[jbossws-users] [JBossWS] - Re: WS-Security: keystores and truststores
PeterJ
do-not-reply at jboss.com
Thu Mar 29 15:15:17 EDT 2007
Thanks again, Jason. I tried this for encryption (and your suggested additions to support signing by updating both truststores so that they contain both public keys) and it worked. I think I now have a little better understanding of the role of the truststore in this scheme.
For those of you following along at home (or at work), when Bob sends a message he uses Alice's key to encrypt the message but his key to sign it, so the config section of jboss-wsse-xxx.xml file looks like:
<config>
| <sign type="x509v3" alias="bobs_key"/>
| <encrypt type="x509v3" alias="alices_key"/>
| <requires>
| <signature />
| <encryption/>
| </requires>
| </config>
Of course, on Alice's machine, the aliases are the opposite. If you don't want to sign the messages, remove the < sign > and < signature/ > tags.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032911#4032911
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4032911
More information about the jbossws-users
mailing list