Re: Question about Rampart's policy sample 3

Sun, 16 Mar 2008 09:29:41 -0700 

Hi Thawan...
Yes,,, you can import the Public Key with the keytool ( you need import a certificate with the Public key that you need...)... 


You need change the name of the keystore,,, the passwords,, and the 
alias...  in the policy.xml file and in the PWCBHandler...

( I dont remember now if is needed more changes... )... :-(

[/'s]
jr
sorry my poor english,,, please...



Thawan Kooburat escreveu:

Hi,
    Thanks for your reply,


  

 If you import the "Public key" of the server to inside your
 client.jks,,, then,,, only the server ( in theory ) can decrypt the
 message with the Server Private Key...

    


   Can I achieve this with Java keytool?  And do I need to modify
policy.xml other than changing parameters in <ramp:RampartConfig> part
?

Thanks,

Thawan


On Sat, Mar 15, 2008 at 11:35 PM, Arlindo Luis Marcon Junior
<[EMAIL PROTECTED]> wrote:

  

Hi

 Thawan


 anyone who intercept the package can decrypt and verify the signature of
 the message,,, IF you used the "private" key of "client"...
 In other words,,, if you sign and encrypt with the private key of the
 "client",,, you ensure/assure the identity of the issuer,,,
 non-repudiation of the issuer...

 If you import the "Public key" of the server to inside your
 client.jks,,, then,,, only the server ( in theory ) can decrypt the
 message with the Server Private Key...


 [/'s]
 jr

 Thawan Kooburat escreveu:



    

Hi,

      

 >     I have sucessfully deployed  Rampart policy sample 3 with Axis2
 > and Rampart 1.3
 >     I am not sure about how the security mechanism work in this sample.
 >     This is what I think:
 >     The client sign and encrypt its message using private key stored
 > in client.jks.  When a server receive the message, it decrypt and
 > verify the message by using public key extracted from the message
 > header.
 >
 >     This means that anyone who intercept the package can decrypt the message?
 >
 > Thanks,
 >
 > Thawan Kooburat
 >
 > Department of Computer Engineering
 > Faculty of Engineering
 > Chulalongkorn University
 > Bangkok Thailand
 >
 > ---------------------------------------------------------------------
 > To unsubscribe, e-mail: [EMAIL PROTECTED]
 > For additional commands, e-mail: [EMAIL PROTECTED]
 >
 >
 >

 ---------------------------------------------------------------------
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



    





  



--
Arlindo Luis Marcon Junior
E-mail: [EMAIL PROTECTED]
Internet Web Page: http://lattes.cnpq.br/6483462042489662
ICQ: 138864173
Curitiba - ParanĂ¡ - Brasil



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to