[xmlsec] wsse tokens and encryption
aleksey at aleksey.com
Fri Jun 13 15:24:09 PDT 2008
I am really sorry but I don't understand what you are trying
to do. The only guess I have is that the certificate was not
associated with the key but I am not sure.
You might want to step through xmlsec source code in the debugger
and see why it doesn't do what you want it to do.
Brian.Myers at zootweb.com wrote:
> First off I'd like to say thank you to Aleksey and the mailing list.
> This library has saved me from trying to invent a security
> implementation on my own,
> and the dialog in the mailing list has helped me fix difficult problems
> that didn't seem to have obvious solutions. Thank you!
> Now, the problem I'm having has to do with wsse security tokens and
> More specifically the subject key identifier found in x509 certificates.
> I'm trying to fill out this node, which would be part of the
> EncryptedKey node in the SOAP:Header:
> <wsse:KeyIdentifier ValueType="wsse:X509SubjectKeyIdentifier"
> with information that would be gathered from this node:
> The problem is that encryption returns this for X509Data node:
> Empty. I realize that you generally don't apply a certificate to
> encryption, but I can't do this step with signature creation
> because I'd have to change the document, which would make the signature
> What I'm doing:
> - I load up my key into a keys manager
> - I load up my cert into the keys manager
> - Create the encryption context object with the manager as its parameter
> - Set encryption context encKey to generated des key
> - Successfully create encrypted data template with X509Data,
> X509Certificate, and X509SKI properly attached to KeyInfo node
> - Successfully encrypt data
> - Parse and print out document and see that the X509Data node is now
> empty, thus not able to get the SKI info
> If the node had been filled out as I had hoped, I would have:
> - Located the X509Data node and unlinked it from the document
> - Set the content of the KeyIdentifier node to the content of the
> X509SKI node
> Is there something I'm doing wrong, is this something that xmlsec can't
> do, and/or is there a better way to do this?
> Thank you very much,
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec