|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Java security api - DCE 128bit encryption with .NETWorks great. A new client wants to interface our web app in a WebSphere Portal with a single signon for their clients so they want to call our default page via a post and pass the userID in an encrypted query string. Their encryption will use a Java security api - DCE 128bit encryption. Using ASP.NET is there a way to either call the Java API, or use an API that is compatible with ASP.NET so that I can successfully decrypt their supplied string? Assuming of course that we have access or know any required keys ... our client wants to interface with our web app so the use of any of their keys to make this happen is reasonable. I have searched the net with the words in the subject and have not been able to find much in the way of details of the Java API or the compatibility of the Java and .net encryption .NET classes/APIs. I posted this in the ASP.NET group and no one has responded ... thought I would try here. Any advice or suggestions would be greatly appreciated. Thanks ... Ron I saw your post in the other newsgroup, but didn't know what this DCE thing
is. I actually did a search and didn't see anything that explained what the encryption algorithm is. If you knew that, then you should be able do the same thing in .NET as the major algorithms are generally available. You might also look at the bouncy castle .NET port to see if it has support for this DCE thing already. Best of luck, Joe K. Show quoteHide quote "RonF" <R***@discussions.microsoft.com> wrote in message news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com... >I have a web app that currently gets the userID from a 509 client cert. > Works great. > > A new client wants to interface our web app in a WebSphere Portal with a > single signon for their clients so they want to call our default page via > a > post and pass the userID in an encrypted query string. Their encryption > will > use a Java security api - DCE 128bit encryption. > > Using ASP.NET is there a way to either call the Java API, or use an API > that > is compatible with ASP.NET so that I can successfully decrypt their > supplied > string? Assuming of course that we have access or know any required keys > ... > our client wants to interface with our web app so the use of any of their > keys to make this happen is reasonable. > > I have searched the net with the words in the subject and have not been > able > to find much in the way of details of the Java API or the compatibility of > the Java and .net encryption .NET classes/APIs. > > I posted this in the ASP.NET group and no one has responded ... thought I > would try here. > > Any advice or suggestions would be greatly appreciated. > > Thanks ... > > Ron > Joe,
Thanks for the reply. The "DCE" thing is quoted from what I got from the client. I looked up DCE and found the following on the java.sun.com site related to java.util Class UUID: UUID is a universally unique identifier. A UUID represents a 128-bit value. There are four different basic types of UUIDs: time-based, DCE security, name-based, and randomly generated UUIDs. Apparently, Oracle Advanced Security supports Kerberos, CyberSafe, DCE, and SSL-based single sign-on ... note the reference again to DCE. Websphere does also apparently. Beyond what I just copied above, I'm not sure how best to proceed. Ron Show quoteHide quote "Joe Kaplan (MVP - ADSI)" wrote: > I saw your post in the other newsgroup, but didn't know what this DCE thing > is. I actually did a search and didn't see anything that explained what the > encryption algorithm is. If you knew that, then you should be able do the > same thing in .NET as the major algorithms are generally available. > > You might also look at the bouncy castle .NET port to see if it has support > for this DCE thing already. > > Best of luck, > > Joe K. > > "RonF" <R***@discussions.microsoft.com> wrote in message > news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com... > >I have a web app that currently gets the userID from a 509 client cert. > > Works great. > > > > A new client wants to interface our web app in a WebSphere Portal with a > > single signon for their clients so they want to call our default page via > > a > > post and pass the userID in an encrypted query string. Their encryption > > will > > use a Java security api - DCE 128bit encryption. > > > > Using ASP.NET is there a way to either call the Java API, or use an API > > that > > is compatible with ASP.NET so that I can successfully decrypt their > > supplied > > string? Assuming of course that we have access or know any required keys > > ... > > our client wants to interface with our web app so the use of any of their > > keys to make this happen is reasonable. > > > > I have searched the net with the words in the subject and have not been > > able > > to find much in the way of details of the Java API or the compatibility of > > the Java and .net encryption .NET classes/APIs. > > > > I posted this in the ASP.NET group and no one has responded ... thought I > > would try here. > > > > Any advice or suggestions would be greatly appreciated. > > > > Thanks ... > > > > Ron > > > > > I'm guessing that it is just some sort of symmetric encryption with a shared
key at the heart of it, possibly with RC2 since it is 128 bit, but possibly with something else (AES?). I really can't tell though. Perhaps one of the greater crypto experts than me (which is not saying much at all really :)) will see this post and provide some more ideas. Joe K. Show quoteHide quote "RonF" <R***@discussions.microsoft.com> wrote in message news:03E02A2A-3E99-4377-8AB2-0BD6A9482E3B@microsoft.com... > Joe, > > Thanks for the reply. The "DCE" thing is quoted from what I got from the > client. I looked up DCE and found the following on the java.sun.com site > related to java.util Class UUID: > > UUID is a universally unique identifier. A UUID represents a 128-bit > value. > There are four different basic types of UUIDs: time-based, DCE security, > name-based, and randomly generated UUIDs. > > Apparently, Oracle Advanced Security supports Kerberos, CyberSafe, DCE, > and > SSL-based single sign-on ... note the reference again to DCE. Websphere > does > also apparently. > > Beyond what I just copied above, I'm not sure how best to proceed. > > Ron > > "Joe Kaplan (MVP - ADSI)" wrote: > >> I saw your post in the other newsgroup, but didn't know what this DCE >> thing >> is. I actually did a search and didn't see anything that explained what >> the >> encryption algorithm is. If you knew that, then you should be able do >> the >> same thing in .NET as the major algorithms are generally available. >> >> You might also look at the bouncy castle .NET port to see if it has >> support >> for this DCE thing already. >> >> Best of luck, >> >> Joe K. >> >> "RonF" <R***@discussions.microsoft.com> wrote in message >> news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com... >> >I have a web app that currently gets the userID from a 509 client cert. >> > Works great. >> > >> > A new client wants to interface our web app in a WebSphere Portal with >> > a >> > single signon for their clients so they want to call our default page >> > via >> > a >> > post and pass the userID in an encrypted query string. Their >> > encryption >> > will >> > use a Java security api - DCE 128bit encryption. >> > >> > Using ASP.NET is there a way to either call the Java API, or use an API >> > that >> > is compatible with ASP.NET so that I can successfully decrypt their >> > supplied >> > string? Assuming of course that we have access or know any required >> > keys >> > ... >> > our client wants to interface with our web app so the use of any of >> > their >> > keys to make this happen is reasonable. >> > >> > I have searched the net with the words in the subject and have not been >> > able >> > to find much in the way of details of the Java API or the compatibility >> > of >> > the Java and .net encryption .NET classes/APIs. >> > >> > I posted this in the ASP.NET group and no one has responded ... thought >> > I >> > would try here. >> > >> > Any advice or suggestions would be greatly appreciated. >> > >> > Thanks ... >> > >> > Ron >> > >> >> >> I think that DES is the default encryption alg. used in a PART of DCE:
http://www.dsps.net/Security.html But I really know very little about it ;-) - Mitch Show quoteHide quote "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote in message news:OoQfP8ElFHA.3312@tk2msftngp13.phx.gbl... > I'm guessing that it is just some sort of symmetric encryption with a shared key at the heart of it, possibly with RC2 since it is > 128 bit, but possibly with something else (AES?). I really can't tell though. > > Perhaps one of the greater crypto experts than me (which is not saying much at all really :)) will see this post and provide some > more ideas. > > Joe K. > > "RonF" <R***@discussions.microsoft.com> wrote in message news:03E02A2A-3E99-4377-8AB2-0BD6A9482E3B@microsoft.com... >> Joe, >> >> Thanks for the reply. The "DCE" thing is quoted from what I got from the >> client. I looked up DCE and found the following on the java.sun.com site >> related to java.util Class UUID: >> >> UUID is a universally unique identifier. A UUID represents a 128-bit value. >> There are four different basic types of UUIDs: time-based, DCE security, >> name-based, and randomly generated UUIDs. >> >> Apparently, Oracle Advanced Security supports Kerberos, CyberSafe, DCE, and >> SSL-based single sign-on ... note the reference again to DCE. Websphere does >> also apparently. >> >> Beyond what I just copied above, I'm not sure how best to proceed. >> >> Ron >> >> "Joe Kaplan (MVP - ADSI)" wrote: >> >>> I saw your post in the other newsgroup, but didn't know what this DCE thing >>> is. I actually did a search and didn't see anything that explained what the >>> encryption algorithm is. If you knew that, then you should be able do the >>> same thing in .NET as the major algorithms are generally available. >>> >>> You might also look at the bouncy castle .NET port to see if it has support >>> for this DCE thing already. >>> >>> Best of luck, >>> >>> Joe K. >>> >>> "RonF" <R***@discussions.microsoft.com> wrote in message >>> news:7612910E-DF75-4961-9ECC-D2D66E0CB71C@microsoft.com... >>> >I have a web app that currently gets the userID from a 509 client cert. >>> > Works great. >>> > >>> > A new client wants to interface our web app in a WebSphere Portal with a >>> > single signon for their clients so they want to call our default page via >>> > a >>> > post and pass the userID in an encrypted query string. Their encryption >>> > will >>> > use a Java security api - DCE 128bit encryption. >>> > >>> > Using ASP.NET is there a way to either call the Java API, or use an API >>> > that >>> > is compatible with ASP.NET so that I can successfully decrypt their >>> > supplied >>> > string? Assuming of course that we have access or know any required keys >>> > ... >>> > our client wants to interface with our web app so the use of any of their >>> > keys to make this happen is reasonable. >>> > >>> > I have searched the net with the words in the subject and have not been >>> > able >>> > to find much in the way of details of the Java API or the compatibility of >>> > the Java and .net encryption .NET classes/APIs. >>> > >>> > I posted this in the ASP.NET group and no one has responded ... thought I >>> > would try here. >>> > >>> > Any advice or suggestions would be greatly appreciated. >>> > >>> > Thanks ... >>> > >>> > Ron >>> > >>> >>> >>> > > 
Other interesting topics
Import RSA parameters from .PEM format
LogonUser Succeeds - but fails later Getting User Information from a SID Forms Authentication Not Redirecting To Login Page Export and Import RSA Key Container SecurityException: Request Failed on CreateInstanceAndUnwrap HttpWebRequest.GetRequestStream - Trust Failure In Windows Service Runtime error when running caspol w/ -pub -hex Propagate Credentials from Internet Explorer Host Instead of Defau problem to run WINDOW user control in IE |
|||||||||||||||||||||||
