 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / November 2005Algorithm for Generating KeyIdentifier
Using the UsernameForCertificate example provided with WSE 3.0, the XML request generated by the client had this: <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1. 0#Base64Binary">8lkFvnxqfO/Jn8a/snA7Mr7FDsA=</wsse:KeyIdentifier> 1- According to Mark Fussell, a symmetric key is generated to encrypt and sign the message which is in turn encrypted by the public key of the server certificate. Did I understand that correctly or did I mess up? 2- How is this key generated (using what algorithm)? 3- How are the derived key tokens generated (using what algorithms)? 4- How do I get this value again (8lkFvnxqfO/Jn8a/snA7Mr7FDsA=) in the KeyIdentifier tag? Thank you, Sammy Hi Sammy, I'm not the WSE guy, so I can only answer some of them :). 1. Yes, that's right. This is an EncryptedKey 2. A symmetric key is generated using AES128 or AES256 according to the WSE configuration. That key is encrypted using an assymetric algorithm, RSA15 or RSA_AOP. 4. I'm not sure to understand this question clearly. Could you clarify it ? Regards, Pablo Cibraro http://weblogs.asp.net/cibrax http://www.lagash.com > Using the UsernameForCertificate example provided with WSE 3.0, the XML > request generated by the client had this: [quoted text clipped - 16 lines] > Thank you, > Sammy 4- What I'm saying is, KeyIdentifier has attributes, and a string. How is this string (element value) generated? > Hi Sammy, > I'm not the WSE guy, so I can only answer some of them :). [quoted text clipped - 31 lines] >> Thank you, >> Sammy It is the subject key identifier for the X509 certificate. You can get that value using the Certificate tool provided in WSE. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax http://www.lagash.com > 4- What I'm saying is, KeyIdentifier has attributes, and a string. How is > this string (element value) generated? [quoted text clipped - 34 lines] >>> Thank you, >>> Sammy Yes, but how can I calculate this value without WSE! > It is the subject key identifier for the X509 certificate. You can get > that value using the Certificate tool provided in WSE. [quoted text clipped - 43 lines] >>>> Thank you, >>>> Sammy From "X.509 Certificate Token Profile 1.1": "The <wsse:KeyIdentifier> element MUST have a ValueType attribute with the value or http://docs.oasisopen.org/wss/2005/xx/oasis-2005xx-wss-soap-message-security-1.1 #ThumbprintSHA1 and its contents MUST be the thumbprint for the desired certificate . If the certificate does not contain a X.509 Thumbprint extension, then one is computed as the SHA1 of the raw octets which would be encoded within the <wsse:BinarySecurityToken> element were it to be included. The thumbprint is encoded as per the <wsse:KeyIdentifier> element's EncodingType attribute. The default encoding is Base64." HTH, A. > Yes, but how can I calculate this value without WSE! > [quoted text clipped - 45 lines] >>>>> Thank you, >>>>> Sammy Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.