Thanks! ________________________________
From: Tonkikh Maxim [mailto:[EMAIL PROTECTED] Sent: Friday, February 09, 2007 11:03 PM To: [EMAIL PROTECTED] Cc: axis-user@ws.apache.org Subject: FW: [Axis2] hmac-sha1 Signature From: Yaniv Ofer .... Subject: RE: [Axis2] hmac-sha1 Signature Hello Ruchith, Thanks very much for your support, time & effort. I would like to provide few details that may clarify the issue. The related mailService.wsdl was provided by Microsoft for generating the Hotmail Mail Client for retrieving/sending mail using the MSP 3.0 protocol ( based on .NET WSE 3.0 extension ). We are trying to generate a Java/C++ client over Windows/Linux using Axis 2.0 out of the attached Microsoft mailService.wsdl. The generated SOAP request should be sent to Microsoft Hotmail Mail Server. The Secret Key that should be used for the HMAC-SHA1 signature value is returned by a different (non WSDL) call to Microsoft Passport server (different than the Microsoft Hotmail Mail Server). The Passport server request includes the Hotmail account username/password. The Passport server response includes a Mobile Token & a Secret Key. The Mobile Token should be provided as the wsse:BinarySecurityToken & the Secret Key should be used for the generation of the HMAC-SHA1 ds:SignatureValue. ( Each SignedInfo DigestValue element is generated using SHA1 ). Attached is a sample SyncMailFolders Request that should be generated out of the attached WSDL using Axis 2.0 Thanks Ofer -----Original Message----- From: Tonkikh Maxim Sent: Thursday, February 08, 2007 3:58 PM To: Yaniv Ofer Subject: FW: [Axis2] hmac-sha1 Signature -----Original Message----- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Thursday, 08 February, 2007 15:14 To: axis-user@ws.apache.org Subject: Re: [Axis2] hmac-sha1 Signature Hi folks, In cases where we have to use a symmetric key and ensure integrity of a message we use hmac-sha1 and compute the MAC value over the canonicalized SignedInfo element and use that MAC value (base64ed) as the SignatureValue: <ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#' > <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' /> <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#hmac-sha1' /> ... ... </ds:SignedInfo> ... ... </ds:Signature> I support this is the scenario that Maxim mentioned. Do you have a scenario where you should be able to do this with an arbitrary key that you have? Can you also let us know how you are planning to refer to the shared key used in the signature structure. Specifically how the "KeyInfo" element of the Signature should be setup. Right now rampart supports this approach only with the WS-SecConv implementation where we have to use the derived key to generate signature as above. Thanks, Ruchith On 2/8/07, Jyrki Saarinen <[EMAIL PROTECTED]> wrote: > On Thu, 2007-02-08 at 13:58 +0200, Tonkikh Maxim wrote: > > Hi All > > > > I need to use hmac-sha1 Signature. > > > > How can I pass my SecretKey to rampart? > > You need to read some cryptography, HMAC-SHA1 isn't a digital > signature algorithm, it is a MAC (Message Authentication Code). > > Jyrki > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]