Victor Lindesay
1/13/2003 6:27:00 PM
Hi,
I have a problem encrypting a SOAP response using X509 certs and WSE.
Although I can encrypt the response using the client public key sent in a
X509 signed request and the response reaches the client (observed using the
trace) I get a client error of :
System.Security.Cryptography.CryptographicException: Bad Key. at
System.Security.Cryptography.RSACryptoServiceProvider._DecryptPKWin2KEnh(Int
Ptr hPubKey, Byte[] rgbKey, Boolean fOAEP)
I am using code taken from the Response Encryption sample:
// Get signing cert
X509Certificate cert = GetSigningCert(requestContext);
if (cert == null)
{
throw new SoapException("The SOAP request was not signed. No public key
available for encryption.", SoapException.ClientFaultCode);
}
if (!cert.SupportsDataEncryption)
{
throw new SoapException("The public key sent with the SOAP request does not
support encryption.", SoapException.ClientFaultCode);
}
X509SecurityToken encryptionToken = new X509SecurityToken(cert);
//Encrypt the SOAP response
responseContext.Security.Elements.Add(new EncryptedData(encryptionToken));
My client is using the CurrentUser certificate store and my client config
file contains:
<x509 storeLocation="CurrentUser" verifyTrust="true" allowTestRoot="true" />
Signing and encrypting works fine from client to web service and signing
from web service to client also works fine.
Thanks in advance,
Victor.