Re: WSS4J Encryption with public key ???

Fri, 13 Nov 2009 11:37:29 -0800 

Hi,
superk888 wrote:

Yep, I've figured it out afterward. But when working with asymmetric
encryption, aren't we suppose to have 2 possibilities with one key pair? 
- A encrypts with A's private key --> B decrypts with A's public key
It's a signature operation which happens with A's private key and B verifies the signature with A's public key. if we use public key to decrypt then many guys 'C', 'D', 'E', etc would decrypt the message, which we don't want, we wanted only 'B' to decrypt as it's encrypted for 'B' only. Hence, encryption won't work here. This is a Signature, where everyone can come to know that only 'A' has sent the message. 


- A encrypts with B's public key --> B decrypts with B's private key

  

This is right for Encryption. We do encryption so that only one guy 'B' 
who has it's private key can decrypt. All other's won't be having 'B's 
private key, hence can't decrypt.

Besides, there is something wrong with the WSPasswordCallback class from
WSS4J : this class uses a private key to decrypt a message. It logically

throws an exception when we try to decrypt with a public key. 


But then, why the hell does it allow to encrypt with a private key?

  

I hope this helps.

With Regards,
Mayank


Colm O hEigeartaigh wrote:

  

    

For an unknown reason to me, the crypto engine is looking for a

      

private 
    

key in the specified keystore object, which actually only contains a 
certificate since it is the server's public key:confused:
      

The client needs a private key to decrypt the (encrypted) message
received from the server. The service should be configured to encrypt
the response using the client's public key.

Colm.

-----Original Message-----

From: superk888 [mailto:[email protected]] 
Sent: 12 November 2009 12:04

To: [email protected]
Subject: WSS4J Encryption with public key ???



Hi everyone, 


I've implemented a Web Service that supports 2-ways encryption features
using the X.509 Certificates method. Everything works fine when using 2
pairs of keys as it is described in the Apache CXF documentation, but
what I
am trying to do, is to use only one pair of keys : server-side keeps its
own
private key and gives its public key to the service client.
Consequently,
client-side has to encrypt messages before sending with the server's
public

key, which should work since this is an asymmetric encryption method. 


Nevertheless, my service client succeeds to encrypt a message with the
server's public key but when the latter sends a response, my service
client
fails to decode the encrypted response. Is this case, I got the
following

error : 


2009-11-12 12:55:22,261 [main] ERROR
org.apache.ws.security.components.crypto.CryptoBase - Cannot find key
for
alias: [myAlias] in keystore of type [jks] from provider [SUN version
1.5]
with size [1] and aliases: {myAlias}
12-nov.-2009 12:55:22
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage

ATTENTION: 
org.apache.ws.security.WSSecurityException: The signature or decryption

was

invalid; nested exception is: 
	java.lang.Exception: Cannot find key for alias: [myAlias]

        at ...
...
Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
        at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto
Base.java:214)
        at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
y(EncryptedKeyProcessor.java:328)
        ... 71 more
12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
ATTENTION: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was

invalid; nested exception is: 


For an unknown reason to me, the crypto engine is looking for a private
key
in the specified keystore object, which actually only contains a
certificate

since it is the server's public key:confused: 


What am I missing?
--
View this message in context:
http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26
316077.html
Sent from the WSS4J mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




    



  



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to