Fred, Next rampart would be based on the next release WSS4J correct? Would the crypto provider enhancements be available there?
Best Regards, George -----Original Message----- From: Fred Dushin [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 12:54 PM To: Wacław Borowiec Cc: [email protected] Subject: Re: client public key That depends partly on how you are using the toolkit, and if your client is also willing to do message signature with the private key associated with the public key with which you would like the server will encrypt the response. If you're writing to the low-level APIs (primarily the classes in org.apache.ws.security.message, then yes, I think you should be able to do this. Your client will need to use the DirectReference KeyIdentifier when signing (and presumably encrypting) the request, so that the certificate gets sent as a BinarySecurityToken in the security header. After processing the security headers, the signing certificate should be available on the results vector, in which case you can turn around and use (the public key in) that certificate to do the encryption of the response. You may need to fudge things a bit, though, to get a Keystore set up with all the right pieces (viz., the certificate you received), but it otherwise should be doable. The next release of WSS4J should actually make construction of a Crypto a tiny bit easier in a scenario like this, because you can now instantiate a Crypto using a previously instantiated Keystore. -Fred On May 1, 2007, at 7:15 AM, Wacław Borowiec wrote: > Hello > > I want to provide a service with two-way encryption. I don't want > client's public key to be permanently stored on server's side. Is it > possible to fetch client's certificate when he sends the request and > use it for encryption of the answer? > > I'll be grateful for any help > Waclaw Borowiec --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
