Yes, that is basically what happens. thanks, Nandana
On Fri, Jan 15, 2010 at 2:31 PM, Lorenzo Carnevale < lorenzo.carnev...@innovery.it> wrote: > Hello people, > I managed to create a secure WS using rampart (signed and encrypted > communication with asymmetric keys), > using one of the sample provided with rampart.... > but I still think I have not very clear in my mind the way things work > "under the hood". > > I'd like to know if I got things right about the working... (Notice that at > this point I don't really care about which takes place 1st, sign or crypt.) > > 1) The client takes the XML of his request, CRYPTS it with the Web > Service's 'certificate' and SIGNS it with the Client's private key [both > key and certificate are stored in client.jks] > > 2) The Web Service verifies the signature using the client's certificate, > and de-crypts the data using its own private key. These certificates/keys > are taken from service.jks > > The reverse appens for the response: > > 3) At this point, the Web Service takes the XML of the "answer" and CRYPTS > it with the client's certificate, then SIGNS it with its private key.... > > (etc etc) > > Did I get it right? > > Thanks > >