Patrick, I'm trying to do these things: -avoid performance penalty of asymmetric encryption -The service needs to have access to a user/pw, so I can write some code that will authenticate/authorize the request using our own LDAP server. -I want my message and credentials to be confidential -I'd like to know that the data that was sent is exactly the data that was received. Patrick wrote: >>The discussion related to the embedded key stuff relates (predictably) only to encryption and not to signature Perhaps, but the example cited uses 'Signature' on the service named 'ping4':: <parameter name="action" value="Signature Encrypt Timestamp"/> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apa che/ws/axis/oasis/Client_deploy.wsdd If signatures don't work/make sense with symmetric encryption, I'm ok with that -- just trying to figure out why the wss4j test for symmetric encryption (claims to) use encryption and signature together. I'm real new to this stuff. --Erik
________________________________ From: Patrick J Kobly [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2008 3:31 PM To: Ostermueller, Erik Cc: [email protected] Subject: Re: Need help figuring out CryptoBase#getCertificates(alias) How is it that you'd expect to get a certificate for / related to a symmetric key? What would you expect such a certificate to look like? What would you expect a signature using only a symmetric key would look like? The discussion related to the embedded key stuff relates (predictably) only to encryption and not to signature (as would be expected of any symmetric scheme), yet you seem to be trying to do signature stuff... What is it you are trying to accomplish here? PK Ostermueller, Erik wrote: Whoops! Previous file is bad. Try this one: http://www.mediafire.com/?d3hx342xtxm The new file name is symmetric-encryption3.zip ________________________________ From: Ostermueller, Erik [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2008 2:21 PM To: [email protected] Subject: RE: Need help figuring out CryptoBase#getCertificates(alias) ok, I've re-worked my example ( download the little zip file here: http://www.mediafire.com/?mcdmogmnv4x ) following the wss4j symmetric encryption example referenced in this thread: http://markmail.org/message/swsdex5tinkfht42#query:wss4j%20symmetric+pag e:1+mid:wqeg3cluw4cn2fr3+state:results <BLOCKED::http://markmail.org/message/swsdex5tinkfht42#query:wss4j%20sym metric+page:1+mid:wqeg3cluw4cn2fr3+state:results> To get this example running, just configure the stuff in bin/setenv.cmd and run "ant client" No need to run the server -- it fails before it gets there with the message: Unexpected number of X509Data: for Signature So the error hasn't changed, but it is tough to tell whether I've got this configured correctly. At the top of the method CryptoBase.getCertificates(alias), the methods isKeyEntry(), containsAlias(), getKey() and the enum aliases on CryptoBase.keystore all seem to contain the right alias/key data. As far as I can see, the issue is that the methods mentioned above on the CryptoBase.keystore instance return good-looking data but the method getCertificateChain(alias) -- on the exact same instance -- retuns null. Thanks, --Erik -- Patrick Kobly, CISSP T: 403-274-9033 C: 403-463-6141 F: 866-786-9459 56 388 Sandarac Dr NW Calgary, Alberta T3K 4E3 http://www.kobly.com <!--[if !supportLineBreakNewLine]--> <!--[endif]--> ______________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________
