You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Pham Hoai Van <va...@fsoft.com.vn> on 2005/05/11 11:47:38 UTC

WSS: encrypt SOAPMsg by SessionKey of a KerberosServiceTicket problem ???

Hi all,
According to Web Service Security Specification (OASIS), i'm building a package that use Kerberos Ticket to secure web service.
WSS Spec indicates that we can use KerberosTicket embbed in SOAP Header to sign/encrypt SOAPMessage. Now i'm doing some works with encrypting a SOAMessage by KerberosTicket.

I found that a SecretKey exchanged between client and kerberzied service is only 8 bytes length. But i wanna encrypt my SOAPmessage use tripleDes that need a SecretKey of 24bytes. I use XMLSecurity from Apache to sign/encrypt soapMsg and it  supports tripleDes not DES.

So any idea to solve my problem ?
Creating a Secretkey for tripleDES derived from just 8byte sessionkey ?
Any idea ?
Best Regards and many thanks.
Hoai Van