Message Encryption Options Supported in SoapUI

SOAP Web Service Tutorials - Herong's Tutorial Examples

∟Message Encryption Options Supported in SoapUI

This section describes message encryption options supported in SoapUI that allows you to specify how to identify sender's public key used to encrypt the secret key, which symmetric algorithm to use to encrypt message, which parts of the SOAP message to encrypt, etc.

SoapUI also allows us to encrypt SOAP messages with multiple options. These options are listed on the "Encryption" WS-Security configuration entry section:

Keystore - Specifies which Java keystore file that contains the receiver's X.509 certificate.

Alias - Specifies which certificate entry in the keystore file is the receiver's X.509 certificate.

Password - Note needed, since there is no password protection for any pure X.509 certificate entry in a Java keystore file.

Key Identifier Type - Specifies how to identify the public key that is used to encrypt randomly generated secret key.

Issuer Name and Serial Number - The issuer name and serial number of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the issuer name and serial number from its own certificate database.
Binary Security Token - The reference ID to a wsse:BinarySecurityToken element will be included in the "ds:Signature" element. The receiver should retrieve the certificate from the referenced wsse:BinarySecurityToken element.
X509 Certificate - The actual X.509 certificate will be included in the "ds:Signature" element.
Subject Key Identifier - The SubjectKeyIdentifier of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the SubjectKeyIdentifier from its own certificate database.
Embedded KeyInfo - Not sure what this is.
Embed SecurityToken Reference - Not sure what this is.
Thumbprint SHA1 Identifier - The SHA1 fingerprint of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the fingerprint from its own certificate database.

Embedded Key Name - Related to the "Embedded KeyInfo" option for "Key Identifier Type".

Embedded Key Password - Related to the "Embedded KeyInfo" option for "Key Identifier Type".

Symmetric Encoding Algorithm - Specifies which algorithm to use when encrypting the SOAP message with a random secret key.

...#aes128-cbc - Specifies the AES-CBC algorithm with a 128-bit key.
...#aes192-cbc - Specifies the AES-CBC algorithm with a 192-bit key.
...#aes256-cbc - Specifies the AES-CBC algorithm with a 256-bit key.
...#tripledes-cbc - Specifies the TripleDES-CBC algorithm.

Key Encryption Algorithm - Specifies which algorithm to use when encrypt the randomly generated secret key. The selected algorithm needs to be compatible with the type of public key in the receiver's X.509 certificate.

...#rsa-1_5 - Specifies the RSA algorithm, which is compatible with RSA public keys.
...#dsa-oaep-mgf1p - Specifies the RSA-OAEP-MGF1P algorithm, which is compatible with RSA public keys.

Create Encrypted Key - Indicates whether to encrypt the symmetric key into an EncryptedKey or not.

Parts - Specifies a list of parts (elements) of the SOAP message to be selected for encryption. Each part is defined by the following criteria. If a single part matches multiple elements, all elements are encrypted independently. If not part is defined, the soapenv:Body element will be signed by default.

ID - The "id" value of the element. I am not sure on how to use this criteria. You can leave it blank.
Name - The name value of the element.
Namespace - The namespace value of the element.
Encode - Signing option of: signing the element content only or signing the entire element including attributes.

The following picture shows you WS-Security message encryption options supported in SoapUI:
SoapUI - WS-Security Message Encryption Options