Hi Dennis, thanks for your reply. I was able to find it with the useReqSigCert keyword from your reply.
It's <entry key="encryptionUser" value="useReqSigCert"/>. Regards, Sebastian. On Fri, Mar 5, 2010 at 4:45 PM, Dennis Sosnoski <[email protected]> wrote: > Hi Sebastian, > > I think you need to use encryptionKeyIdentifier="useReqSigCert" in your > server configuration. > > - Dennis > > Dennis M. Sosnoski > XML and Web Services in Java > Training and Consulting > http://www.sosnoski.com - http://www.sosnoski.co.nz > Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 > > > > > Sebastian Krueger wrote: > >> Subject: WS-Security Encryption/Decryption Advice >> >> Hi guys, >> >> I'm currently developing a secure webservices scenario using Apache >> CXF/WSS4J. >> >> We require all messages to be signed and encrypted. This includes both >> messages to and from the server. >> >> I have gone through all the WS-Security examples in the Apache CXF Samples >> directory and have been able to get most of this >> functionality going. However, I can't seem to figure out how to encrypt >> messages going back to the client, using the public certificate >> that is provided in the inbound message's SOAP Header. >> >> To expand on this, the following is how it should work: >> >> 1. Client uses private key to generate signature and puts their public >> certificate into the SOAP Header >> 2. Client uses server's public key to encrypt message >> 3. Client sends message to server >> >> 4. Server decrypts message with server's private key >> 5. Server extracts clients public certificate from SOAP Header and >> verifies validity with CA's public key >> 6. Server uses clients public certificate from SOAP Header to verify >> signature >> >> 7. Server generates response message >> >> 8. Server uses private key to generate signature and puts their public >> certificate into the SOAP Header >> 9. Server uses clients public certificate (from inbound SOAP Header) to >> encrypt the signed message >> 10. Server sends message client >> >> 11. Client decrypts message with their private key >> 12. Client extracts server's public certificate from SOAP Header and >> verifies validity with CA's public key >> 13. Client uses signing certificate from SOAP Header to verify signature >> >> I have got most of this already working. >> >> However, how to do step 9 is not clear to me and I am seeking some advice >> on how to do this. >> >> My existing implementation uses the following applicationContext.xml >> files: >> >> Client: http://pastebin.com/DQJadG7p >> >> Server: http://pastebin.com/cu3gVxSu >> >> Thanks for your help! >> >> Regards, sebastian. >> >
