That depends on the set-up of the sender ad how it composes
the Security header, how to send the key identification, etc.
Using a generated symmetric key to encrypt the message context
is part of the OASIS Web Service Security Specifications which
in turn use the W3C XML signature and XML Encryption specification.
These spec describe how to setup security header, which encryption
alogrithms are mandators, which are oprional etc etc.
Regards,
Werner
Oliver Wulff schrieb:
Hi there
Let's assume, I've got the following code for decryption of a soap message:
WSSecurityEngine secEngine = new WSSecurityEngine();
Crypto crypto = CryptoFactory.getInstance("TestService.properties");
secEngine.processSecurityHeader(doc, null, new MyCallbackHandler(),
crypto);
How does WSS4J know which private key it must use to decrypt the message?
Does it use the serial number only? This is the only piece which is passed
as part of the soap message to identify the certificate.
Is it best practise or part of the WS-Security spec to encrypt the
symmetric key with the public key of the target service and encrypt the
message context with the symmetric key which is sent as part of the
message?
Thanks
Oliver
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
