Julie Lerman Blog - Encrypting UsernameTokens in WSE2

Tuesday, November 02, 2004

Thanks Benjamin for this info on how to encrypt a UsernameToken. I didn't happen to see it anywhere else. I mostly liked looking at the soap message to see the effect (note that username="John", password="Doe" and I am hashing the password in both cases and then encrypting the UsernameToken in the AFTER). Cool! I love this stuff. It's like a big game. Based on the length of the encrypted UsernameToken, can you tell what I used to encrypt it with?

BEFORE

- <wsse:UsernameToken wsu:Id="SecurityToken-87259cd0-5a08-4a51-881e-fa901b96d5d9">

<wsse:Username>john</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">z1YyKPkZdyPd0Hfs86gKWgQRurs=</wsse:Password>

<wsse:Nonce>14KcMOY5cCTeMCTNPeCypA==</wsse:Nonce>

<wsu:Created>2004-11-02T22:35:43Z</wsu:Created>

</wsse:UsernameToken>

and AFTER

- <wsse:UsernameToken wsu:Id="SecurityToken-428cde88-3f56-47bd-8d09-e5efef45fca3">

- <xenc:EncryptedData Id="EncryptedContent-caa96918-e4ee-41c0-bafc-9b9740c6feea" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

- <xenc:CipherData>

<xenc:CipherValue>4xon7GAwNMsX3hU9kJ2atKGCf3bVbj/W6G5JsLV2lirb

WPyLuXcVG1bhzxeY6RPB1sElmVKMCz6iqfsC1yP

q/+HjhDKb5dB8h1NwPMSIkFbIkikHl3RyXSgUhtF

xUayFNAsef/Nq6XqN4WqwjWFG+x6il86Mf/x3O

IsojxHxVrqkyNbMw5OmHjbQBiM8bYFIpEDnk

1bYXB7zerytLP1zhPkBL+91ZptyTdZI2m3kFqc5e

/wtyFQInZ02ePhfUDPTc0jSlHDLPfDUN/doEkexe

Q264gYjWzXq1jaSFptxLDzcgOoH3f9AoQKsCitl

wo3tY2rLnK8lLgUOhjqbNV2FIiTwV/7aAVzhNmL

WzZdnBHRtA82X3jiqMtrvcyG2D0IDYfzFdLevp1