Hi Colum, As always, thanks for your response. As you can tell, I don't have much knowledge about encryption algorithms, so I have following questions.
<<<What JDK vendor and version are you using on the WSP side? Some JDK's have a problem with the rsa-oaep key wrapping algorithm. Try just using the following instead for the "keyWrapAlgorithm" property (this is the default which explains why it works when you comment it out): "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; >>> I am using Sun jdk1.6.0_24 on WSP. I uncommented "EncryptionProperties" and set "keyWrapalgorithm" to "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; and it worked. So, does it mean that WSP "keyWrapalgorithm" depends on JDK vendor and version? Both "encryptionAlgorithm" and "keyWrapAlgorithm" are defined as a String, so on STS side we can define one values only. Correct? <<< The STS client can also specify other algorithms to use by sending a "<wst:EncryptionAlgorithm>...< /wst:EncryptionAlgorithm>" String and/or a "<wst:KeyWrapAlgorithm>...</wst:KeyWrapAlgorithm>" String in the request. >>> Regardless of "EncryptionProperties" settings on STS(cxf-encrypted-ut.xml), can override STS settings by specifying both <wst:EncryptionAlgorithm> and <wst:KeyWrapAlgorithm> in the client request? To set client settings should I use properties("encryption" and "symmetricKeyWrap" since I am using symmetric bindings)of org.apache.cxf.ws.security.policy.model.AlgorithmSuite? I mean that I need to create AlgorithmSuite bean and reference it in client configuration. Thanks. Gina
