On 5/3/07, George Stanchev <[EMAIL PROTECTED]> wrote:
Fred,
Next rampart would be based on the next release WSS4J correct?
Would the crypto provider enhancements be available there?
Yes
Thanks,
Ruchith
Best Regards,
George
-----Original Message-----
From: Fred Dushin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 02, 2007 12:54 PM
To: Wacław Borowiec
Cc: [email protected]
Subject: Re: client public key
That depends partly on how you are using the toolkit, and if your client is
also willing to do message signature with the private key associated with the
public key with which you would like the server will encrypt the response.
If you're writing to the low-level APIs (primarily the classes in
org.apache.ws.security.message, then yes, I think you should be able to do
this. Your client will need to use the DirectReference KeyIdentifier when
signing (and presumably encrypting) the request, so that the certificate gets
sent as a BinarySecurityToken in the security header. After processing the
security headers, the signing certificate should be available on the results
vector, in which case you can turn around and use (the public key in) that
certificate to do the encryption of the response. You may need to fudge things
a bit, though, to get a Keystore set up with all the right pieces (viz., the
certificate you received), but it otherwise should be doable.
The next release of WSS4J should actually make construction of a Crypto a tiny
bit easier in a scenario like this, because you can now instantiate a Crypto
using a previously instantiated Keystore.
-Fred
On May 1, 2007, at 7:15 AM, Wacław Borowiec wrote:
> Hello
>
> I want to provide a service with two-way encryption. I don't want
> client's public key to be permanently stored on server's side. Is it
> possible to fetch client's certificate when he sends the request and
> use it for encryption of the answer?
>
> I'll be grateful for any help
> Waclaw Borowiec
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. Any
unauthorized review, use, disclosure or distribution is prohibited. If you are
not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
www.ruchith.org
www.wso2.org
