Hi Rich, Sorry for the delay. And thanks for the patch, that's exactly what I was looking for! I will give that I try soon.
Regards, Dominik -------- Original-Nachricht -------- > Datum: Wed, 29 Aug 2012 01:16:41 -0400 > Von: Rich Newcomb <rich.newc...@gmail.com> > An: users@camel.apache.org > Betreff: Re: XMLSecurity key recovery fails when keystore and key use > different passwords > Quick follow up. I went ahead and created the patch to enable a > "keyPassword" to be specified. In the patch, the key password will only > be > used to retrieve a private key during the unmarshal action. > > For example: > > <unmarshal> > <secureXML > secureTag="//cheese:cheesesites/italy" > secureTagContents="true" > xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; > keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; > recipientKeyAlias="recipient" > keyOrTrustStoreParametersId="keyStoreParams" > keyPassword="keyPassword"/> > > </unmarshal> > > I'm not sure if the patch will be accepted straight away, but feel free to > give it a try and provide comments as useful. > > Thanks, > Rich > > On Tue, Aug 28, 2012 at 10:49 PM, Rich Newcomb > <rich.newc...@gmail.com>wrote: > > > Hi Dominik, > > > > The example you provided is a little bit confusing. The PUBLIC key of > the > > recipient is applied for asymmetric encryption. So, there no need to > > access a password-protected key when the data is being marshalled. > > However, the recipient will use a PRIVATE key from a key store to > decrypt > > / unmarshall the message. > > > > It is possible that the private key could have a password that is > > different than the keystore password. That feature is not currently > > supported, but in my opinion it should be. > > > > I created a ticket for this: > > https://issues.apache.org/jira/browse/CAMEL-5545 > > > > I'll try to have a look at this in the next several days. > > > > -Rich > > > > > > On Tue, Aug 28, 2012 at 6:18 PM, ychawla > <premiergenerat...@yahoo.com>wrote: > > > >> Hi Dominik, > >> I think this is the default behavior in Java. Whenever I work with > >> keystores, the keystore password must match the key password. > >> > >> This could be due to the KeyManagerFactory implementation: > >> > >> > >> > http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/KeyManagerFactory.html#init%28java.security.KeyStore,%20char[]%29 > >> > >> It only allows for a single password. > >> > >> Thanks, > >> Yogesh > >> > >> > >> > >> -- > >> View this message in context: > >> > http://camel.465427.n5.nabble.com/XMLSecurity-key-recovery-fails-when-keystore-and-key-use-different-passwords-tp5718094p5718217.html > >> Sent from the Camel - Users mailing list archive at Nabble.com. > >> > > > >
