Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / October 2005

Tip: Looking for answers? Try searching our database.

X509 Encryption Token

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mr. BogoMips - 14 Oct 2005 16:24 GMT
Hi All.
I'm attempting to encrypt a SOAP message sent to a webservice running on
Bealogic 8.1

The EncryptedKey element generated by WSE looks like this

       <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
         <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
         <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
           <wsse:SecurityTokenReference>
             <wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X
509SubjectKeyIdentifier"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.
0#Base64Binary">1bjs/0GmPKnk/lF31M+bYcYxtYY=</wsse:KeyIdentifier>
           </wsse:SecurityTokenReference>
         </KeyInfo>
         <xenc:CipherData>
           
<xenc:CipherValue>KyE920h0X0o3V270wm2IKTCqIvB77JIViLAqxDYr7+oYEkD3XSojp+fH0UsaFRhqr2QAqd/2nYLq0WmlUkYG6w==</xenc:CipherValue>
         </xenc:CipherData>
         <xenc:ReferenceList>
           <xenc:DataReference
URI="#EncryptedContent-1d6b67f4-2e3d-435e-ba64-98ca19f1784c" />
         </xenc:ReferenceList>
       </xenc:EncryptedKey>

while the expected should be like this

            <enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
                <enc:EncryptionMethod
                    Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
                <dsig:KeyInfo
                    xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <dsig:KeyName>CN=cherry, OU=FOR TESTING ONLY, O=MyOrganization,
L=MyTown, ST=MyState, C=US</dsig:KeyName>
                </dsig:KeyInfo>
                <enc:CipherData>
                    <enc:CipherValue>DyqvxI/naCvwvvbiYm3qv06pdTZVoiEBdDEQ6sTzW9Ns6TXU5kLp0MfZBf35hQBc73wyJa0ERMecyW5VcjkZApus+FeQ9vZ0g6Bg1l19h+g1WgBj/ahmRDCzxR+L11qz2mSNiVHPHqaEOncRk0p4FD+XETtqX0Rhn7FVvmJ03Vg=</enc:CipherValue>
                </enc:CipherData>
                <enc:ReferenceList>
                    <enc:DataReference URI="#EncryptedData-iCKhP5cxKqBZX3h6c7ngJ/A/" />
                </enc:ReferenceList>
            </enc:EncryptedKey>

When I attempt to execute the WebService I get the following error:
<faultstring>
Exception during processing: java.lang.AssertionError:
weblogic.xml.stream.XMLStreamException: Unable to decrypt EncryptedKey: key
size of encryption/decryption mismatched - with nested exception:
[weblogic.xml.security.encryption.EncryptionException: Invalid input length
for decryption. Length should be multiple of 128 - Block Size. - with nested
exception:
[com.rsa.jsafe.JSAFE_InputException: Invalid input length for decryption.
Length should be multiple of 128 - Block Size.]] (see Fault Detail for
stacktrace)</faultstring>

Where I'm wrong?
Reply to this Message
Pablo Cibraro - 14 Oct 2005 20:46 GMT
Hi,
At first glance the expected encryption method is different. You are sending
RSA1.5 and your service is expecting RSA-OAEP.
You can change that setting using the following configuration in the client
configuration file:

<microsoft.web.services2>
...
 <security>
 ....
   <binarySecurityTokenManager
     valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
       <keyAlgorithm name="RSAOAEP"/>  <!-- add this to switch to RSA-OEAP
from default RSA15 -->
   </binarySecurityTokenManager>
 </security>
...
<microsoft.web.services2>

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

> Hi All.
> I'm attempting to encrypt a SOAP message sent to a webservice running on
[quoted text clipped - 56 lines]
>
> Where I'm wrong?
Reply to this Message
Mr. BogoMips - 14 Oct 2005 23:18 GMT
How can I to select the algorithm programmatically? provided I'm avoiding to
use configuration file?

I mean, on which object I should select the algorithm? the X509Certificate
object,  the EncryptedData object or the SecurityToken?

Thank you very much.

> Hi,
> At first glance the expected encryption method is different. You are sending
[quoted text clipped - 79 lines]
> >
> > Where I'm wrong?
Reply to this Message
Mr. BogoMips - 15 Oct 2005 01:13 GMT
Ok, I've changed the algorithm but I'm still getting that error.

Moreover, I've noticed that the Security element generated by WSE2 includes
a SecurityTokenReference that represent the certificate involved through its
Base64 keyname, while the example of invocation use the element KyName. Maybe
I need to change even this serialization step? And in this case How?
What's really shocking me is the "apparently" need to control so in deep the
serialization process...

> Hi,
> At first glance the expected encryption method is different. You are sending
[quoted text clipped - 79 lines]
> >
> > Where I'm wrong?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.