[jbossws-users] [JBossWS] - Re: WS-Security: keystores and truststores

PeterJ do-not-reply at jboss.com
Thu Mar 29 15:15:17 EDT 2007


Thanks again, Jason. I tried this for encryption (and your suggested additions to support signing by updating both truststores so that they contain both public keys) and it worked. I think I now have a little better understanding of the role of the truststore in this scheme.

For those of you following along at home (or at work), when Bob sends a message he uses Alice's key to encrypt the message but his key to sign it, so the config section of jboss-wsse-xxx.xml file looks like:

  <config>
  |     <sign type="x509v3" alias="bobs_key"/>
  |     <encrypt type="x509v3" alias="alices_key"/>
  |     <requires>
  |       <signature />
  |       <encryption/> 
  |     </requires>
  |   </config>

Of course, on Alice's machine, the aliases are the opposite. If you don't want to sign the messages, remove the < sign > and < signature/ > tags.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032911#4032911

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4032911



More information about the jbossws-users mailing list