Hi dev, Can i config the length of derived key from the policy file? The problem is wse3.0 use derived-key as following ---------------------------------------------------------------- <wssc:DerivedKeyToken wsu:Id="SecurityToken-4cdbe731-ad21-4dff-afc3-2ab43f754756" Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1"; xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";> <wsse:SecurityTokenReference> <wsse:Reference URI="#SecurityToken-b3c94658-1e36-4637-bc42-604fbce4544a" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; /> </wsse:SecurityTokenReference> <wssc:Generation>0</wssc:Generation> <wssc:Length>24</wssc:Length> <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label> <wssc:Nonce>GRT5sLVWPCOjBECjj5kUWQ==</wssc:Nonce> </wssc:DerivedKeyToken> <wssc:DerivedKeyToken wsu:Id="SecurityToken-190de257-b060-49bc-94d2-692ff6c43550" Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1"; xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";> <wsse:SecurityTokenReference> <wsse:Reference URI="#SecurityToken-b3c94658-1e36-4637-bc42-604fbce4544a" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; /> </wsse:SecurityTokenReference> <wssc:Generation>0</wssc:Generation> <wssc:Length>32</wssc:Length> <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label> <wssc:Nonce>9LbRRJM89pbDCkb374wm/A==</wssc:Nonce> </wssc:DerivedKeyToken> --------------------------------------------------------------- In wse3.0 they using length of derived-key 24 and 32 respectively, and my work which using rampart module generate derived-key with lenght 16 and 32. Can i change length of derived-key in rampart ?
My policy file show below ------------------------------------------------------------- <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:RequireKeyIdentifierReference/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintRefderence/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11> <wsp:Policy> <sp:RequireSignatureConfirmation/> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> --------------------------------------------------------------------------------- Thank you for advance twl
