Oracle SOA Suite Online Training

Interested in learning Oracle SOA Suite 12c?
Learn from the author of this blog!
A complete and comprehensive course on the #1 platform on SOA - Oracle SOA Suite

Click here to find the complete course details
Click here to check the first session on Oracle SOA Suite 12c


Message Encryption setup

<<This post is at high level, will modify later :) >>

Encryption is a way to achieve the confidentiality and message integrity which assures a request sent is not tampered and can be decrypted by a party of your interest.

Message encryption requires certificate exchange between the communicating parties.

This is how a communication in case of message encryption happens

Consider Party1 is talking to Party2
Party1 first encrypts the message using Party2's public key, and signs the message with Party1's private key.
When the message is received by Party2, it will first verify the signature key in the message, which is Party1's public key, which should be already present in Party2's keystore, and then will decrypt the message with Party2's private key

This sounds confusing, but very simple. Just public-key exchange with each other.
In case of party1, it'll use one key for encrypting and one for signing
In case of party2, it'll use one for trusting the message, and one for decrypting in case.

Generating a custom keystore and a private key
keytool -genkeypair -alias samlserver -keyalg RSA -keypass samlserver -keystore samlserver.jks -storepass samlserver

Exporting a certificate/your public key
keytool -exportcert -alias samlserver -keystore samlserver.jks -storepass samlserver -file samlserver.cer
keytool -list -keystore samlserver.jks

Importing a certificate / peer's public key
keytool -importcert -alias samlclient -keystore samlserver.jks -storepass samlserver -file samlclient.cer

Print a Certificate
keytool -printcert -file samlclient.cer

Delete a Certificate from keystore
Keytool -delete -alias <aliasName> -keystore <keystoreName> -storepass <keystorePassword>

Delete a Keystore
keytool -delete -alias samlserver-keystore samlserver.jks

Create a certificate request to CA
keytool -certreq -alias test -sigalg "RSAwithSHA1" -file certreq_file -storetype jks -keystore test.jks

Note that if you import a certificate with an already existing alias name, it gets overridden. This is used when you are using your certificate for signing (self-signing) initially, and later get a certificate from a CA in which case you'll override 

No comments:

Post a Comment