[xmlsec] FW: [Pyxmlsec-devel] Using XML Encryption examples
Kershaw, PJ (Philip)
P.J.Kershaw at rl.ac.uk
Mon Oct 3 07:37:01 PDT 2005
I posted this question recently to the PyXMLSec mailing list. PyXMLSec's author Valéry suggested that I forward it to this group.
I would like to use XMLSec to encrypt small SOAP messages using PKI. I've read that it's possible to use 'key wrapping' - encrypt the message with a shared key and encrypt the shared key itself with the public key of the recipient. I've been looking at the encrypt3 example + decrypt3. Would this be along the right lines or should I be looking else where?
> -----Original Message-----
> From: pyxmlsec-devel-bounces at lists.labs.libre-entreprise.org
> [mailto:pyxmlsec-devel-bounces at lists.labs.libre-entreprise.org
> ]On Behalf
> Of Valéry Febvre
> Sent: 20 September 2005 17:50
> To: pyxmlsec-devel at lists.labs.libre-entreprise.org
> Subject: Re: [Pyxmlsec-devel] Using XML Encryption examples
> Kershaw, PJ (Philip) wrote:
> > Hi Valéry,
> > Thanks for getting back to me about this.
> > I was interested in the examples to see if there was a way of using
> > xmlsec to encrypt using public key technology or a combination of
> > public and shared key?
> > I've read that you can use a combined shared and public key strategy
> > whereby a shared symmetric key is encrypted using the public
> > asymmetric key of the recipient. This in order to give the
> > of the speed/efficiency of shared key technology + the
> convenience of
> > public key technology i.e. it being easier to manage keys.
> > I'm writing an authentication system for a GRID related project and
> > would like to be able to encrypt SOAP messages containing username
> > and password. As the data content is so small perhaps I could
> > encrypt using public key technique alone?
> In fact, I don't know. I'm not an XMLSec expert.
> It's perhaps possible but as you said above, it's less secure and
> > Given, the bug you mention does this restrict xmlsec with the use of
> > public key technology for encryption? If not, could you
> suggest some
> > pointers to how I might go about it.
> The best place to ask yours questions is the mailing list of XMLSec
> (xmlsec at aleksey.com)
> If it's possible, try to determine the needed functions so I
> can answer
> you if these functions are implemented in the PyXMLSec.
> Pyxmlsec-devel mailing list
> Pyxmlsec-devel at lists.labs.libre-entreprise.org
More information about the xmlsec