[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    Re: encryptionKeyIdentifier
From:       "Ruchith Fernando" <ruchith.fernando () gmail ! com>
Date:       2006-10-20 10:57:44
Message-ID: 559c463d0610200345l289a9169qeaed3e20372770d8 () mail ! gmail ! com
[Download RAW message or body]

On 10/9/06, sergio salvi <nanorisentito@yahoo.it> wrote:
> Which is the difference between the 3 values of the
> field 'encryptionKeyIdentifier' in the wsdd file?
> I've read the documentation at
> http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/WSConstants.html
> but I still have some doubts.
> There it's written : "The encryption method uses the
> private key associated with this certificate to
> encrypr the symmetric key used to encrypt data". My

IMHO this should be corrected to say : "The encryption method uses the
*public* key associated with this certificate to encrypr the symmetric
key used to encrypt data"

Thanks,
Ruchith


> doubt is: if it uses the private key to encrypt the
> symmetric key anyone can decrypt it using the public
> key associated with the certificate and so anyone can
> get the value of the symmetric key and can decrypt the
> data. If this is true where is the security?
> 
> __________________________________________________
> Do You Yahoo!?
> Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio \
> gratuito per i tuoi file e i messaggi http://mail.yahoo.it
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]