fanyun wrote:
> My business need is one site send xml messages to another. They will need digital
>signature and encryption to ensure security.
>
> Is there any code in turbine can be used for CA (use public key and private key for
>code and decode).
This is outisde of the scope of Turbine. For Turbine, security is logging in users,
and determining what
permissions the specific user has. The security of transfer the HTML pages/form
submissions over the internet
can be achieved, by using HTTPS protocol, which is HTTP over SSL. SSL is a protocol
that uses public/private
key pairs for authentication and exchange of keys for session encryption (symmetric
cipher).
There are many possibilities of running servlets over HTTPS connection, notably
Apache+mod_ssl+mod_jk+Tomcat
standalone Tomcat (with JSSE implementation) or a commercial appserver like BeaSys
WebLogic.
You can make you own secure SSL connection to transfer arbitrary data. It's like using
ordinary sockets,
except the creation of connections, where you must provide authentication information.
To use this you
need to have an implementaion of JSSE. JSSE is a package you can download free from
Sun, but you cannot
use it for your production system, you must buy some commercial implementaion of it.
JSSE needs public/private keys, that may be generated with standard tools that are
included in the JDK
(see documentaion for keytool).
Rafal
--
Rafal Krzewski
Senior Internet Developer
mailto:[EMAIL PROTECTED]
+48 22 8534830 http://e-point.pl
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
