RE: Server Side - Sender Encryption Question

[Richard Wareing]

Hi Abdul,   Thanks for the response.  The solution looks quite elegant, however won’t using the useReqSigCert feature on the server’s WSDoAllSender cause the sender to encrypt using the same public key used to verify the requesters signature?  I was reading that it is best to use separate key-pairs for signing & encryption (Ref: http://www.washington.edu/computing/windows/issue22/encryption.html; see “Keys, Keys, and More Keys” ).   That said, what is everyone’s experience with this, is it overkill to complicate key management for the benefits they cite?   Regards,   Richard Wareing Reimer Technology Group     -----Original Message----- From: Abdul Ashik [mailto:[EMAIL PROTECTED] Sent: 2005 September 29 2:18 PM To: Richard Wareing Cc: Apache WSS4J-Dev Mailing List Subject: Re: Server Side - Sender Encryption Question   Hi Richard, Check out the WSS4J FAQ: http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#many "To perform response encryption set the encryption user name to "useReqSigCert". This is a special name that directs the WSDoAllSender handler to use the stored client's certificate (the clients public key) to perform response encryption." Cheers, Ash On 9/29/05, Richard Wareing <[EMAIL PROTECTED]> wrote: Is there a method of having the client request a particular encryption key be used to encrypt the response data? What I'm trying to do here is have each web service user submit to us their public encryption key and use that to encrypt the data back to them (in conjunction with signing).  In other words, depending on the particular user that might be using the web service, we would use a specific public key to encrypt data back to them. Is there a way to accomplish this? Richard Wareing Reimer Technology Group --- [This E-mail scanned for viruses by Declude Virus] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]