"Hung Ngo" <HungNgo@discussions.microsoft.com> wrote in message
news:F17BF690-282D-4FB0-B479-9D91F1D39E87@microsoft.com...
> Thank you so much!
> I have read in WSE documentation that the P-SHA-1 is used to generate the
> derived key, but I can't find the algorithm used to generate the
> encrypted
> key from service's public key ??!
> Hung.
>
> "Pablo Cibraro" wrote:
>
>> Hi,
>>
>> Encrypted key:
>> Asymmetric keys require more CPU cycles than symmetric keys to encrypt
>> data.
>> Therefore, when a SOAP message is encrypted or digitally signed using an
>> X509SecurityToken security token, an EncryptedKeyToken containing a
>> symmetric session key is generated to encrypt the SOAP message. That
>> session
>> key is encrypted using the public key of the asymmetric key pair
>> associated
>> with the X509SecurityToken.
>> This token also existed in the previous versions of WSE, but it was
>> something internal and the developer could not use it as he can do now.
>>
>>
>> DerivedKey: Yes, it is generated from the encrypted key
>>
>> The encrypted key does not have direct relation with the security context
>> token
>>
>> Regards,
>>
>> Pablo Cibraro
>>
>> http://weblogs.asp.net/cibrax
>>
>>
>>
>>
>>
>>
>> "Hung Ngo" <HungNgo@discussions.microsoft.com> wrote in message
>> news:BE127A17-D996-41C2-A31C-5283C3DB76FF@microsoft.com...
>> > Hi,
>> > I have some problem with the encrypted key and derived Key.
>> > With <AnonymousForCertificateAssertion> element:
>> > - Is encrypted key generated from the web service public key? and what
>> > is
>> > the algorithm used for generating?
>> > - If I set the attribute "requireDerivedKeys=true" in the
>> > <AnonymousForCertificateAssertion> element, so derived key will be
>> > generated
>> > from the encrypted key?
>> > - Does the encrypted key have relation with the security context token
>> > ?
>> >
>> > I had tried to read the WSE3.0 document, but it doesn't mention about
>> > my
>> > problems.
>> >
>> > Thanks in advance!!
>> > Hung.
>>
>>
>>