On 18/03/16 00:21, Giriraj Bhojak wrote:
>I have been struggling with a basic question related to using signing and
>encryption for REST services.
>If the REST call (using JSON) happens over http or https via a browser, how
>can I ensure that JSON payload is signed and encrypted, just like a
Hi,
I have been struggling with a basic question related to using signing and
encryption for REST services.
If the REST call (using JSON) happens over http or https via a browser, how
can I ensure that JSON payload is signed and encrypted, just like a SOAP
request that is signed and encrypted?
Hi,
On 18/03/16 00:21, Giriraj Bhojak wrote:
Thank you Sergey.
I went through the spec. It mentions that the spec is not stable yet and is
subject to change. Would you know if it is widely used?
There are two specs involved here, JOSE and WebCrypto, the former is
stable and is already quite
Hi
You may be talking about WebCrypto.
If you have a CXF client sending JSON, then JWE/JWS protecting it is
easy enough, but you have a script running in a browser then this script
have no access to the key stores, unless it is a WebCrypto aware browser
and most of them are by now AFAIK,
Or a browser may ask a trusted server to help with it, and get this
server returning a String representing a JOSE payload, then script then
forward it somewhere else...
Sergey
On 17/03/16 21:35, Sergey Beryozkin wrote:
Hi
You may be talking about WebCrypto.
If you have a CXF client sending
Thank you very much Sergey.
Thanks,
Giriraj
On Mar 18, 2016 6:06 AM, "Sergey Beryozkin" wrote:
> Hi,
> On 18/03/16 00:21, Giriraj Bhojak wrote:
>
>> Thank you Sergey.
>> I went through the spec. It mentions that the spec is not stable yet and
>> is
>> subject to change.
Thank you Sergey.
I went through the spec. It mentions that the spec is not stable yet and is
subject to change. Would you know if it is widely used?
I was hoping to use one of the JavaScript tools such as jsrrsasign, but
looks like it is our of picture.
Would you be able to share the source