Hi all, According to Web Service Security Specification (OASIS), i'm building a package that use Kerberos Ticket to secure web service. WSS Spec indicates that we can use KerberosTicket embbed in SOAP Header to sign/encrypt SOAPMessage. Now i'm doing some works with encrypting a SOAMessage by KerberosTicket.
I found that a SecretKey exchanged between client and kerberzied service is only 8 bytes length. But i wanna encrypt my SOAPmessage use tripleDes that need a SecretKey of 24bytes. I use XMLSecurity from Apache to sign/encrypt soapMsg and it supports tripleDes not DES. So any idea to solve my problem ? Creating a Secretkey for tripleDES derived from just 8byte sessionkey ? Any idea ? Best Regards and many thanks. Hoai Van
<<winmail.dat>>
