Geeks With Blogs
Pradeep Loganathan Distributed

Foundations of Message Level Security


The main aim of securing Web services is to secure the messages sent and consumed by the services. This depends on using standards such as XML signature and XML encryption.

To understand XML signature and XML encryption we need to understand the principles of shared Key cryptography and public Key cryptography.


Shared Key Cryptography


Shared Key cryptography is used to ensure confidentiality of messages. Shared key technologies depend on the sender and the recipient of the message knowing a secret key. This secret key is then used to encrypt all messages between the sender and the receiver.

Shared key technology is faster but has problems with scalable key distribution.

Public Key cryptography


Public Key cryptography aims to solve the problem of Key distribution inherent in Shared key cryptography. Public key cryptography is used to ensure integrity, non-repudiation and authentication for messages. In public key cryptography the sending and the receiving parties do not need to know or share a secret key which can be intercepted in-between, rather public key cryptography relies on a pair of public and private keys which are mathematically related. One key is used for encryption and the other key is used to decrypt. The disadvantage of public keys cryptography is that it is very slow.


Posted on Wednesday, August 2, 2006 6:23 AM | Back to top

Copyright © Pradeep Loganathan | Powered by: