Re: WS-Security Encryption/Decryption Advice

Thu, 04 Mar 2010 19:46:09 -0800 

Hi Sebastian,
I think you need to use encryptionKeyIdentifier="useReqSigCert" in your server configuration. 

 - Dennis

Dennis M. Sosnoski
XML and Web Services in Java
Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117



Sebastian Krueger wrote:

Subject: WS-Security Encryption/Decryption Advice

Hi guys,


I'm currently developing a secure webservices scenario using Apache 
CXF/WSS4J.



We require all messages to be signed and encrypted. This includes both 
messages to and from the server.



I have gone through all the WS-Security examples in the Apache CXF 
Samples directory and have been able to get most of this
functionality going. However, I can't seem to figure out how to 
encrypt messages going back to the client, using the public certificate

that is provided in the inbound message's SOAP Header.

To expand on this, the following is how it should work:


1. Client uses private key to generate signature and puts their public 
certificate into the SOAP Header

2. Client uses server's public key to encrypt message
3. Client sends message to server

4. Server decrypts message with server's private key

5. Server extracts clients public certificate from SOAP Header and 
verifies validity with CA's public key
6. Server uses clients public certificate from SOAP Header to verify 
signature


7. Server generates response message


8. Server uses private key to generate signature and puts their public 
certificate into the SOAP Header
9. Server uses clients public certificate (from inbound SOAP Header) 
to encrypt the signed message

10. Server sends message client

11. Client decrypts message with their private key

12. Client extracts server's public certificate from SOAP Header and 
verifies validity with CA's public key

13. Client uses signing certificate from SOAP Header to verify signature

I have got most of this already working.


However, how to do step 9 is not clear to me and I am seeking some 
advice on how to do this.



My existing implementation uses the following applicationContext.xml 
files:


Client: http://pastebin.com/DQJadG7p

Server: http://pastebin.com/cu3gVxSu

Thanks for your help!

Regards, sebastian.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to