You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Frank Cornelis <in...@e-contract.be> on 2015/07/28 11:09:41 UTC

DHKeyValue as ComputedKey

Hi,


For some application we would like to have a proof-of-possession key 
with perfect forward secrecy security property.
WS-Trust clearly defines how to compute such key using the PSHA1 
algorithm, but not how to properly do this using Diffie-Hellman.
Does anyone have an example on how this should best be incorporated 
within the WS-Trust protocol?

Request should contain something like:

<wst:ComputedKeyAlgorithm>
     http://www.w3.org/2001/04/xmlenc#DHKeyValue
</wst:ComputedKeyAlgorithm>
<wst:KeyType>
     http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
</wst:KeyType>
<???>
     <xenc:DHKeyValue>
         <xenc:P>...</xenc:P>
         <xenc:Q>...</xenc:Q>
         <xenc:Generator>...</xenc:Generator>
         <xenc:Public>...</xenc:Public>
     </xenc:DHKeyValue>
</???>




The response something like:

<wst:RequestedProofToken>
     <wst:ComputedKey>
         http://www.w3.org/2001/04/xmlenc#DHKeyValue
     </wst:ComputedKey>
     <???>
         <xenc:DHKeyValue>
             <xenc:P>...</xenc:P>
             <xenc:Q>...</xenc:Q>
             <xenc:Generator>...</xenc:Generator>
             <xenc:Public>...</xenc:Public>
         </xenc:DHKeyValue>
     </???>
</wst:RequestedProofToken>



Any suggestions here are welcome.


Mvg,
Frank.

Re: DHKeyValue as ComputedKey

Posted by Colm O hEigeartaigh <co...@apache.org>.

Hi Frank,

I haven't seen any requirements for this before, and I'm not sure if the
spec accommodates it. Probably the best approach is to define a custom
extension for handling this requirement.

Colm.

On Tue, Jul 28, 2015 at 10:09 AM, Frank Cornelis <in...@e-contract.be> wrote:

> Hi,
>
>
> For some application we would like to have a proof-of-possession key with
> perfect forward secrecy security property.
> WS-Trust clearly defines how to compute such key using the PSHA1
> algorithm, but not how to properly do this using Diffie-Hellman.
> Does anyone have an example on how this should best be incorporated within
> the WS-Trust protocol?
>
> Request should contain something like:
>
> <wst:ComputedKeyAlgorithm>
>     http://www.w3.org/2001/04/xmlenc#DHKeyValue
> </wst:ComputedKeyAlgorithm>
> <wst:KeyType>
>     http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
> </wst:KeyType>
> <???>
>     <xenc:DHKeyValue>
>         <xenc:P>...</xenc:P>
>         <xenc:Q>...</xenc:Q>
>         <xenc:Generator>...</xenc:Generator>
>         <xenc:Public>...</xenc:Public>
>     </xenc:DHKeyValue>
> </???>
>
>
>
>
> The response something like:
>
> <wst:RequestedProofToken>
>     <wst:ComputedKey>
>         http://www.w3.org/2001/04/xmlenc#DHKeyValue
>     </wst:ComputedKey>
>     <???>
>         <xenc:DHKeyValue>
>             <xenc:P>...</xenc:P>
>             <xenc:Q>...</xenc:Q>
>             <xenc:Generator>...</xenc:Generator>
>             <xenc:Public>...</xenc:Public>
>         </xenc:DHKeyValue>
>     </???>
> </wst:RequestedProofToken>
>
>
>
> Any suggestions here are welcome.
>
>
> Mvg,
> Frank.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com