Re: UsernameToken Encryption with TripleDES

From: casey chesnut (casey_at_braSPAMins-N-braSPAMwn.com)
Date: 06/15/04

Next message: casey chesnut: "Re: can client request TripleDES through WS-Policy?"
Previous message: Jeff Key: "Re: WSE 2 RTM properties dialog"
In reply to: ByronKim: "Re: UsernameToken Encryption with TripleDES"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 15 Jun 2004 10:44:49 -0400

Thanks Byron, that worked.
my mistake was that i had been assuming the server side would key off the
EncryptionMethod passed in the request.

casey
http://www.brains-N-brawn.com

"ByronKim" <byronkim@online.microsoft.com> wrote in message
news:uqh$8SuUEHA.716@TK2MSFTNGP11.phx.gbl...
> The default encryption algorithm for UsernameToken, you should override
> this
> at server side by config or programmatically.
>
> <securityTokenManager xmlns:wsse=".." qname="wsse:UsernameToken" >
> <keyAlgorithm name="TripleDES"/>
> </securityTokenManager>
>
> or
>
> Update global.asax
>
> protected void Application_Start(Object sender, EventArgs e)
> {
>
> ISecurityTokenManager stm =
>>
> SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.U
>> sernameToken);
>> UsernameTokenManager userTokM = stm as UsernameTokenManager;
>> userTokM.DefaultKeyAlgorithm = "TripleDES";
>>
> }
>
>
>
> "casey chesnut" <casey@MORE_spam_PLEASEbrains-N-brawn.com> wrote in
> message
> news:eprvVCIUEHA.2724@TK2MSFTNGP11.phx.gbl...
>> i add this code to the UsernameSigning sample client:
>> serviceProxy.RequestSoapContext.Security.Elements.Add(new
>> EncryptedData(token));
>>
>> then the request going out is signed and encrypted with the
>> UsernameToken.
>> works and the server responds.
>> problem is that it sends AES128 and not TripleDES.
>>
>> so i add this to the code on the client:
>> ISecurityTokenManager stm =
>>
> SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.U
>> sernameToken);
>> UsernameTokenManager userTokM = stm as UsernameTokenManager;
>> userTokM.DefaultKeyAlgorithm = "TripleDES";
>>
>> the client sends it out encrypted with TripleDES, but the server throws
> the
>> exception (below).
>> it should just be a matter of P_SHA1'ing 24 bytes instead of 16, and
>> using
> a
>> TripleDES alg.
>>
>> also, is a server able to use the UsernameToken from the request to
> respond
>> with encrypted or signed data?
>> i have not been able to get that to work.
>>
>> Thanks,
>> casey
>> http://www.brains-N-brawn.com
>>
>> Calling
> http://localhost/UsernameSignCodeService/UsernameSigningService.asmx
>> ****** Exception Raised ******
>> System.Web.Services.Protocols.SoapException:
>> SOAP-Fault code:
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
>> ity-secext-1.0.xsd:UnsupportedAlgorithm
>> Message: Microsoft.Web.Services2.Security.SecurityFault: An unsupported
>> signatur
>> e or encryption algorithm was used
>> at
>> Microsoft.Web.Services2.Security.EncryptedData.ResolveDecryptionKey(String
>> algorithmUri, KeyInfo keyInfo)
>> at Microsoft.Web.Services2.Security.EncryptedData.Decrypt()
>> at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement
> element)
>> at
>> Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEn
>> velope envelope)
>> at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
>> envelope
>> )
>> at
>> Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapS
>> erverMessage message)
>> at
>> System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClie
>> ntMessage message, WebResponse response, Stream responseStream, Boolean
>> asyncCal
>> l)
>> at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
>> methodN
>> ame, Object[] parameters)
>> at UsernameSigningClient.StockServiceWse.StockQuoteRequest(String[]
>> symbols)
>> in C:\Program Files\Microsoft
>> WSE\v2.0\Samples\CS\QuickStart\UsernameSigning\Cod
>> e\UsernameSignCodeClient\UsernameSigningProxy.cs:line 50
>> at UsernameSigningClient.UsernameSigningClient.Run() in c:\program
>> files\micr
>> osoft
>> wse\v2.0\samples\cs\quickstart\usernamesigning\code\usernamesigncodeclient
>> \usernamesigningclient.cs:line 113
>> at UsernameSigningClient.UsernameSigningClient.Main(String[] args) in
>> c:\prog
>> ram files\microsoft
>> wse\v2.0\samples\cs\quickstart\usernamesigning\code\username
>> signcodeclient\usernamesigningclient.cs:line 50
>>
>>
>>
>
>

Next message: casey chesnut: "Re: can client request TripleDES through WS-Policy?"
Previous message: Jeff Key: "Re: WSE 2 RTM properties dialog"
In reply to: ByronKim: "Re: UsernameToken Encryption with TripleDES"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: UsernameToken Encryption with TripleDES
... The default encryption algorithm for UsernameToken, ... at server side by config or programmatically. ... > i add this code to the UsernameSigning sample client: ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Cross-Language Encryption: Python/Java
... and a server with Python CGI code. ... > an encryption algorithm, which would let me send encrypted information ... > want to use the built-in Java encryption suite. ...
(comp.lang.python)
[NT] Multiple Vulnerabilities in HP Web JetAdmin (Read, Write, Execute, Path Disclosure, Password De
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... HP Web JetAdmin is an enterprise management system for large amounts of HP ... The web server is a modular service ... HP Web JetAdmin uses it's own encryption. ...
(Securiteam)
Re: Advice needed on secure remote datacenter and secure communication
... fair bit of time working with windows server, ... as for VPN, ... Addressing your issue with PGP encryption on sensitive files, ...
(alt.computer.security)
Re: Proposal for Lite Encryption for Login Form without SSL
... the form uses javascript to hash the password ... This way the password is not sent to the server ... This would be the equivalent to a public key in public key encryption ...
(comp.lang.php)