Re: Storage of Client Certificates
- From: "William Stacey [MVP]" <staceyw@xxxxxxxx>
- Date: Tue, 13 Sep 2005 19:24:43 -0400
You can use the server's cert to get a SecurityContextToken(SCT). This does
a secure key exchange. So you end up with a private Session key on both
sides. You can then use the SCT to encrypt messages in both directions and
both sides can decrypt as they both have the same session key (inside the
SCT). There are other ways too.
--
William Stacey [MVP]
"RobertP" <RobertP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:60B28679-3E0C-44B5-9260-2B7EA919F697@xxxxxxxxxxxxxxxx
> To send an encrypted response back to the client, I would need their
> public
> key.
>
> I guess I would not have to store their public key if they send the public
> key to me with their request?
>
> Thank You,
>
> Robert
>
> "Pablo Cibraro" wrote:
>
>> No, only if you identitfy your clients through public keys.
>> In this case, maybe, using a UsernameToken is a better idea. You can use
>> a
>> UsernameToken to identify clients and a X509 certificate to protect the
>> messages.
>> With this solution, your clients must have a public key and you only need
>> a
>> private key in the server's certificate store.
>>
>> Regards,
>> Pablo Cibraro
>> www.lagash.com
>>
>> "RobertP" <RobertP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:1A8ABB9F-00A4-453A-A156-7D2AFAED2E6E@xxxxxxxxxxxxxxxx
>> > If I have 5,000 users of my web service, I need to have 5,000 public
>> > keys
>> > in
>> > my server's Certificate Store?
>>
>>
>>
.
- References:
- Storage of Client Certificates
- From: RobertP
- Re: Storage of Client Certificates
- From: Pablo Cibraro
- Storage of Client Certificates
- Prev by Date: MTOM on WSE 3.0
- Next by Date: Re: Web Services Enhancements included in .NET 2.0?
- Previous by thread: Re: Storage of Client Certificates
- Next by thread: Re: Storage of Client Certificates
- Index(es):
Relevant Pages
|
