I would recommend "Beginning Cryptography in Java" by David Hook (WROX) as a first step. It contains just about everything you might want to know about how to use the JCE while highlighting the importance of specific things when writing crypto code. While it does not cover XML Signature and XML Encryption, you can figure that out from various tutorials once you've understood the fundamental concepts. You can also find working examples of both in StrongKey - www.strongkey.org.
Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: Joseph Bonello <[EMAIL PROTECTED]> Date: Monday, June 18, 2007 0:51 am Subject: RE: Encrypt with public key > Dear all > > Thanks for your responses. I understand the argument you have brought > forward. Indeed what I needed is to encrypt using the public key > of sender, > not sign. What I would like to know is what algorithms are > available for > what I need (e.g. DSA, etc.) and a basic example of using public > key for > encryption. At the moment I am using a symmetric key for > encryption, so if > it is possible to encrypt with the private key of the sender, that > would be > even better. > > > Kind regards > Joseph > > > -----Original Message----- > From: Ulrich Ackermann [mailto:[EMAIL PROTECTED] > Sent: 15 June 2007 21:45 > To: security-dev@xml.apache.org > Subject: RE: Encrypt with public key > > Hi Thomas, > > this is exactly what I was stating in a previous post to Joseph: > > "Why do you want to SIGN a document with a PUBLIC key? I have > never heard of > anything like that. There is no authenticy involved when signing > with a > public key, but I guess you know that." > > Cheers, > Ulrich > > -----Ursprüngliche Nachricht----- > Von: security-dev@xml.apache.org > Gesendet: 14.06.07 13:52:54 > An: <security-dev@xml.apache.org> > Betreff: RE: Encrypt with public key > > > Hi Ulrich, > > You wrote: > > > 1. Create a RSAPrivateKeySpec object with the following (the > exponentscan be retrieved by any > > object implementing the RSAPublicKey interface): > RSAPrivateKeySpec(BigInteger modulus, BigInteger > > privateExponent) 2. Create a KeyFactory: > KeyFactory.getInstance("RSA")3. Generate the PrivateKey > > object by calling: generatePrivate(KeySpec keySpec), where > keySpec ist > the key specification you > > got in step 1. > > How is this supposed to work? The public key contains an exponent, but > this is the public not the > private exponent. You may be able to use this to create a private key > with this exponent, but the > usage of such key is questionable. > > What should the use case of a signature with a public key be? > > My 2ct. > > Thomas - speaking for myself and not for my employer. > > Software AG - Sitz/Registered office: Uhlandstra?e 12, 64297 > Darmstadt,Germany, - Registergericht/Commercial register: > Darmstadt HRB 1562 - > Vorstand/ Management Board: Karl-Heinz Streibich > (Vorsitzender/Chairman),David Broadbent, Mark Edwards, Dr. Peter > Kurpick, Alfred Pfaff, Arnd > Zinnhardt; - Aufsichtsratsvorsitzender/ Chairman of the > Supervisory Board: > Frank F. Beelitz - http://www.softwareag.com > > > > __________________________________________________________________________ > Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail- > Postfach! > Mehr Infos unter http://produkte.web.de/club/?mc=021131 > > > > >
