Hi Lukasz, In the example alice.jks is the public key sent by the client and bob.jks is the private key with whom it is matched on the server.
The main thing to know is that the client only knows about alice.jks and the server only knows bob.jks. The client uses alice.properties which contains the details for the location of the alice.jks file to timestamp encrpt the message in its cxf out interceptor. The cxf-bc consumer then uses alice.properties (signaturePropFile) to validate against information in bob.properties (encryptionPropFile). On the outbound the consumer then uses the private key in its out interceptor i.e bob.properties (signaturePropFile) to timestamp encrypt the outgoing response to be matched against alice.jks (encryptionPropFile) in the client. Note the order of the signatureProp file to figure out what is used to encrypt and the encryptionPropFile to figure out what key is used to verify the match... Hope this helps. Cheers, Ashwin... Lukasz L. wrote: > > I have a question to the cxf-ws-security example shipped with Fuse. > What's inside alice.jks and bob.jks? I suppose that it contains both > private and public key. > > I want to only sing the message in client and I have > public.jks on server and private.jks in client (where private.jks is > generated using keytool -genkey and public.jks is public key from this > private keystore extracted using keytool -export and -import) > > How should I configure both sides in such case? > Should I have something like that: > on server: > org.apache.ws.security.crypto.merlin.file=public.jks > > on client: > org.apache.ws.security.crypto.merlin.file=private.jks > > ? > ----- --- Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence Progress Software Corporation 14 Oak Park Drive Bedford, MA 01730 --- +1-972-304-9084 (Office) +1-972-971-1700 (Mobile) ---- Blog: http://opensourceknowledge.blogspot.com/ -- View this message in context: http://www.nabble.com/CXF-WSS-example-tp20857457p20864944.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
