Apr 5th, 2009, 06:19 PM
Encrypting Response w/Client's Public Key
I have a basic web service working using Spring-WS secured using XWS. Basically both the client and server require encryption and both require messages to be signed. So far I have been successful in doing this; the only problem is that in my server's XWS policy file, I have to hard code the alias of the entry in the keystore for encrypting the response. What I would *LIKE* to do is have the server automatically encrypt the response using the public key that is contained within the message from the client. The problem is, I don't know how to configure this, and I can't seem to find any information on how to do this.
I would appreciate any pointers regarding this. However I'm wondering...if there's no practical way of doing this (which doesn't seem plausible), should I instead just be using a shared symmetric key for performing encryption/decryption of the messages?
Apr 6th, 2009, 09:44 AM
Why don't you just encrypt with the server's private key and have the client decrypt with the public key? What I mean is, each endpoint should be encrypting with its private key and decrypting with the other party's public key.
Apr 6th, 2009, 03:16 PM
But that's not how a PKI system works. In a PKI system, you perform encryption operations with the recipient's public key, and the recipient decrypt's with their own private key. This is how XWSS works (and Spring-WS makes it easy to work w/XWSS via interceptors and whatnot).
Besides, there's no point in encrypting something (except in the case when dealing with signatures) with your own private key because anybody with your public key can decrypt it.
I did actually find this link:
which describes EXACTLY what I want to do. I'm now in the process of hacking the "KeyStoreCallbackHandler" code in order to do this. I'll update this post as I make progress.
Apr 6th, 2009, 03:48 PM
Doh! Of course you're right, and I'm an idiot. This is what I get for surfing message boards before I've had my morning coffee!
Jun 3rd, 2009, 10:20 AM
Tags for this Thread