Hi wss4j user, In .NET, UsernameToken can be used for both signature and encryption. I have some problem in interoperating the secure web services in .NET. I am trying to use wss4j to add security headers to the SOAP Envelope.
My questions are: 1. If the UsernameToken is used for encryption, must it be a symmetric encryption key(a shared secret key)? Can I use any random string to act as the Shared Secret Key? Or shared secret key must be some special strings? 2. Which one is actually the secret key, the password alone, the combination of username and password, or other combination of username password nonce and creationTime? If my question is intuitive, could you please point me somewhere else? Regards, Xinjun --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
