Web Services Encryption

[Random]

I am becoming familiar with the standards and practices of secure Web
Services, particularly encrypting the messages with Tokens. What I don't
understand, and I can't find in documentation, is what type of encryption is
used with the tokens, and how the key(s) are passed from the client to the
service to decrypt the message. I need to know this so I can be assured
that an intercepted message cannot be decrypted just by using the
information in the message itself.

 

[AlexL [Xceed]]

I think for the tokens it leverages the same methods as XML
Encryption. Therefore, AES 128/192/256 and triple DES...

Check out:

Algorithms:
http://www.w3.org/TR/xmlenc-core/#sec-Algorithms
Spec:
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/

I am becoming familiar with the standards and practices of secure Web
Services, particularly encrypting the messages with Tokens. What I don't
understand, and I can't find in documentation, is what type of encryption is
used with the tokens, and how the key(s) are passed from the client to the
service to decrypt the message. I need to know this so I can be assured
that an intercepted message cannot be decrypted just by using the
information in the message itself.

--
Alex Leblanc
Xceed Software Inc.
http://www.xceedsoft.com

Check out our advanced .NET zip file and compression library

Email: (e-mail address removed) (remove the first 'x')