[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.aspnet.webservices

Encrypting the SOAP response with X509 and WSE

Victor Lindesay

1/13/2003 6:27:00 PM

Hi,

I have a problem encrypting a SOAP response using X509 certs and WSE.

Although I can encrypt the response using the client public key sent in a
X509 signed request and the response reaches the client (observed using the
trace) I get a client error of :
System.Security.Cryptography.CryptographicException: Bad Key. at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)

I am using code taken from the Response Encryption sample:

// Get signing cert
X509Certificate cert = GetSigningCert(requestContext);
if (cert == null)
{
throw new SoapException("The SOAP request was not signed. No public key
available for encryption.", SoapException.ClientFaultCode);
}
if (!cert.SupportsDataEncryption)
{
throw new SoapException("The public key sent with the SOAP request does not
support encryption.", SoapException.ClientFaultCode);
}
X509SecurityToken encryptionToken = new X509SecurityToken(cert);
//Encrypt the SOAP response
responseContext.Security.Elements.Add(new EncryptedData(encryptionToken));

My client is using the CurrentUser certificate store and my client config
file contains:
<x509 storeLocation="CurrentUser" verifyTrust="true" allowTestRoot="true" />

Signing and encrypting works fine from client to web service and signing
from web service to client also works fine.

Thanks in advance,
Victor.
2 Answers

Scott Swigart

1/14/2003 12:50:00 AM

0

I'm guessing that you have the client cert in the Current User store? By
default, WSE will look in the Local Computer store for the decrypt cert. To
fix this, you need to add an <x509> element to an app.config file for the
client that points WSE at the Current User store.


--
Scott Swigart
www.3leaf.com
Early Adopter Weblog: http://radio.weblogs.co...


"Victor Lindesay" <victor@vicsoft.co.uk> wrote in message
news:#RQoRmyuCHA.2532@TK2MSFTNGP10...
> Hi,
>
> I have a problem encrypting a SOAP response using X509 certs and WSE.
>
> Although I can encrypt the response using the client public key sent in a
> X509 signed request and the response reaches the client (observed using
the
> trace) I get a client error of :
> System.Security.Cryptography.CryptographicException: Bad Key. at
>
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
> Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
>
> I am using code taken from the Response Encryption sample:
>
> // Get signing cert
> X509Certificate cert = GetSigningCert(requestContext);
> if (cert == null)
> {
> throw new SoapException("The SOAP request was not signed. No public key
> available for encryption.", SoapException.ClientFaultCode);
> }
> if (!cert.SupportsDataEncryption)
> {
> throw new SoapException("The public key sent with the SOAP request does
not
> support encryption.", SoapException.ClientFaultCode);
> }
> X509SecurityToken encryptionToken = new X509SecurityToken(cert);
> //Encrypt the SOAP response
> responseContext.Security.Elements.Add(new EncryptedData(encryptionToken));
>
> My client is using the CurrentUser certificate store and my client config
> file contains:
> <x509 storeLocation="CurrentUser" verifyTrust="true" allowTestRoot="true"
/>
>
> Signing and encrypting works fine from client to web service and signing
> from web service to client also works fine.
>
> Thanks in advance,
> Victor.
>
>

Victor Lindesay

1/16/2003 12:10:00 PM

0

Thanks Scott,

I have solved the problem.

The certificate I was using was generated by Certificate Services using the
Microsoft Base Cryptographic Provider v1.0.

I generated a new cert with the Microsoft Enhanced Cryptographic Provider
v1.0 and encrypting the SOAP response now works fine.

Regards,
Victor Lindesay


"Scott Swigart" <scott@3leaf.com> wrote in message
news:e2bJ351uCHA.1848@TK2MSFTNGP09...
> I'm guessing that you have the client cert in the Current User store? By
> default, WSE will look in the Local Computer store for the decrypt cert.
To
> fix this, you need to add an <x509> element to an app.config file for the
> client that points WSE at the Current User store.
>
>
> --
> Scott Swigart
> www.3leaf.com
> Early Adopter Weblog: http://radio.weblogs.co...
>
>
> "Victor Lindesay" <victor@vicsoft.co.uk> wrote in message
> news:#RQoRmyuCHA.2532@TK2MSFTNGP10...
> > Hi,
> >
> > I have a problem encrypting a SOAP response using X509 certs and WSE.
> >
> > Although I can encrypt the response using the client public key sent in
a
> > X509 signed request and the response reaches the client (observed using
> the
> > trace) I get a client error of :
> > System.Security.Cryptography.CryptographicException: Bad Key. at
> >
>
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
> > Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
> >
> > I am using code taken from the Response Encryption sample:
> >
> > // Get signing cert
> > X509Certificate cert = GetSigningCert(requestContext);
> > if (cert == null)
> > {
> > throw new SoapException("The SOAP request was not signed. No public key
> > available for encryption.", SoapException.ClientFaultCode);
> > }
> > if (!cert.SupportsDataEncryption)
> > {
> > throw new SoapException("The public key sent with the SOAP request does
> not
> > support encryption.", SoapException.ClientFaultCode);
> > }
> > X509SecurityToken encryptionToken = new X509SecurityToken(cert);
> > //Encrypt the SOAP response
> > responseContext.Security.Elements.Add(new
EncryptedData(encryptionToken));
> >
> > My client is using the CurrentUser certificate store and my client
config
> > file contains:
> > <x509 storeLocation="CurrentUser" verifyTrust="true"
allowTestRoot="true"
> />
> >
> > Signing and encrypting works fine from client to web service and signing
> > from web service to client also works fine.
> >
> > Thanks in advance,
> > Victor.
> >
> >
>
>