RE: Help(urgent) : My Keypair did not work for wss4j project (wss 4j\interop example)

[Kosuru, Giri]

Nagaraj,               I was having the same problem like the one you have when I was applying WSS4J security for my Web Service. The WSS4J documentation does not talk about how to create keys and other infrastructure stuff (It will be nice if they can put this documentation in there, which is important for new guys for Security).I followed an article from devx.com and implemented WSS4J for web Service Security.               http://www.devx.com/Java/Article/28816/0/page/2     I guess you are missing the self signing and importing part from this article.  I followed this article 100% and implemented security. But even I follow this article 100%, I was still having problem with two keys. So for now I am using single key (private) at both client and server (and this worked). You may give a try that way.   Mean while I am also troubleshooting. If any one can point us to a good documentation on these infrastructure (Keys and Key Stores) stuff, that will be helpful.   Hope if helps.   Thanks Giri   -----Original Message----- From: Elilvannan Nagarajah [mailto:[EMAIL PROTECTED] Sent: Sunday, December 04, 2005 1:53 AM To: wss4j-dev@ws.apache.org Subject: Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop example)   Hi all,        I tried to use the wss4j project for adding security for my web services. For my web service I want to add signature and encryption type of security.  First I tested the interop example (tested with 'bob' and 'alice' entries) in the wss4j project. That works fine.                Then I tried to create my key store (using keytool) and generated 2 keypairs one for server and one for client. I configured correctly all properties ( I replace the entries 'bob' and 'alice' with my own aliases name 'affnoserver' and 'affnoclinet'). But for my case client side is working fine (encrypt the request and sign and send) but in the serverside I got an exception (when decrypting).   This is the exception trace ----   org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is:         java.security.UnrecoverableKeyException: Cannot recover key         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte dKey(EncryptedKeyProcessor.java:268)         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte dKey(EncryptedKeyProcessor.java:81)         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En cryptedKeyProcessor.java:75)         at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur ityEngine.java:252)         at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur ityEngine.java:179)         at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja va:159)          this is my key store :       Keystore type: jks Keystore provider: SUN   Your keystore contains 2 entries   Alias name: affnoserver Creation date: Dec 2, 2005 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl Serial number: 43900be2 Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006 Certificate fingerprints:          MD5:  23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75          SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08     ******************************************* *******************************************     Alias name: affnoclient Creation date: Dec 2, 2005 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL Serial number: 43904844 Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006 Certificate fingerprints:          MD5:  B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3          SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2     ******************************************* *******************************************   I used following commands for creating this key store.   keytool -genkey -keyalg RSA -alias affnoserver -keystore affnoserver.jks   -keypass XXXXXXX  -storepass password   keytool -genkey -keyalg RSA -alias affnoclient -keystore affnoserver.jks   -keypass XXXXXXX  -storepass password     Should I use some other commands to create this key store (like openssl or PKCS12 format ...)   Please anybody can help me how to create my own keystore and keypairs for this wss4j project?     Thanks and best regards, N.Elilvannan