Decrypting Encrypted SOAP Message

This section describes how the message receiver should decrypt an encrypted SOAP message in 2 steps: decrypt the encrypted secret key with receiver's private key and decrypt the encrypted message with the secret key.

In order see how the receiver should process the encrypt SOAP message, the full XML generated by SoapUI from the previous tutorial is included below with some extra line breaks added for formatting purpose.

<soapenv:Envelope xmlns:ser="http://www.herongyang.com/Service/" 
 xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
 <wsse:Security 
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01
     /oasis-200401-wss-wssecurity-secext-1.0.xsd" 
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01
     /oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:BinarySecurityToken 
   EncodingType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
   ValueType="http://docs.oasis-open.org/wss/2004/01
      /oasis-200401-wss-x509-token-profile-1.0#X509v3" 
   wsu:Id="3F60678EF1C89DEFF1140372822597117">
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
  </wsse:BinarySecurityToken>

  <xenc:EncryptedKey Id="EK-3F60678EF1C89DEFF1140372822597116" 
   xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
   <xenc:EncryptionMethod 
    Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
   <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference>
     <wsse:Reference URI="#3F60678EF1C89DEFF1140372822597117" 
      ValueType="http://docs.oasis-open.org/wss/2004/01
         /oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>
   <xenc:CipherData>
    <xenc:CipherValue>
aj9Ef2s1d+iHBLdXe8fqXA3eTQK28jpBLQTYFF/mDAKQIkVz8v9ZM0yHJVB9qihQ
qGG0CmW3Y1E7SPmr50ALOu2/OGrToiWLfbVM87y0Ob95AiEygeT3K4ochd4Tuwbe
OeBiFxDe1bbX1/plyXSv/BKEvwSTuwWyFz80FOVeAaQA2n97BZcTT75ttUn+I281
nDbiFhhrLyha8q88iAw06VQdTldztl+QySKsxo3bHy7fMJAKCcEmtPKB7SZJCfii
CNmSK+wwweQZSy8vwsVLgXeEpdYRna8pllItexjod+vGfvVP5s7vmWapuvE6TE7g
h+3OHfTkJrJA30MCN8tD0g==
    </xenc:CipherValue>
   </xenc:CipherData>
   <xenc:ReferenceList>
    <xenc:DataReference URI="#ED-3F60678EF1C89DEFF1140372822597218"/>
   </xenc:ReferenceList>
  </xenc:EncryptedKey>

 </wsse:Security>
</soapenv:Header>
<soapenv:Body>

 <xenc:EncryptedData Id="ED-3F60678EF1C89DEFF1140372822597218" 
  Type="http://www.w3.org/2001/04/xmlenc#Content" 
  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
  <xenc:EncryptionMethod 
   Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
  <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
   <wsse:SecurityTokenReference 
    wsse11:TokenType="http://docs.oasis-open.org/wss
       /oasis-wss-soap-message-security-1.1#EncryptedKey" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01
       /oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    xmlns:wsse11="http://docs.oasis-open.org/wss
       /oasis-wss-wssecurity-secext-1.1.xsd">
    <wsse:Reference URI="#EK-3F60678EF1C89DEFF1140372822597116"/>
   </wsse:SecurityTokenReference>
  </ds:KeyInfo>
  <xenc:CipherData>
   <xenc:CipherValue>
G5spVCIRKsp7XTQYIyWc9tVAtcWxiBz0vwhC4IiBLKdjwAod7tXCwfiK095JhaeT
YPy9cpMoWFUVjv80YzYN4GIYbQpAa7jxmdNaDVpL6+m8o3YqfyTSq3KRKJPppSbr
1Oo7kAbMUFR5s3zQtSqlkdMNSviKiSd9Cik9Ztnt1/UilahSqX2dYW7OBzK1QQgg
HrrdSqOCTLRsGELljfeAZbGU7oPXnIX9IoAv30zzTBw=
   </xenc:CipherValue>
  </xenc:CipherData>
 </xenc:EncryptedData>

</soapenv:Body>
</soapenv:Envelope>

Since this message was encrypted in 2 steps by the sender, the receiver of this request should decrypt it in 2 steps. The first step is to decrypt the secret key with the receiver's private key:

The next step is to decrypt the mesaage using the secret key obtained from the previous step:

Last update: 2014.

Table of Contents

 About This Book

 Introduction to Web Service

 Introduction to SOAP (Simple Object Access Protocol)

 SOAP Message Structure

 SOAP Message Transmission and Processing

 SOAP Data Model

 SOAP Encoding

 SOAP RPC Presentation

 SOAP Properties Model

 SOAP Message Exchange Patterns

 SOAP HTTP Binding

 SOAP Perl Implementations

 SOAP PHP Implementations

 SOAP Java Implementations

 Perl SOAP::Lite - SOAP Server-Client Communication Module

 Perl Socket Test Program for HTTP and SOAP

 Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service

 Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services

 Perl SOAP::Lite 0.710 for WSDL

 PHP SOAP Extension Client Programs

 PHP SOAP Extension Server Programs

 Java Socket and HttpURLConnection for SOAP

 SAAJ - SOAP with Attachments API for Java

 SoapUI - SOAP Web Service Testing Tool

 WS-Security - SOAP Message Security Extension

WS-Security X.509 Certificate Token

 What Is WS-Security X.509 Certificate Token Profile?

 What Is XML Signature Syntax and Processing?

 Generating a Self-Signed Certificate with "keytool"

 SoapUI Configuration for Messaging Signing

 Generating Digital Signature with SoapUI

 Validating ds:Signature with X.509 Certificate

 Digital Signature Options Supported in SoapUI

 What Is XML Encryption Syntax and Processing?

 SoapUI Configuration for Messaging Encryption

 "not an RSA key" - Encryption Failed in SoapUI

 Encryption using RSA Public Key with SoapUI

 2-Step Message Encryption - Symmetric and RSA

Decrypting Encrypted SOAP Message

 Message Encryption Options Supported in SoapUI

 Web Services and SOAP Terminology

 References

 PDF Printing Version