Hi Christian,
Nope, you can't outsource task of signing the message to someone
else. If you want to do this, you will have to modify the Rampart code to
suit this custom requirement.
thanks,
nandana
On Wed, Sep 24, 2008 at 5:15 PM, Christian Mielke <[EMAIL PROTECTED]> wrote:
> Hi,
> maybe I need the keys for both. SSL in my Tomcat and also message security.
> You said that I can implement my own CryptoProvider which is communicating
> with the HSM. The problem is when importing once a key into such a HSM you
> will never read it out again. This means that you can't get out the private
> key for signing a message for example. The HSM has a web service interface
> with methods for signing, encrypting, decrypting and so on.This means that
> you have to deliver your XML construct to the HSM to sign it there and you
> get it back signed. With RAMPART it is currently so that RAMPART gets the
> key from the keystore and signs the message part itself with the key.
>
> Is there any chance that RAMPART can also outsource the task for signing
> the message in the HSM or MUST Rampart always sign the message part itself
> with the key from the store?
>
> Greetings
> Christian
>
>
> ----- original Nachricht --------
>
> Betreff: Re: Re: RAMPART 1.3 only with File-Keystores ?
> Gesendet: Fr, 19. Sep 2008
> Von: Nandana Mihindukulasooriya<[EMAIL PROTECTED]>
>
> > Hi Christian,
> > Do you want to use these keys for SSL or to do message level
> > security
> > ? I assumed you need to do message level security. It seems the thread
> [1]
> > mentioned by Steve talks about how to use HSM to do the SSL handshake.
> >
> > thanks,
> > nandana
> >
> >
> > [1] -
> >
> http://markmail.org/message/irygbllfn2of77vx?q=list:org%2Eapache%2Ews%2Eaxis
> >
> -user+HSM#query:list%3Aorg.apache.ws.axis-user%20HSM+page:1+mid:iaaq4fkxfkaz
> > e6gg+state:results
> >
> > On Fri, Sep 19, 2008 at 12:33 AM, <[EMAIL PROTECTED]> wrote:
> >
> > > There was a short thread about using an HSM in the Axis2 group pretty
> > > recently. You might want to take a look at that and contact the
> original
> > > poster - it appears that they were able to get this to work.
> > >
> > > ______________________________________________
> > > Steve Gruverman, Programmer
> > > IntelliCare, Inc. | A Medco Health Solutions Company
> > >
> > >
> > >
> > >
> > > From: "Christian Mielke" <[EMAIL PROTECTED]>
> > >
> > > To: [email protected]
> > >
> > > Date: 09/18/2008 11:20 AM
> > >
> > > Subject: Re: Re: RAMPART 1.3 only with File-Keystores ?
> > >
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > > thanks for the fast reply.
> > >
> > > A Hardware Security Module (HSM) is a appliance that can store private
> > keys
> > > inside and these keys cannot be exported anymore. The keys are safe
> > inside
> > > this appliance.
> > >
> > > With a custom crypto implementation do you mean something to replace
> the
> > > Merlin Crypto Provider?
> > >
> > > Christian
> > > ----- original Nachricht --------
> > >
> > > Betreff: Re: RAMPART 1.3 only with File-Keystores ?
> > > Gesendet: Do, 18. Sep 2008
> > > Von: Nandana Mihindukulasooriya<[EMAIL PROTECTED]>
> > >
> > > > I didn't quite get what is meant by hardware certificate store but
> you
> > > may
> > > > be able to do this by writing a Custom Crypto implementation and
> using
> > it
> > > > with Rampart.
> > > >
> > > > thanks,
> > > > nandana
> > > >
> > > > On Thu, Sep 18, 2008 at 7:11 PM, Christian Mielke <[EMAIL PROTECTED]>
> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > Rampart works great with file keystores somewhere on the file
> system,
> > > but
> > > > > is there the possibility to use a hardware security module with
> > > RAMPART?
> > > > The
> > > > > hardware security module is a hardware certificate store inside the
> > > same
> > > > > network like the application server.
> > > > >
> > > > > Greetings
> > > > >
> > > > > Christian
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Nandana Mihindukulasooriya
> > > > WSO2 inc.
> > > >
> > > > http://nandana83.blogspot.com/
> > > > http://www.wso2.org
> > > >
> > >
> > > --- original Nachricht Ende ----
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Nandana Mihindukulasooriya
> > WSO2 inc.
> >
> > http://nandana83.blogspot.com/
> > http://www.wso2.org
> >
>
> --- original Nachricht Ende ----
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
