Keys
Keys are used for XML digital signature and encryption.
There are two predominant kinds of keys used in the current Web services security implementation:
- Public key - such as Rivest Shamir Adleman (RSA) encryption and Digital Signature Algorithm (DSA) encryption
- Secret key - such as triple-strength DES (3DES) encryption
In public key-based signature, a message is signed using the sender private key and is verified using the sender public key. In public key-based encryption, a message is encrypted using the receiver public key and is decrypted using the receiver private key. In secret key-based signature and encryption, the same key is used by both parties.
While the current implementation of Web services security can support both kinds of keys, the format of the message differs slightly between public key-based encryption and secret key-based encryption.