Encrypting packets sent outside
Here I briefly describe how to create a web service that can return a encrypted XML document. The first step first uses the USING indicator to add the necessary namespaces as follows:
Using system.Web.services;
USING Microsoft.Web.Services;
Using Microsoft.Web.Services.security;
Using system.security.cryptography;
Using system.security.cryptography.xml;
USING SYSTEM.XML;
The GetXmldocument method uses the .NET framework implemented the tripod DES algorithm, using a 128-bit key and 64-bit initialization vector (IV), can generate a symmetric key. This key will also have a name and is added to the SOAPCONTEXT element of the response message, followed by SecurityOutputFilter to an encrypted simple XML document, which will eventually return to the client. For more information on the .NET framework, please see the Cryptography Overview on the .NET Framework Developer Guide.
/ / Return the data encrypted by the three-dimensional DES symmetric algorithm
[WebMethod (Description = "Returns a sensitive XML document after confidential encryption algorithm", enablesession = false)]
Public xmldocument getXmldocument ()
{
// Create a simple XML document for returning
XmlDocument mydoc = new xmldocument ();
mydoc.innerxml =
"
/ / Get the SOAPCONText of the response message sent to the outside
SOAPCONTEXT mycontext = httpsoapcontext.responsecontext;
/ / Create a symmetric key for encryption, since the key is symmetrical, these same data must have a need for a client.
/ / Define the 16-byte array of shared to represent 128-bit keys
Byte [] Keybytes = {48, 218, 89, 25, 222, 209, 227, 51, 50, 168, 146,
188, 250, 166, 5, 206};
// Define the shared 8-byte (64-bit) array, that is, the initialization vector (IV)
Byte [] ivbytes = {16, 143, 111, 77, 233, 137, 12, 72};
// Create a new instance of the three-yuan DES algorithm
Symmetricalgorithm mysymalg = new tripledescryptoServiceProvider ();
/ / Set the key and IV
Mysymalg.key = keybytes;
Mysymalg.iv = ivbytes;
// Create a new WSE symmetrical encryption key
EncryptionKey mykey = new symmetricencryptionKey (mysymalg);
// give him a name J
Keyinfoname mykeyname = new keyinfoname ();
MyKeyName.Value = "http://example.com/symmetrictestkey";
mykey.keyinfo.addclause (myKeyName);
// Use a symmetric key to create a new EncryptedData element
EncryptedData myencdata = new encryptedData (mykey); // Add EncryptedData elements to SOAP response, tell the filter with the specified key to encrypt the text
MyContext.security.eencdata;
Return mydoc;
}
Based on the previous method, the WSE pipe has produced the following has corresponding safety head information, ciphertext, and key information response packets:
XMLns: xsi = "http://www.w3.org/2001/xmlschema-instance" XMLns: xsd = "http://www.w3.org/2001/xmlschema"> XMLns: WSU = "http://schemas.xmlsoap.org/ws/2002/07/UTILITY"> XMLns: wsse = "http://schemas.xmlsoap.org/ws/2002/07/secext"> XMLns: Xenc = "http://www.w3.org/2001/04/xmlenc#"> "# EncryptedContent-F50076E3-5AEA-435E-8493-5D7860191411" /> WSU: ID = "ID-D2F22E02-A052-4DCB-8FBC-8591A45B8A9F"> ID = "EncryptedContent-F50076E3-5AEA-435E-8493-5D7860191411" TYPE = "http://www.w3.org/2001/04/xmlenc#content" XMLns: Xenc = "http://www.w3.org/2001/04/xmlenc#"> Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> Note that the ReferenceList element in the text body contains a reference to the EncryptedData element, which contains the name of the key, the encryption algorithm used and a ciphertext form of a data.
