Ok, I understand now that you do want to encrypt your session key with a certificate but that the certificate is present in memory only, not on hard drive.
Sorry, I'm too new to WSS4J for that. Try reading the source code, it's clearer than the documentation (at least for me) and you'll quickly find if what you want is possible.
-----Message d'origine-----
De : p m [mailto:[EMAIL PROTECTED]
Envoyé : lundi 13 novembre 2006 14:40
À : [email protected]
Cc : Yann
Objet : Re: RE : p m [EMAIL PROTECTED]
Hello,De : p m [mailto:[EMAIL PROTECTED]
Envoyé : lundi 13 novembre 2006 14:40
À : [email protected]
Cc : Yann
Objet : Re: RE : p m [EMAIL PROTECTED]
I think we don't understand each other.
I would like to encrypt/decrypt without a certificate file stored in my computer like it is written in the cryto.properties, i don't know how i can do this because i get a NullPointeurException when i try to decrypt my SOAP message (my Crypto has null for his properties instance).
I have never written that i want to encrypt/decrypt without using certificate.
When i want to use a certificate which is generated dynamicaly and not stored in my computer, i have a NullPointeurException on the org.apache.ws.security.components.crypto.AbstractCrypto#getCertificateFactory() with the line
String provider = properties.getProperty("org.apache.ws.security.crypto.merlin.cert.provider");
because 'properties' was set to null when i write this :
AbstractCrypto crypto = (AbstractCrypto) CryptoFactory.getInstance("org.apache.ws.security.components.crypto.Merlin", (Properties) null);
In the constructor :
public AbstractCrypto(Properties properties, ClassLoader loader) {
if (properties == null) {
return;
}
...
}
then wss4j does nothing when properties is equal to 'null'.... but when in my case, for decrypting, there is no test if properties is equal to 'null'... it is normal or wrong?
You say that i can encrypt/decrypt without using certificate, i will try this solution waiting yours answers about my problem.
Thanks a lot
Matthieu
2006/11/13, Yann < [EMAIL PROTECTED]>:
Yes. Using EMBEDDED_KEYNAME means you will supply the symmetric key identifier in the message. It implies that you use your own symmetric key (not a dynamically generated one, which is the default behaviour).Use builder.setSymmetricEncAlgorithm() to define the algorithm.Use builder.setSymmetricKey() to define the key to use to encrypt.Use the handle() callback (CallbackHandler interface) to find the key associated with the identifier on the recipient.But... it appears from your reply that what you want to do is not what I understood at first. You talked about encrypting/decrypting without a certificate, right? If yes, this is what I'm describing. There is absolutely no need of certificate for encryption/decryption.But now, you talk about "encrypt the session key with the certificate's public key". In this case, I don't see what particular thing you're trying to achieve and my answer is irrelevant.-----Message d'origine-----
De : p m [mailto:[EMAIL PROTECTED]]
Envoyé : lundi 13 novembre 2006 10:35
À : [email protected]
Cc : Yann
Objet : Re: p m [ [EMAIL PROTECTED]]Hi,
I try to encrypt the session key with the certificate's public key by using EMBEDDED_KEYNAME instead of BST_DIRECT_REFERENCE, and i define an identifier with builder.setUserInfo("my identifier"), but when i do this, when i want to encrypt my XML message :
builder.build(doc, crypto, secHeader)
a WSSecurityException occurs :
General security error (WSEncryptBody: No symmetrical encryption key supplied)
So, what i have to do?
BR
Matthieu
2006/11/10, Yann <[EMAIL PROTECTED]>:Hello,I'm not sure to understand what you want. Sorry if my answer is irrelevant.You said: "I would like to know if it is possible to use WSS4J for encrypting and decrypting without using a certificate".Messages are encrypted using a session key (a symmetric key). The certificate is used the encrypt this key and send it to the recipient along with the encrypted message. You can avoid encrypting the session key with the certificate's public key by using EMBEDDED_KEYNAME instead of BST_DIRECT_REFERENCE. In that case, as the session key is not encrypted, it won't be sent. Then, you'll have to define an identifier with builder.setUserInfo("my_identifier"); and manually find this (secret) key at the other endpoint.Yann
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.
