You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Dittmann Werner <we...@siemens.com> on 2004/03/08 16:36:22 UTC

AW: AW: what information from crypto.properties is used for signi ng i n WSSignEnvelope?

Maciek,

well, there is no such notation as client/server
for crypto.
Crypto is the interface to simplify the handling
certificates, e.g. of looking up certificates, 
converting DER encoded base64 strings into 
certificates, and so on. Thus, the sender and 
the receiver need these functions.

If you use encryption and certificates to exchange
the keys then the roles are reversed compared to
to Signature.

WSSecurityTest9 is a test program inside the
WSS4J sources (wssec/WSSecurityTest9.java)

regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Maciek Zywno [mailto:m.zywno@amg.net.pl] 
> Gesendet: Montag, 8. März 2004 16:21
> Cc: fx-dev@ws.apache.org
> Betreff: Re: AW: what information from crypto.properties is 
> used for signing i n WSSignEnvelope?
> 
> 
> Dittmann Werner wrote:
> 
> >Maciek,
> >
> >the X.509 certificates hold public keys and some
> >other information to link to trusted certificates
> >(from Certificate Authorities, CA). The according
> >private key is not stored in the X.509 certificate
> >but in the keystore. Of course, the private key
> >is encrypted in the keystore (that's why we need
> >a passowrd to read the private key). Currently
> >we support 2 keystore formats: Sun's JKS and
> >PKCS#12 (p12).
> >
> >Yes, WSS4J supports X.509 to exchange key 
> >information. If you want to use a so called
> >"shared secret", that is a password (key) that
> >you have previously agreed with ypu partner, then
> >consider to use "EmbeddedKey". Here we do not
> >need a X.509 certificate but WSS4J uses the
> >password to generate the symmetric key to
> >encrypt the data. This, however, is for encryption
> >only, not signature. Pls refer to WSSecurityTest9.
> >
> >Regards,
> >Werner
> >
> >  
> >
> >>-----Ursprüngliche Nachricht----
> >>
> Thanks!
> It's getting moreand more clear.
> 
> Interface Crypto is used both for:
> 
> - getting private key from a keystore
> - getting X.509 certificate
> 
> I guess that the first method is used by a *server* that has in its 
> crypto.properties file needed alias and passoword to get to keystore. 
> The second method is used by a *client* to get a public key from a 
> certificate to encrypt a message ro be sent to server.  A path to a 
> certificate is placed also in crypto.properties file (or any other 
> specified in wsdd file). Unless I get it wrong, interface Crypto is 
> called both by a client and server but for different methods 
> - why are 
> they mixed i.e. why not to create seperate classes, a kind of.. 
> CryptoForClient and CryptoForServer?
> 
> Thanks once again for all your responses.
> 
> BTW: What did you mean by WSSecurityTest9 ? I googled for it but 
> couldn't find.
> 
>  
>