[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[higgins-dev] Question about ICardProtocolHandler code (Token decryption)
- From: David Campos <noymn.the.archangel@xxxxxxxxx>
- Date: Wed, 2 Sep 2009 16:11:30 +0200
- Delivered-to: firstname.lastname@example.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type; bh=H7wHoc63ULWw8iAXYwDzWz9ZC8WznTb5NgtFyMeCSto=; b=wgbrWEJ+pwtNsA47QyRXKn71ZumlqGxQUoZuZpNZETWNyDdugZ3U9idM8Biduk0U8q pObbPi5hNg9pMXhQFXO4nWdhz7s0JGHPmhBWW/7c/oM1rY9kwpl860dbwfjIjmH3lQk3 t+vPgf5iI25MWJqmDWLyQZiHUcZkMQBXVmsLI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=CGj9MW1cAITbSfZ58ntA5xj01HSVtV/V5Is+LeGHe2mwztNNasUNKVZ1OhdSA4+iK5 NQ+fxkQE24uBdvpAMzOQQ8ZDQkVo4FeNnCFT/7V8G7poLYs82F3FW59VYmYidGvp4l3V Ry8P5hoLl3FPf9PNCbafw3y6HFK5DoBg3/CBE=
I have been looking though your RP code in order to find where the token is verified and claims are extracted. I've found that the token first is decrypted with a private key (obtained through the keystore) and afterwards verified.
My question is... when is the token ciphered? Who ciphers it? CardSpace?
I don't think that the IdP is able to cipher the token after generation, mainly because there should not be any direct interaction between IdP and RP so IdP is unable to get RP public key. The only solution that comes to my mind is that CardSpace recieves a clear token through an SSL channel and afterwards it ciphers it with the RP SSL public key, but this scenario does not seem really logical to me since the comunication is always covered with the SSL layer.
Could you please enlight me about what is decrypted and why in the following instruction?
("Decrypt token using key " + key + " key algorithm " + key.getAlgorithm());
ie = secext.DecryptElement(elemToken, (PrivateKey)(keyStore.getKey(keyStoreAlias,keyStorePwd.toCharArray()))); log.info
("Decrypted token looks like\n"+ie.getAs(java.lang.String.class));
If it does help you, is the line 146 of ICardProtocolHandler that is found inside org.eclipse.higgins.rp.icard package.
Thank you for the help.
Safelayer Secure Communications S.L.
DMAG UPC Researcher