I'm trying to use Rampart to encrypt my message body using a symmetric secret key. Sample 9, included with the Rampart distribution, does just this. The actual key is hard-coded in a callback function. My understanding is that the key (EmbededKeyName) is the only piece of data needed to encode the message. Please correct me if I am wrong.
I was wondering why this part of the client config file: <action> <items>Encrypt</items> <user>client</user> <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier> <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass> <encryptionPropFile>client.properties</encryptionPropFile> <EmbeddedKeyName>SessionKey</EmbeddedKeyName> </action> contains the encryptionPropFile property. Why do we need client.properties in this case. I do not understand why does Rampart need the keystore in this case? I'm not using public/private keys or certificates, just one secret key. The service side security is implemented using the SUN Metro and XWSS implementation. From WS provider I got for my client the username/password, client shared secret to encrypt and service shared secret to decrypt. The symmetric keys is computed during runtime programmatically, generating for a given sharedsecret an AES256 Key and using the Decryption/EncryptionKeyCallback. My problem is to translate this using the Rampart and WSS4J implementation. Is this scenario supported in Ramapart? If so can you point me in right direction? Thanks in advance, Dejan 2008/9/29 Ruchith Fernando <[EMAIL PROTECTED]> > There were some discussions on the WS-SX TC about this : > > Please see the following : > > http://lists.oasis-open.org/archives/ws-sx/200801/msg00011.html > > The issue # is 163 : > > http://lists.oasis-open.org/archives/ws-sx/200802/msg00014.html > > I think we can improve rampart to support this scenario. > Nandana can you please confirm whether this is already available? > > Thanks, > Ruchith > > > On Mon, Sep 29, 2008 at 4:26 AM, Dejan <[EMAIL PROTECTED]> wrote: > > Hi, > > > > When the client and service already has a shared key, can I use that to > sign > > and encrypt? Do I still need client.properties and how to define this in > the > > policy.xml in that case. Where should I store the shared secret? > > Is there any client sample that does this. I check sample09 from rampart > > installation but I its not clear to me howto use > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>. > > > > *Any help is much appreciated* ! > > > > > > -- > http://blog.ruchith.org >
