[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: Re: encryptionKeyIdentifier
From: "Ruchith Fernando" <ruchith.fernando () gmail ! com>
Date: 2006-10-20 10:57:44
Message-ID: 559c463d0610200345l289a9169qeaed3e20372770d8 () mail ! gmail ! com
[Download RAW message or body]
On 10/9/06, sergio salvi <nanorisentito@yahoo.it> wrote:
> Which is the difference between the 3 values of the
> field 'encryptionKeyIdentifier' in the wsdd file?
> I've read the documentation at
> http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html
> but I still have some doubts.
> There it's written : "The encryption method uses the
> private key associated with this certificate to
> encrypr the symmetric key used to encrypt data". My
IMHO this should be corrected to say : "The encryption method uses the
*public* key associated with this certificate to encrypr the symmetric
key used to encrypt data"
Thanks,
Ruchith
> doubt is: if it uses the private key to encrypt the
> symmetric key anyone can decrypt it using the public
> key associated with the certificate and so anyone can
> get the value of the symmetric key and can decrypt the
> data. If this is true where is the security?
>
> __________________________________________________
> Do You Yahoo!?
> Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio \
> gratuito per i tuoi file e i messaggi http://mail.yahoo.it
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic