Yes. Using EMBEDDED_KEYNAME means you will supply the symmetric key identifier in the message. It implies that you use your own symmetric key (not a dynamically generated one, which is the default behaviour).
Use builder.setSymmetricEncAlgorithm() to define the algorithm.
Use builder.setSymmetricKey() to define the key to use to encrypt.
Use the handle() callback (CallbackHandler interface) to find the key associated with the identifier on the recipient.
But... it appears from your reply that what you want to do is not what I understood at first. You talked about encrypting/decrypting without a certificate, right? If yes, this is what I'm describing. There is absolutely no need of certificate for encryption/decryption.
But now, you talk about "encrypt the session key with the certificate's public key". In this case, I don't see what particular thing you're
trying to achieve and my answer is irrelevant.
-----Message d'origine-----
De : p m [mailto:[EMAIL PROTECTED]
Envoyé : lundi 13 novembre 2006 10:35
À : [email protected]
Cc : Yann
Objet : Re: p m [EMAIL PROTECTED]
Hi,De : p m [mailto:[EMAIL PROTECTED]
Envoyé : lundi 13 novembre 2006 10:35
À : [email protected]
Cc : Yann
Objet : Re: p m [EMAIL PROTECTED]
I try to encrypt the session key with the certificate's public key by using EMBEDDED_KEYNAME instead of BST_DIRECT_REFERENCE, and i define an identifier with builder.setUserInfo("my identifier"), but when i do this, when i want to encrypt my XML message :
builder.build(doc, crypto, secHeader)
a WSSecurityException occurs :
General security error (WSEncryptBody: No symmetrical encryption key supplied)
So, what i have to do?
BR
Matthieu
2006/11/10, Yann <[EMAIL PROTECTED]>:
Hello,I'm not sure to understand what you want. Sorry if my answer is irrelevant.You said: "I would like to know if it is possible to use WSS4J for encrypting and decrypting without using a certificate".Messages are encrypted using a session key (a symmetric key). The certificate is used the encrypt this key and send it to the recipient along with the encrypted message. You can avoid encrypting the session key with the certificate's public key by using EMBEDDED_KEYNAME instead of BST_DIRECT_REFERENCE. In that case, as the session key is not encrypted, it won't be sent. Then, you'll have to define an identifier with builder.setUserInfo("my_identifier"); and manually find this (secret) key at the other endpoint.Yann
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
