Hi Maxim, Right now it is not possible to do this with an arbitrary key with Rampart.
But if you explain your requirement in detail (message samples will be great) I can have a look at how to support this scenario. Thanks, Ruchith On 2/8/07, Tonkikh Maxim <[EMAIL PROTECTED]> wrote:
Hi So? Is it possible to configure rampart? I'd like to read something about how to configure, pass my key,... Thanx Maxim -----Original Message----- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Thursday, 08 February, 2007 15:14 To: axis-user@ws.apache.org Subject: Re: [Axis2] hmac-sha1 Signature Hi folks, In cases where we have to use a symmetric key and ensure integrity of a message we use hmac-sha1 and compute the MAC value over the canonicalized SignedInfo element and use that MAC value (base64ed) as the SignatureValue: <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#' > <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' /> <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' /> ... ... </ds:SignedInfo> ... ... </ds:Signature> I support this is the scenario that Maxim mentioned. Do you have a scenario where you should be able to do this with an arbitrary key that you have? Can you also let us know how you are planning to refer to the shared key used in the signature structure. Specifically how the "KeyInfo" element of the Signature should be setup. Right now rampart supports this approach only with the WS-SecConv implementation where we have to use the derived key to generate signature as above. Thanks, Ruchith On 2/8/07, Jyrki Saarinen <[EMAIL PROTECTED]> wrote: > On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote: > > Hi All > > > > I need to use hmac-sha1 Signature. > > > > How can I pass my SecretKey to rampart? > > You need to read some cryptography, HMAC-SHA1 isn't a digital > signature algorithm, it is a MAC (Message Authentication Code). > > Jyrki > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]