[xmlsec] FW: [Pyxmlsec-devel] Using XML Encryption examples

Kershaw, PJ (Philip) P.J.Kershaw at rl.ac.uk
Mon Oct 3 07:37:01 PDT 2005 

Hi all,

I posted this question recently to the PyXMLSec mailing list.  PyXMLSec's author Valéry suggested that I forward it to this group.

I would like to use XMLSec to encrypt small SOAP messages using PKI.  I've read that it's possible to use 'key wrapping' - encrypt the message with a shared key and encrypt the shared key itself with the public key of the recipient.  I've been looking at the encrypt3 example + decrypt3.  Would this be along the right lines or should I be looking else where?

Cheers,
Phil

> -----Original Message-----
> From: pyxmlsec-devel-bounces at lists.labs.libre-entreprise.org
> [mailto:pyxmlsec-devel-bounces at lists.labs.libre-entreprise.org
> ]On Behalf
> Of Valéry Febvre
> Sent: 20 September 2005 17:50
> To: pyxmlsec-devel at lists.labs.libre-entreprise.org
> Subject: Re: [Pyxmlsec-devel] Using XML Encryption examples
> 
> 
> Kershaw, PJ (Philip) wrote:
> > Hi Valéry,
> > 
> > Thanks for getting back to me about this.
> > 
> > I was interested in the examples to see if there was a way of using
> > xmlsec to encrypt using public key technology or a combination of
> > public and shared key?
> > 
> > I've read that you can use a combined shared and public key strategy
> > whereby a shared symmetric key is encrypted using the public
> > asymmetric key of the recipient.  This in order to give the 
> advantage
> > of the speed/efficiency of shared key technology + the 
> convenience of
> > public key technology i.e. it being easier to manage keys.
> > 
> > I'm writing an authentication system for a GRID related project and
> > would like to be able to encrypt SOAP messages containing username
> > and password.  As the data content is so small perhaps I could
> > encrypt using public key technique alone?
> 
> In fact, I don't know. I'm not an XMLSec expert.
> It's perhaps possible but as you said above, it's less secure and
> slower.
> 
> > Given, the bug you mention does this restrict xmlsec with the use of
> > public key technology for encryption?  If not, could you 
> suggest some
> > pointers to how I might go about it.
> 
> The best place to ask yours questions is the mailing list of XMLSec
> (xmlsec at aleksey.com)
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> If it's possible, try to determine the needed functions so I 
> can answer
> you if these functions are implemented in the PyXMLSec.
> 
> Regards,
> Valery
> 
> _______________________________________________
> Pyxmlsec-devel mailing list
> Pyxmlsec-devel at lists.labs.libre-entreprise.org
> http://lists.labs.libre-entreprise.org/mailman/listinfo/pyxmlsec-devel
>

More information about the xmlsec mailing list