A encrypted SOAP message
The following SOAP packet has a Payment node that contains some sensitive customer information.
OAP: Envelope SOAP: Xmlsn = "http://www.w3.org/2002/12/soap-envelop">
...
...
...
...
Because the Payment node contains sensitive data, it should be encrypted. The following example shows the same information, but the Payment node is replaced by the EncryptedData node. TheEncryptedData node contains a secret to the Payment node internal content. EncryptedData node is Refer to the DataReference node in the security header
XMLns: Xenc = "http://www.w3.org/2001/04/xmlenc#" XMLns: xsig = "http://www.w3.org/2000/09/xmldsig#" XMLns: wss = "http://schemas.xmlsoap.org/ws/2002/04/secext"> ... ... Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" ... ... Of course, in this example, you can use a digital signature to sign the message to prevent malicious people from tamping the data, or use a timestamp or other unique identity to determine if the information is attacked. Encrypted species Symmetrical encryption and nonsense encryption The encrypted algorithm can be divided into symmetric encryption and asymmetrical encryption. In the symmetric encryption algorithm, a key is used to exchange two parties. The sender uses the private key to copy to encrypt data. In the receiver, use the same The copy of the private key to decrypt data. Most of the encryption, such as the shared password and the shared security identifier are parallel to the encryption example. In this type of system, a central server distributes the shared key to the user who needs security interaction. The disadvantage of symmetrical encryption is the management, distribution, and protecting their security, especially in the icnet. Public online. In order to overcome the difficulty of managing the key in the public network, use a pair of keys to replace a single key. In the case of increasing algorithms, both parties have a private key and a key. The public key is generated by an irreversible method to operate after the private key, so once one of the two is used to encrypt the data, and the other can be used to decrypt. In addition, it is not possible to speculate private key The key, and only the private key is used to decrypt the public key encrypted data. When sending asynchronous encrypted messages, the sender uses the recipient's public key to encrypt the message, ensuring that only the recipient can decrypt the newspaper with his private key. Wen. If you use another way to process, anyone can decrypt packets with the available public key. Asymmetric encryption is the foundation of PKI, PKI is the basis of X.509 security standards. Do not give a plus algorithm is A typical algorithm based on large numbers, such as index allocation. It is compared to encrypting algorithms require more CPU time to encrypt and decrypt. Because this reason, asymmetrical encryption is often used to transfer A symmetrical "session" key used to encrypt the remainder of the interaction, which is only valid for the continuous period of information exchange. Because the public key can be easily obtained, encrypt the distribution and management key using the public key. Unfortunately, this convenient cost is not a plus algorithm to slowly compare a plurality of quantities. Because of this, the asymmetric encryption method is only used to handle the relatively small data. For example, the security key and the identity and a digital signature.
