RE: Doubts in implementing XML encryption

Fri, 12 May 2006 15:27:14 -0700

Title: Message
As mentioned in the code I've specified, I use the alias name of my private key "privkey" in the setUserinfo() method of WSSecEncrypt.
 
In that case the output I get is:
 
       <xenc:EncryptedKey>
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <wsse:SecurityTokenReference>
           <ds:X509IssuerSerial>
            <ds:X509IssuerName>
CN=privkey       </ds:X509IssuerName>
            <ds:X509SerialNumber>
1146010922       </ds:X509SerialNumber>
      </ds:X509IssuerSerial>
       </wsse:SecurityTokenReference>
    </ds:KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>
DT+Y0OTk41GzlR1+g0PoAco3nX7fkZjCMio0LZvJYAM6ePo6lAK8vMii0ckL20MN11hgf2OoFumO
18Fbc8uz2Y0/U2sWlPHigFseR1qJlu4M1U79zxFfkQp7DZGwppkSn9YVWDNmUP8tOsT8PfVtXBld
ndYxwh7DOsai/x27C/k=     </xenc:CipherValue>
      </xenc:CipherData>
        <xenc:ReferenceList>
          <xenc:DataReference URI="#EncDataId-6781414"/>
      </xenc:ReferenceList>
    </xenc:EncryptedKey>
 
The <IssuerName> in the <SecurityTokenReference> is referring to "CN=privkey" which is the dname of my private key. I hope this is wrong. From my reading from the book "Securing Web Services with WS-Security" by Jothy Rosenburg and David Remy, the <KeyInfo> under the <EncryptedKey> holds the info of recipient's public key. If that is the case how will my client know the recipient's public key?!
 
Please help me understand this.
 
Thanks
Vignesh.
-----Original Message-----
From: Vignesh M.P.N. [mailto:[EMAIL PROTECTED]
Sent: Friday, May 12, 2006 5:16 PM
To: [email protected]
Subject: Doubts in implementing XML encryption

Hi all
 
I am facing problems in implementing XML encryption. I am new to web services and security, so please help me on this. I could not understand key management.
 

From my understanding of XML encryption in WS-Security, it uses combination of shared and public key cryptography wherein the message is encrypted using the shared key and then the shared key is encrypted by the recipient's (server) public key. So that the server decrypts the shared key using its private key and decrypts the message using the shared key. Please correct me if I am wrong.

 

I have created and self-signed the private key and public certificate using the Java's keytool and both of them are in the same keystore called "privkeystore". I created them based on this article: http://www.devx.com/Java/Article/28816/0/page/2

 

My doubt is reg. how do I use these keys? 

 

What should I provide to the setUserinfo() method of WSSecEncrypt? If I give the alias name of my private key, how will it encrypt this client's private key (shared key) using the server's public key. I could not understand this part. Please help me understanding this.

 

The following is my code for implementing XML encryption:

 

 private Message encryptSOAPEnvelope(SOAPEnvelope unsecureEnvelope, Message axisMsg)
  throws Exception
 {
  WSSecEncrypt encryptBody = new WSSecEncrypt();
  encryptBody.setUserInfo("privkey", "tempass");

  Document doc = unsecureEnvelope.getAsDocument();
  WSSecHeader secHeader = new WSSecHeader();
  secHeader.insertSecurityHeader(doc);

  //Build SOAP envelope with encrypted body and add encrypted key.
  Document encryptDoc = encryptBody.build(doc, crypto, secHeader);

  // Convert the document into a SOAP message.
  Message encryptMsg = (Message) toSOAPMessage(encryptDoc);
  String soapPart = encryptMsg.getSOAPPartAsString();
  ((SOAPPart)axisMsg.getSOAPPart()).setCurrentMessage(soapPart, SOAPPart.FORM_STRING);
  encryptDoc = axisMsg.getSOAPEnvelope().getAsDocument();
  Message encryptSOAPMsg = (Message)toSOAPMessage(encryptDoc);

  return encryptSOAPMsg;
 }

 

 

Thanks

Vignesh

Reply via email to