Hi, to me it seems that you did not modify the password callback to give the correct key to get the private key for decryption.
Can you check if all your passwords are set up correctly, also in the callbacks? Regards, Werner Elilvannan Nagarajah wrote: > Hi all, > > I tried to use the wss4j project for adding security for my web > services. For my web service I want to add signature and encryption type > of security. First I tested the interop example (tested with 'bob' and > 'alice' entries) in the wss4j project. That works fine. > > Then I tried to create my key store (using keytool) and > generated 2 keypairs one for server and one for client. I configured > correctly all properties ( I replace the entries ‘bob’ and ‘alice’ with > my own aliases name ‘affnoserver’ and ‘affnoclinet’). But for my case > client side is working fine (encrypt the request and sign and send) but > in the serverside I got an exception (when decrypting). > > > > *_This is the exception trace ----_* > > > > org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; > nested > > exception is: > > java.security.UnrecoverableKeyException: Cannot recover key > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte > > dKey(EncryptedKeyProcessor.java:268) > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte > > dKey(EncryptedKeyProcessor.java:81) > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En > > cryptedKeyProcessor.java:75) > > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > > ityEngine.java:252) > > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > > ityEngine.java:179) > > at > org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja > > va:159) > > > > > > > > > > _this is my key store : _ > > > > > > > > Keystore type: jks > > Keystore provider: SUN > > > > Your keystore contains 2 entries > > > > Alias name: affnoserver > > Creation date: Dec 2, 2005 > > Entry type: keyEntry > > Certificate chain length: 1 > > Certificate[1]: > > Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl > > Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl > > Serial number: 43900be2 > > Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006 > > Certificate fingerprints: > > MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75 > > SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08 > > > > > > ******************************************* > > ******************************************* > > > > > > Alias name: affnoclient > > Creation date: Dec 2, 2005 > > Entry type: keyEntry > > Certificate chain length: 1 > > Certificate[1]: > > Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL > > Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL > > Serial number: 43904844 > > Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006 > > Certificate fingerprints: > > MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3 > > SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2 > > > > > > ******************************************* > > ******************************************* > > > > *_I used following commands for creating this key store._* > > *_ _* > > keytool -genkey -keyalg RSA -alias affnoserver -keystore > affnoserver.jks -keypass XXXXXXX -storepass password > > keytool -genkey -keyalg RSA -alias affnoclient -keystore > affnoserver.jks -keypass XXXXXXX -storepass password > > > > > > Should I use some other commands to create this key store (like openssl > or PKCS12 format ...) > > > > *Please anybody can help me how to create my own keystore and keypairs > for this wss4j project?* > > > > > > Thanks and best regards, > > N.Elilvannan > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
