none
Signing soap messages using key RRS feed

  • Question

  • Working on signing & encryption for first time. 

    One Java based web service url is shared by service provider, which is HTTPS.

    I downloaded certificate,  installed and created a sample. all works fine.

    Now to improve security, service provider said they are enabling Local Authentication at their end. Where they will be entering Bilateral keys(two 16 bit strings) And their document says, they are using SHA256.

    Now I need to sign soap requests as below. 

    <S:Header><wss:Security xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:actor="xx:xx:xx:xx" wsu:Id="ID_"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"></ds:SignatureMethod><ds:Reference URI="#SPAY"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>jgKJgkjgkjgkjgpKuoPZ6uFQA=</ds:DigestValue></ds:Reference><ds:Reference URI="#ID_XXXXX"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>7r87f7itb8tb87btguyB3OmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>kbgo86tgbuyguy9k3E8=</ds:SignatureValue><ds:KeyInfo wsu:Id="ID_XXXXXX"><ds:KeyName>xx</ds:KeyName></ds:KeyInfo></ds:Signature></wss:Security></S:Header>

    No idea on how to proceed. Please help!!!

    Should I sign using certificate which was working with out signing also.

    should I use certificate & key(configured in Service provider).If yes, then how?

    Should I use only Key with our certificate?

    • Moved by Barry Wang Thursday, April 17, 2014 9:01 AM WCF related
    Wednesday, April 16, 2014 8:12 PM

All replies

  • Hi HaikS,

    This case seems more related to WCF forum so I've helped you move it to the right forum.

    Regards,



    Barry Wang
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, April 17, 2014 9:03 AM
  • Hi,

    In my mind, maybe you can sign the SOAP message using the certificate.

    The following articles tell how to use policy or code to digitally sign a SOAP message using an X.509 certificate, please try to check it:

    #How to: Sign a SOAP Message Using an X.509 Certificate:
    http://msdn.microsoft.com/en-us/library/aa529277.aspx .

    #Signing and Encrypting SOAP Messages:
    http://msdn.microsoft.com/en-us/library/ms819979.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, April 21, 2014 8:01 AM
    Moderator
  • Nope. I can sign using SHA256.

    The only problem I am facing now is with WS Security. giving custom private token with key name. Highlighted as below

    <wss:Security xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:actor="xx:xx:xx:xx" wsu:Id="ID_">

    <ds:KeyInfo wsu:Id="ID_XXXXXX">

    <ds:KeyName>xx</ds:KeyName>

    Saturday, April 26, 2014 10:48 AM