"RonF" <RonF@discussions.microsoft.com> wrote in message
news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com...
>I have a web app that currently gets the userID from a 509 client cert.
> Works great.
>
> A new client wants to interface our web app in a WebSphere Portal with a
> single signon for their clients so they want to call our default page via
> a
> post and pass the userID in an encrypted query string. Their encryption
> will
> use a Java security api - DCE 128bit encryption.
>
> Using ASP.NET is there a way to either call the Java API, or use an API
> that
> is compatible with ASP.NET so that I can successfully decrypt their
> supplied
> string? Assuming of course that we have access or know any required keys
> ...
> our client wants to interface with our web app so the use of any of their
> keys to make this happen is reasonable.
>
> I have searched the net with the words in the subject and have not been
> able
> to find much in the way of details of the Java API or the compatibility of
> the Java and .net encryption .NET classes/APIs.
>
> I posted this in the ASP.NET group and no one has responded ... thought I
> would try here.
>
> Any advice or suggestions would be greatly appreciated.
>
> Thanks ...
>
> Ron
>

"RonF" <RonF@discussions.microsoft.com> wrote in message
news:03E02A2A-3E99-4377-8AB2-0BD6A9482E3B@microsoft.com...
> Joe,
>
> Thanks for the reply. The "DCE" thing is quoted from what I got from the
> client. I looked up DCE and found the following on the java.sun.com site
> related to java.util Class UUID:
>
> UUID is a universally unique identifier. A UUID represents a 128-bit
> value.
> There are four different basic types of UUIDs: time-based, DCE security,
> name-based, and randomly generated UUIDs.
>
> Apparently, Oracle Advanced Security supports Kerberos, CyberSafe, DCE,
> and
> SSL-based single sign-on ... note the reference again to DCE. Websphere
> does
> also apparently.
>
> Beyond what I just copied above, I'm not sure how best to proceed.
>
> Ron
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> I saw your post in the other newsgroup, but didn't know what this DCE
>> thing
>> is. I actually did a search and didn't see anything that explained what
>> the
>> encryption algorithm is. If you knew that, then you should be able do
>> the
>> same thing in .NET as the major algorithms are generally available.
>>
>> You might also look at the bouncy castle .NET port to see if it has
>> support
>> for this DCE thing already.
>>
>> Best of luck,
>>
>> Joe K.
>>
>> "RonF" <RonF@discussions.microsoft.com> wrote in message
>> news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com...
>> >I have a web app that currently gets the userID from a 509 client cert.
>> > Works great.
>> >
>> > A new client wants to interface our web app in a WebSphere Portal with
>> > a
>> > single signon for their clients so they want to call our default page
>> > via
>> > a
>> > post and pass the userID in an encrypted query string. Their
>> > encryption
>> > will
>> > use a Java security api - DCE 128bit encryption.
>> >
>> > Using ASP.NET is there a way to either call the Java API, or use an API
>> > that
>> > is compatible with ASP.NET so that I can successfully decrypt their
>> > supplied
>> > string? Assuming of course that we have access or know any required
>> > keys
>> > ...
>> > our client wants to interface with our web app so the use of any of
>> > their
>> > keys to make this happen is reasonable.
>> >
>> > I have searched the net with the words in the subject and have not been
>> > able
>> > to find much in the way of details of the Java API or the compatibility
>> > of
>> > the Java and .net encryption .NET classes/APIs.
>> >
>> > I posted this in the ASP.NET group and no one has responded ... thought
>> > I
>> > would try here.
>> >
>> > Any advice or suggestions would be greatly appreciated.
>> >
>> > Thanks ...
>> >
>> > Ron
>> >
>>
>>
>>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:OoQfP8ElFHA.3312@tk2msftngp13.phx.gbl...
> I'm guessing that it is just some sort of symmetric encryption with a shared key at the heart of it, possibly with RC2 since it is
> 128 bit, but possibly with something else (AES?). I really can't tell though.
>
> Perhaps one of the greater crypto experts than me (which is not saying much at all really :)) will see this post and provide some
> more ideas.
>
> Joe K.
>
> "RonF" <RonF@discussions.microsoft.com> wrote in message news:03E02A2A-3E99-4377-8AB2-0BD6A9482E3B@microsoft.com...
>> Joe,
>>
>> Thanks for the reply. The "DCE" thing is quoted from what I got from the
>> client. I looked up DCE and found the following on the java.sun.com site
>> related to java.util Class UUID:
>>
>> UUID is a universally unique identifier. A UUID represents a 128-bit value.
>> There are four different basic types of UUIDs: time-based, DCE security,
>> name-based, and randomly generated UUIDs.
>>
>> Apparently, Oracle Advanced Security supports Kerberos, CyberSafe, DCE, and
>> SSL-based single sign-on ... note the reference again to DCE. Websphere does
>> also apparently.
>>
>> Beyond what I just copied above, I'm not sure how best to proceed.
>>
>> Ron
>>
>> "Joe Kaplan (MVP - ADSI)" wrote:
>>
>>> I saw your post in the other newsgroup, but didn't know what this DCE thing
>>> is. I actually did a search and didn't see anything that explained what the
>>> encryption algorithm is. If you knew that, then you should be able do the
>>> same thing in .NET as the major algorithms are generally available.
>>>
>>> You might also look at the bouncy castle .NET port to see if it has support
>>> for this DCE thing already.
>>>
>>> Best of luck,
>>>
>>> Joe K.
>>>
>>> "RonF" <RonF@discussions.microsoft.com> wrote in message
>>> news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com...
>>> >I have a web app that currently gets the userID from a 509 client cert.
>>> > Works great.
>>> >
>>> > A new client wants to interface our web app in a WebSphere Portal with a
>>> > single signon for their clients so they want to call our default page via
>>> > a
>>> > post and pass the userID in an encrypted query string. Their encryption
>>> > will
>>> > use a Java security api - DCE 128bit encryption.
>>> >
>>> > Using ASP.NET is there a way to either call the Java API, or use an API
>>> > that
>>> > is compatible with ASP.NET so that I can successfully decrypt their
>>> > supplied
>>> > string? Assuming of course that we have access or know any required keys
>>> > ...
>>> > our client wants to interface with our web app so the use of any of their
>>> > keys to make this happen is reasonable.
>>> >
>>> > I have searched the net with the words in the subject and have not been
>>> > able
>>> > to find much in the way of details of the Java API or the compatibility of
>>> > the Java and .net encryption .NET classes/APIs.
>>> >
>>> > I posted this in the ASP.NET group and no one has responded ... thought I
>>> > would try here.
>>> >
>>> > Any advice or suggestions would be greatly appreciated.
>>> >
>>> > Thanks ...
>>> >
>>> > Ron
>>> >
>>>
>>>
>>>
>
>