Re: Question about Rampart's policy sample 3

Sun, 16 Mar 2008 07:44:22 -0700 

Hi,
    Thanks for your reply,

>  If you import the "Public key" of the server to inside your
>  client.jks,,, then,,, only the server ( in theory ) can decrypt the
>  message with the Server Private Key...

   Can I achieve this with Java keytool?  And do I need to modify
policy.xml other than changing parameters in <ramp:RampartConfig> part
?

Thanks,

Thawan


On Sat, Mar 15, 2008 at 11:35 PM, Arlindo Luis Marcon Junior
<[EMAIL PROTECTED]> wrote:
> Hi
>
>  Thawan
>
>
>  anyone who intercept the package can decrypt and verify the signature of
>  the message,,, IF you used the "private" key of "client"...
>  In other words,,, if you sign and encrypt with the private key of the
>  "client",,, you ensure/assure the identity of the issuer,,,
>  non-repudiation of the issuer...
>
>  If you import the "Public key" of the server to inside your
>  client.jks,,, then,,, only the server ( in theory ) can decrypt the
>  message with the Server Private Key...
>
>
>  [/'s]
>  jr
>
>  Thawan Kooburat escreveu:
>
>
> > Hi,
>  >     I have sucessfully deployed  Rampart policy sample 3 with Axis2
>  > and Rampart 1.3
>  >     I am not sure about how the security mechanism work in this sample.
>  >     This is what I think:
>  >     The client sign and encrypt its message using private key stored
>  > in client.jks.  When a server receive the message, it decrypt and
>  > verify the message by using public key extracted from the message
>  > header.
>  >
>  >     This means that anyone who intercept the package can decrypt the 
> message?
>  >
>  > Thanks,
>  >
>  > Thawan Kooburat
>  >
>  > Department of Computer Engineering
>  > Faculty of Engineering
>  > Chulalongkorn University
>  > Bangkok Thailand
>  >
>  > ---------------------------------------------------------------------
>  > To unsubscribe, e-mail: [EMAIL PROTECTED]
>  > For additional commands, e-mail: [EMAIL PROTECTED]
>  >
>  >
>  >
>
>  ---------------------------------------------------------------------
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
Thawan Kooburat

Department of Computer Engineering
Faculty of Engineering
Chulalongkorn University
Bangkok Thailand

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to