </deployment>
>>
>> Best regards
>>
>> Tabin Cédric
>>
>> > Make sure to point the client wsdd to use the keystore file in which
>> you have imported the exported certificate. And make sure to search
>> for the real alias (you can check this with keytool -list -keystore
>> keystore).
>> >
>> > If none works, post the client's wsdd and crypto.properties.
>> >
>> > Emanuel
>> >
>> > On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
>> wrote:
>> >> Hi all,
>> >>
>> >> I've got a little understanding problem with those certificates. I
>> follow theses steps (with keytool) :
>> >> 1) I create 2 keystores, with a key for each one of them
>> >> 2) I sign (with -selfcert) both keys
>> >> 3) I export the key (public key) into a file certificate.cer from
>> the 1st keystore
>> >> 4) I import the certificater.cer into the 2nd keystore.
>> >>
>> >> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
>> trustedCertEntry (publickey)
>> >>
>> >> So no I want to use this certificate to encrypt a soap message...
>> so I build my file crypto.properties and wsdd files to redirect
>> onto the key. But when I'm executing the program I obtain this
>> error : RemoteException : WSDoAllSender: Signature: error during
>> message procesingorg.apache.ws.security.WSSecurityException:
>> Signature creation failed; nested exception is:
>> >>        java.lang.Exception: Cannot find key for alias: publickey
>> >>
>> >> I don't understand this exception... the private key isn't needed
>> to encrypt the soap body ???
>> >>
>> >> Best regards
>> >>
>> >> Tabin Cédric
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by Emanuel Haisiuc <em...@gmail.com>.

My working encryption on axis 1.3 and wss4j 1.1:

wsdd client config file:

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Encrypt" />
<parameter name="encryptionPropFile" value="x509encrypt.props" />
<parameter name="encryptionKeyIdentifier" value="DirectReference" />
<parameter name="encryptionUser" value="test" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>

x509encrypt.props:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.file=testpub.keystore

I'm using the PasswordCallbackClass to set the password for the alias "test".

Emanuel

On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch> wrote:
> re,
>
> I found out that it works if I don't use only Encrypt (no Signature) but
> my Server Error comes back again :( Here are my files :
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.keystore.alias=publickey
> org.apache.ws.security.crypto.merlin.alias.password=security
> org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>  <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>  <globalConfiguration >
>   <requestFlow >
>    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>     <parameter name="action" value="Encrypt"/>
>     <parameter name="user" value="publickey"/>
>     <parameter name="passwordCallbackClass"
> value="eteaching.webservice.security.WSMainPasswordCallback"/>
>     <parameter name="encryptionUser" value="publickey" />
>     <parameter name="encryptionPropFile" value="crypto.properties" />
>     <parameter name="encryptionKeyIdentifier" value="DirectReference" />
>    </handler>
>   </requestFlow>
>  </globalConfiguration>
> </deployment>
>
> Best regards
>
> Tabin Cédric
>
> > Make sure to point the client wsdd to use the keystore file in which you
> > have imported the exported certificate. And make sure to search for the
> > real alias (you can check this with keytool -list -keystore keystore).
> >
> > If none works, post the client's wsdd and crypto.properties.
> >
> > Emanuel
> >
> > On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> > wrote:
> >> Hi all,
> >>
> >> I've got a little understanding problem with those certificates. I
> >> follow theses steps (with keytool) :
> >> 1) I create 2 keystores, with a key for each one of them
> >> 2) I sign (with -selfcert) both keys
> >> 3) I export the key (public key) into a file certificate.cer from the
> >> 1st keystore
> >> 4) I import the certificater.cer into the 2nd keystore.
> >>
> >> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
> >> trustedCertEntry (publickey)
> >>
> >> So no I want to use this certificate to encrypt a soap message... so I
> >> build my file crypto.properties and wsdd files to redirect onto the
> >> key. But when I'm executing the program I obtain this error :
> >> RemoteException : WSDoAllSender: Signature: error during message
> >> procesingorg.apache.ws.security.WSSecurityException: Signature
> >> creation failed; nested exception is:
> >>        java.lang.Exception: Cannot find key for alias: publickey
> >>
> >> I don't understand this exception... the private key isn't needed to
> >> encrypt the soap body ???
> >>
> >> Best regards
> >>
> >> Tabin Cédric
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by Emanuel Haisiuc <em...@gmail.com>.

My working encryption on axis 1.3 and wss4j 1.1:

wsdd client config file:

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender" />
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Encrypt" />
<parameter name="encryptionPropFile" value="x509encrypt.props" />
<parameter name="encryptionKeyIdentifier" value="DirectReference" />
<parameter name="encryptionUser" value="test" />
</handler>
</requestFlow>
</globalConfiguration>
</deployment>

x509encrypt.props:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.file=testpub.keystore

I'm using the PasswordCallbackClass to set the password for the alias "test".

Emanuel

On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch> wrote:
> re,
>
> I found out that it works if I don't use only Encrypt (no Signature) but
> my Server Error comes back again :( Here are my files :
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.keystore.alias=publickey
> org.apache.ws.security.crypto.merlin.alias.password=security
> org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>  <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>  <globalConfiguration >
>   <requestFlow >
>    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>     <parameter name="action" value="Encrypt"/>
>     <parameter name="user" value="publickey"/>
>     <parameter name="passwordCallbackClass"
> value="eteaching.webservice.security.WSMainPasswordCallback"/>
>     <parameter name="encryptionUser" value="publickey" />
>     <parameter name="encryptionPropFile" value="crypto.properties" />
>     <parameter name="encryptionKeyIdentifier" value="DirectReference" />
>    </handler>
>   </requestFlow>
>  </globalConfiguration>
> </deployment>
>
> Best regards
>
> Tabin Cédric
>
> > Make sure to point the client wsdd to use the keystore file in which you
> > have imported the exported certificate. And make sure to search for the
> > real alias (you can check this with keytool -list -keystore keystore).
> >
> > If none works, post the client's wsdd and crypto.properties.
> >
> > Emanuel
> >
> > On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> > wrote:
> >> Hi all,
> >>
> >> I've got a little understanding problem with those certificates. I
> >> follow theses steps (with keytool) :
> >> 1) I create 2 keystores, with a key for each one of them
> >> 2) I sign (with -selfcert) both keys
> >> 3) I export the key (public key) into a file certificate.cer from the
> >> 1st keystore
> >> 4) I import the certificater.cer into the 2nd keystore.
> >>
> >> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
> >> trustedCertEntry (publickey)
> >>
> >> So no I want to use this certificate to encrypt a soap message... so I
> >> build my file crypto.properties and wsdd files to redirect onto the
> >> key. But when I'm executing the program I obtain this error :
> >> RemoteException : WSDoAllSender: Signature: error during message
> >> procesingorg.apache.ws.security.WSSecurityException: Signature
> >> creation failed; nested exception is:
> >>        java.lang.Exception: Cannot find key for alias: publickey
> >>
> >> I don't understand this exception... the private key isn't needed to
> >> encrypt the soap body ???
> >>
> >> Best regards
> >>
> >> Tabin Cédric
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by "Tabin Cédric -[ thecaptain ]-" <ta...@netplus.ch>.

re,

I found out that it works if I don't use only Encrypt (no Signature) but
my Server Error comes back again :( Here are my files :

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=publickey
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
 <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
  <globalConfiguration >
   <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
     <parameter name="action" value="Encrypt"/>
     <parameter name="user" value="publickey"/>
     <parameter name="passwordCallbackClass"
value="eteaching.webservice.security.WSMainPasswordCallback"/>
     <parameter name="encryptionUser" value="publickey" />
     <parameter name="encryptionPropFile" value="crypto.properties" />
     <parameter name="encryptionKeyIdentifier" value="DirectReference" />
    </handler>
   </requestFlow>
  </globalConfiguration>
</deployment>

Best regards

Tabin Cédric

> Make sure to point the client wsdd to use the keystore file in which you
> have imported the exported certificate. And make sure to search for the
> real alias (you can check this with keytool -list -keystore keystore).
>
> If none works, post the client's wsdd and crypto.properties.
>
> Emanuel
>
> On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> wrote:
>> Hi all,
>>
>> I've got a little understanding problem with those certificates. I
>> follow theses steps (with keytool) :
>> 1) I create 2 keystores, with a key for each one of them
>> 2) I sign (with -selfcert) both keys
>> 3) I export the key (public key) into a file certificate.cer from the
>> 1st keystore
>> 4) I import the certificater.cer into the 2nd keystore.
>>
>> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
>> trustedCertEntry (publickey)
>>
>> So no I want to use this certificate to encrypt a soap message... so I
>> build my file crypto.properties and wsdd files to redirect onto the
>> key. But when I'm executing the program I obtain this error :
>> RemoteException : WSDoAllSender: Signature: error during message
>> procesingorg.apache.ws.security.WSSecurityException: Signature
>> creation failed; nested exception is:
>>        java.lang.Exception: Cannot find key for alias: publickey
>>
>> I don't understand this exception... the private key isn't needed to
>> encrypt the soap body ???
>>
>> Best regards
>>
>> Tabin Cédric
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by "Tabin Cédric -[ thecaptain ]-" <ta...@netplus.ch>.

re,

I found out that it works if I don't use only Encrypt (no Signature) but
my Server Error comes back again :( Here are my files :

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=publickey
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=RSAprivateKeyStore

<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
 <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
  <globalConfiguration >
   <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
     <parameter name="action" value="Encrypt"/>
     <parameter name="user" value="publickey"/>
     <parameter name="passwordCallbackClass"
value="eteaching.webservice.security.WSMainPasswordCallback"/>
     <parameter name="encryptionUser" value="publickey" />
     <parameter name="encryptionPropFile" value="crypto.properties" />
     <parameter name="encryptionKeyIdentifier" value="DirectReference" />
    </handler>
   </requestFlow>
  </globalConfiguration>
</deployment>

Best regards

Tabin Cédric

> Make sure to point the client wsdd to use the keystore file in which you
> have imported the exported certificate. And make sure to search for the
> real alias (you can check this with keytool -list -keystore keystore).
>
> If none works, post the client's wsdd and crypto.properties.
>
> Emanuel
>
> On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch>
> wrote:
>> Hi all,
>>
>> I've got a little understanding problem with those certificates. I
>> follow theses steps (with keytool) :
>> 1) I create 2 keystores, with a key for each one of them
>> 2) I sign (with -selfcert) both keys
>> 3) I export the key (public key) into a file certificate.cer from the
>> 1st keystore
>> 4) I import the certificater.cer into the 2nd keystore.
>>
>> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
>> trustedCertEntry (publickey)
>>
>> So no I want to use this certificate to encrypt a soap message... so I
>> build my file crypto.properties and wsdd files to redirect onto the
>> key. But when I'm executing the program I obtain this error :
>> RemoteException : WSDoAllSender: Signature: error during message
>> procesingorg.apache.ws.security.WSSecurityException: Signature
>> creation failed; nested exception is:
>>        java.lang.Exception: Cannot find key for alias: publickey
>>
>> I don't understand this exception... the private key isn't needed to
>> encrypt the soap body ???
>>
>> Best regards
>>
>> Tabin Cédric
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by Emanuel Haisiuc <em...@gmail.com>.

Make sure to point the client wsdd to use the keystore file in which
you have imported the exported certificate. And make sure to search
for the real alias (you can check this with keytool -list -keystore
keystore).

If none works, post the client's wsdd and crypto.properties.

Emanuel

On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch> wrote:
> Hi all,
>
> I've got a little understanding problem with those certificates. I follow
> theses steps (with keytool) :
> 1) I create 2 keystores, with a key for each one of them
> 2) I sign (with -selfcert) both keys
> 3) I export the key (public key) into a file certificate.cer from the 1st
> keystore
> 4) I import the certificater.cer into the 2nd keystore.
>
> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
> trustedCertEntry (publickey)
>
> So no I want to use this certificate to encrypt a soap message... so I
> build my file crypto.properties and wsdd files to redirect onto the key.
> But when I'm executing the program I obtain this error :
> RemoteException : WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: Signature creation
> failed; nested exception is:
>        java.lang.Exception: Cannot find key for alias: publickey
>
> I don't understand this exception... the private key isn't needed to
> encrypt the soap body ???
>
> Best regards
>
> Tabin Cédric
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: [Certificate] public key / private key

Posted by Emanuel Haisiuc <em...@gmail.com>.

Make sure to point the client wsdd to use the keystore file in which
you have imported the exported certificate. And make sure to search
for the real alias (you can check this with keytool -list -keystore
keystore).

If none works, post the client's wsdd and crypto.properties.

Emanuel

On 2/15/06, Tabin Cédric -[ thecaptain ]- <ta...@netplus.ch> wrote:
> Hi all,
>
> I've got a little understanding problem with those certificates. I follow
> theses steps (with keytool) :
> 1) I create 2 keystores, with a key for each one of them
> 2) I sign (with -selfcert) both keys
> 3) I export the key (public key) into a file certificate.cer from the 1st
> keystore
> 4) I import the certificater.cer into the 2nd keystore.
>
> Now I've got 2 keys in my keystore : keyEntry (privatekey) and
> trustedCertEntry (publickey)
>
> So no I want to use this certificate to encrypt a soap message... so I
> build my file crypto.properties and wsdd files to redirect onto the key.
> But when I'm executing the program I obtain this error :
> RemoteException : WSDoAllSender: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: Signature creation
> failed; nested exception is:
>        java.lang.Exception: Cannot find key for alias: publickey
>
> I don't understand this exception... the private key isn't needed to
> encrypt the soap body ???
>
> Best regards
>
> Tabin Cédric
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org