” Here is how to encrypt data in WSE1.0. Better take a very comfortable seat. This is not code, but an explanation. Don’t worry about memorizing this stuff, because my point is how complicated it is.”
Julia talks about how much of a pain in the ass it was for her to implement encryption in WSE 1.0. This article talks about how to do the same thing in WSE 2.0, and it looks much easier. Hopefully WSE 2.0 will be licensed for production before I have to implement encryption.
-James
{ 2 comments }
I may be mistaken, but I don’t think symmetric encryption in WSE 2.0 is any easier. The article you refer to shows examples of *asymmetric encryption*, i.e., using certificates. Symmetric encryption, by its nature, would still require a shared key and IV, which means you’d have to hard-code that key/IV into the service and either hard-code it into the client (bad idea) or use some key exchange protocol to transfer the key (better idea).
Fortunately WSE 2.0 supports the WS-SecureConversation standard (http://www-106.ibm.com/developerworks/library/ws-secon/), which uses symmetricly encrypted messages using an agreed upon secret key established for the security context. At least that’s my understanding, this stuff is still pretty confusing/complex/cutting edge, IMO.
Thanks for straightening me out.
WS-SecureConveration looks very promising, there is alot of to learn about WSE 2.0 and not that many places to find information on it.
-James
Comments on this entry are closed.