A New Internet Library: Add Your Website/Blog or Suggest A Website/Blog to our Free Web Directory http://anil.myfunda.net.

Its very simple, free and SEO Friendly. Submit Now....

Monday, February 18, 2008

Using the same algorithm suitein WSE 2.0 and WSE 3.0

Default algorithms in WSE 3.0

WSE 2.0 and 3.0, both provide AES128 + RSA 1.5 as default algorithms for symmetric encryption and key-wrap.
However, AES256 + RSA-OAEP are always recommended for these purposes, and Indigo will ship with that combination as default.

In WSE 2.0, these algorithms could be changed adding some settings in the configuration file:

<microsoft.web.services2>
...
  <security>
  ....
    <binarySecurityTokenManager
      valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
      <sessionKeyAlgorithm name="TripleDES"/>   <!-- add this to switch to TripleDes from default AES128 -->
      <keyAlgorithm name="RSAOAEP"/>  <!-- add this to switch to RSA-OEAP from default RSA15 -->
    </binarySecurityTokenManager>
  </securityç>
...
<microsoft.web.services2>

These settings don't affect in the same way to WSE 3.0 because it implements some changes in the code used to secure messages. The security assertions
shipped within WSE 3.0 use different tokens to secure messages, they don't use an X509 security token anymore, instead they use derived tokens.

  • EncryptedToken: Usually, this token is used by the security assertions to sign and encrypt messages.
  • DerivedKeyToken: Only used when the flag "DeriveKeys" is on.
  • SecureContextToken: Only used in secure conversations. (When the flag "establishSecurityContext" is on)

    The following configuration shows how to override the default algorithm used by these tokens:

    <microsoft.web.services3>
      <security>
    <binarySecurityTokenManager>
      <add
        type="Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
       valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
        <keyAlgorithm name="RSAOAEP"/>
      </add>
    </binarySecurityTokenManager>
    <securityTokenManager>
      <add localName="EncryptedKey"
       type="Microsoft.Web.Services3.Security.Tokens.EncryptedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        namespace="http://www.w3.org/2001/04/xmlenc#">
        <keyAlgorithm name="AES256"/>
      </add>
      <add localName="DerivedKeyToken">
        type="Microsoft.Web.Services3.Security.Tokens.DerivedKeyTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
        <keyAlgorithm name="AES256"/>
      </add>
      <add localName="SecurityContextToken"
        type="Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        namespace="http://schemas.xmlsoap.org/ws/2005/02/sc">
        <keyAlgorithm name="AES256"/>
      </add>
    </securityTokenManager>
    </security>
    </microsoft.web.services3>

    • at 1:41 AM

    No comments:

    Post a Comment

    Post your comments here:

    Subscribe to: Post Comments (Atom)

    Dotnet-Interviews

    Loading...