Hi all, I posted this question recently to the PyXMLSec mailing list. PyXMLSec's author Valéry suggested that I forward it to this group.
I would like to use XMLSec to encrypt small SOAP messages using PKI. I've read that it's possible to use 'key wrapping' - encrypt the message with a shared key and encrypt the shared key itself with the public key of the recipient. I've been looking at the encrypt3 example + decrypt3. Would this be along the right lines or should I be looking else where? Cheers, Phil > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > ]On Behalf > Of Valéry Febvre > Sent: 20 September 2005 17:50 > To: [EMAIL PROTECTED] > Subject: Re: [Pyxmlsec-devel] Using XML Encryption examples > > > Kershaw, PJ (Philip) wrote: > > Hi Valéry, > > > > Thanks for getting back to me about this. > > > > I was interested in the examples to see if there was a way of using > > xmlsec to encrypt using public key technology or a combination of > > public and shared key? > > > > I've read that you can use a combined shared and public key strategy > > whereby a shared symmetric key is encrypted using the public > > asymmetric key of the recipient. This in order to give the > advantage > > of the speed/efficiency of shared key technology + the > convenience of > > public key technology i.e. it being easier to manage keys. > > > > I'm writing an authentication system for a GRID related project and > > would like to be able to encrypt SOAP messages containing username > > and password. As the data content is so small perhaps I could > > encrypt using public key technique alone? > > In fact, I don't know. I'm not an XMLSec expert. > It's perhaps possible but as you said above, it's less secure and > slower. > > > Given, the bug you mention does this restrict xmlsec with the use of > > public key technology for encryption? If not, could you > suggest some > > pointers to how I might go about it. > > The best place to ask yours questions is the mailing list of XMLSec > ([email protected]) > http://www.aleksey.com/mailman/listinfo/xmlsec > > If it's possible, try to determine the needed functions so I > can answer > you if these functions are implemented in the PyXMLSec. > > Regards, > Valery > > _______________________________________________ > Pyxmlsec-devel mailing list > [EMAIL PROTECTED] > http://lists.labs.libre-entreprise.org/mailman/listinfo/pyxmlsec-devel > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
