Monday, July 2, 2012

Message Encryption/Decryption Mechanism


  1. Web service invocation 
  2. Retrieve client's X.509 certificate and private key 
  3. Digitally sign message (e.g SOAP body) using private key 
  4. Include client application's X.509 certificate in SOAP header as binary security token. 
  5. Encrypt message with symmetrical algorithm using a shared key. 
  6. Retrieve public key of the service provider's X.509 certificate 
  7. Encrypt shared key with asymmetric algorithm using service provider's public key. 
  8. Include encrypted shared key in SOAP header 
  9. Include reference to Service Provider's certificate in SOAP header.

  1. SP SOAP runtime recieves request
  2. Identify Service Provider's X.509 certification from reference in SOAP header
  3. Retrieve Service Provider's X.509 certificate and keys
  4. Decrypt shared key with asymmetric algorithms using private key of certificate
  5. Decrypt message with sysmmetric algorithm using shared key
  6. Retrieve sender's X.509 public key from binary security token in SOAP header
  7. Validate digital signature of message that also authenticate sender
  8. Call web service implmentation
  9. Process request
Posted by at
Labels:

1 comment:

  1. NataliaAugust 14, 2012 at 6:44 AM

    Great post. You have nicely explained the complete mechanism of message encryption/decryption in this article. Both the images posted clearly depicts the flow how message is encrypted at the client side and then how the server process the request message.
    digital signatures

    ReplyDelete

Subscribe to: Post Comments (Atom)