Menu

#105 encrypt and sign with WS-Security

Next Release (example)
open
Robert van Engelen
None
5
2020-03-16
2018-04-17
Meinolf Ludwigt
No

Hello,
I am currently evaluating the use of gsoap 2.8.66 with the WS-Security plugin.
I need both Encryption and Signing the Message body.

It is documented, that gsoap only supports first signing and then encryption.
I am facing the problem, that the peer, that I have to interface needs / expects the other order.
So it wants first having encrypted the body, then create the signatures over this encrypted body and some header elements.

Is there a way to change this order in the wsseapi.cpp easily? Or can you give hints, how this could be achieved?
I would be able to test changes and check results on soap message level.

If you are planning to implement this functionality and make the order of enc/sign configurable, information about this would also be appreciated.

Thank you

Meinolf Ludwigt

Discussion

  • Massimo B.

    Massimo B. - 2018-07-18

    Hi Robert,

    is there any news or idea about this issue? Is it a common issue that the WS-Security standard does not define the order of encrypting and signing and some server are using it differently?
    Without passing the TLS layer it would not be possible to use gSOAP for this kind of services.

    Best regards,
    Massimo

     

  • Robert van Engelen

    Robert van Engelen - 2020-03-16

    First signing and then encrypting is safe. The reverse is not safe from a security protocol perspective as has been reported by experts on secure messaging protocols. This has been known for some time. Hence signing after encryption should be avoided and is not enabled in WS-Security with gSOAP.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.