Hi Benito,
WSS4J only supports signing using HMAC in a limited set of circumstances, for example signing using a key derived from a UsernameToken. The implementation looks pretty limited though. What are your exact requirements? How will your symmetric key be derived? Colm. ________________________________ From: Benito Ríos [mailto:[email protected]] Sent: 16 December 2008 09:49 To: [email protected] Subject: Symmetric key signature Hi, I'd like to know if WSS4J provides symmetric key signatures. I need to develop a web service client in java which has to sign messages with a symmetric key, using the algoritm HMAC-SHA1 (http://www.w3.org/2000/09/xmldsig#hmac-sha1). The client also has also to validate signed messages received from server which uses the same symmetric key. <http://www.w3.org/2000/09/xmldsig#hmac-sha1> This is imposed by the service and there is no choice. <http://www.w3.org/2000/09/xmldsig#hmac-sha1> For example, I have seen that Sun's XWS Security framework doesn't provide signing but yes validating de signature with symmetric keys. Does WSS4J provide both signing and validating? If yes, some guide about how to write WSS4J security xml configuration would be very appreciated. How to inform the symmetric key to the framework? I only have seen examples of how to inform keystores and certificates. Thank you very much.
