Hi
Thawan
anyone who intercept the package can decrypt and verify the signature of
the message,,, IF you used the "private" key of "client"...
In other words,,, if you sign and encrypt with the private key of the
"client",,, you ensure/assure the identity of the issuer,,,
non-repudiation of the issuer...
If you import the "Public key" of the server to inside your
client.jks,,, then,,, only the server ( in theory ) can decrypt the
message with the Server Private Key...
[/'s]
jr
Thawan Kooburat escreveu:
Hi,
I have sucessfully deployed Rampart policy sample 3 with Axis2
and Rampart 1.3
I am not sure about how the security mechanism work in this sample.
This is what I think:
The client sign and encrypt its message using private key stored
in client.jks. When a server receive the message, it decrypt and
verify the message by using public key extracted from the message
header.
This means that anyone who intercept the package can decrypt the message?
Thanks,
Thawan Kooburat
Department of Computer Engineering
Faculty of Engineering
Chulalongkorn University
Bangkok Thailand
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
