Yep, I've figured it out afterward. But when working with asymmetric encryption, aren't we suppose to have 2 possibilities with one key pair?
- A encrypts with A's private key --> B decrypts with A's public key - A encrypts with B's public key --> B decrypts with B's private key Besides, there is something wrong with the WSPasswordCallback class from WSS4J : this class uses a private key to decrypt a message. It logically throws an exception when we try to decrypt with a public key. But then, why the hell does it allow to encrypt with a private key? Colm O hEigeartaigh wrote: > > >> For an unknown reason to me, the crypto engine is looking for a > private >> key in the specified keystore object, which actually only contains a >> certificate since it is the server's public key:confused: > > The client needs a private key to decrypt the (encrypted) message > received from the server. The service should be configured to encrypt > the response using the client's public key. > > Colm. > > -----Original Message----- > From: superk888 [mailto:[email protected]] > Sent: 12 November 2009 12:04 > To: [email protected] > Subject: WSS4J Encryption with public key ??? > > > Hi everyone, > > I've implemented a Web Service that supports 2-ways encryption features > using the X.509 Certificates method. Everything works fine when using 2 > pairs of keys as it is described in the Apache CXF documentation, but > what I > am trying to do, is to use only one pair of keys : server-side keeps its > own > private key and gives its public key to the service client. > Consequently, > client-side has to encrypt messages before sending with the server's > public > key, which should work since this is an asymmetric encryption method. > > Nevertheless, my service client succeeds to encrypt a message with the > server's public key but when the latter sends a response, my service > client > fails to decode the encrypted response. Is this case, I got the > following > error : > > 2009-11-12 12:55:22,261 [main] ERROR > org.apache.ws.security.components.crypto.CryptoBase - Cannot find key > for > alias: [myAlias] in keystore of type [jks] from provider [SUN version > 1.5] > with size [1] and aliases: {myAlias} > 12-nov.-2009 12:55:22 > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > ATTENTION: > org.apache.ws.security.WSSecurityException: The signature or decryption > was > invalid; nested exception is: > java.lang.Exception: Cannot find key for alias: [myAlias] > at ... > ... > Caused by: java.lang.Exception: Cannot find key for alias: [myAlias] > at > org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto > Base.java:214) > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe > y(EncryptedKeyProcessor.java:328) > ... 71 more > 12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain > doIntercept > ATTENTION: Interceptor has thrown exception, unwinding now > org.apache.cxf.binding.soap.SoapFault: The signature or decryption was > invalid; nested exception is: > > For an unknown reason to me, the crypto engine is looking for a private > key > in the specified keystore object, which actually only contains a > certificate > since it is the server's public key:confused: > > What am I missing? > -- > View this message in context: > http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26 > 316077.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26341857.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
