Keys

Keys are used for XML signature and encryption. There are two predominant kinds of keys used in the current Web services
security implementation:

• Public key - such as Rivest Shamir Adleman (RSA) encryption and Digital Signature Algorithm (DSA) encryption

• Secret key - such as Data Encryption Standard (DES) encryption

In public key-based signature, a message is signed using the sender private key and is verified using the sender public key. In public key-based encryption, a message is encrypted using the receiver public key and is decrypted using the receiver private key. In secret key-based signature and encryption, the same key is used by both parties. While the current implementation of Web services security can support both kinds of keys, there are a few items to note:

• Secret key-based signature is not supported.

• The format of the message differs slightly between public key-based encryption and secret key-based encryption.

Important distinction between Version 5.x and Version 6 applications

Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6. The information does not apply to version 6 applications.

Related concepts
Key locator