2 Replies Latest reply on Nov 28, 2008 12:33 PM by peterj

Asymmetric encryption with ws-security?

ops Nov 27, 2008 4:07 AM

Hi everybody,

I need to encrypt a web service via ws-security. In every example I found there is always a mutual encryption. This means that both, client and server encode their messages using the public key of their counterpart. But this also means that the jboss web service needs a truststore containing the clients certificate. I wonder if there is no asymmetric way as in SSL, where the client simply donwloads the server certificate and they are able to exchange a secret key to communicate with. I know that it is possible to encrypt the web service request via the web containers SSL capabilities, but I definitely have to use the ws stack.
Any Ideas?

Thanks in advance,
Oliver.

1. Re: Asymmetric encryption with ws-security?

ops Nov 28, 2008 5:43 AM (in response to ops)

Hello again,

sorry, but this question is urgent. IÂ´ve already been trying several things and IÂ´m going mad with this. Is there really no way to "download" the servers public key to the client? In my opinion it should be easy to attach the servers certificate to the soap message. Should I try asking the security forum?

Greets, Oliver
Actions
2. Re: Asymmetric encryption with ws-security?

peterj Nov 28, 2008 12:33 PM (in response to ops)

As far as I know what you are asking is not possible. There were some discussions about how ws-security works, along with complete examples, a while back: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=127824
Actions

Go to original post