You can typically support those types of scenarios by using a SymmetricBinding policy with an EndorsingSupportingToken/X509Token policy. What this means is that Signature and Encryption are done using a symmetric key (encrypted using the public key of the recipient) as per normal for the SymmetricBinding. Then you have a separate X.509 Signature which in turn signs the main symmetric Signature. See here for a policy example:
https://github.com/apache/cxf/blob/c7eee85aaebdfaae988adfcf8cc43206e568fda8/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl#L245 On Tue, Jul 31, 2018 at 7:03 PM, vlad.balan <vlad.ba...@gmail.com> wrote: > Hello > > > just a side question: > > the scenario where you encrypt parts of the message using a shared key > (that > you encrypt with the receipient's public key and send it to him) and also > both parties sign with their private key (certificate), is it symmetric or > assymetric? > > Because to me it is a mix of both: you use a shared key to encrypt (so > sounds like symmetric binding) and at the same time each signs with its > private key, (sounds like asymetric binding). > > > Also i'm curious how do you write this in xml in a security policy? (what > bindins, what token declarations, etc) > > > Thanks a lot. > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
