Monday, April 22, 2013

Encrypt Message Using WS-Security in Websphere 7: InvalidKeyException

I tried to encrypt a soap message using WS-Security with an SSL certificate I got from the service provider.

My runtime is a WebSphere ESB 7.5.1.1 running on WAS 7.0.0.27

After configuring the policy set and the client policy set binding, I couldn't get rid of the following exception when executing the web service client:

Exception:
javax.xml.ws.WebServiceException:
com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5612E: Encrypting the
data produced the following exception: Wrong length: 162:
java.security.InvalidKeyException: Wrong length: 162 Message: com.ibm.wsspi.wssecurity.core.SoapSecurityException:
CWWSS5612E: Encrypting the data produced the following exception: Wrong length:
162: java.security.InvalidKeyException: Wrong length: 162

After trying a lot of configuration changes (which is very tedious because each change in a policy set or client policy set binding requires a appserver restart), I finally found the cause: in the encrypter configuration I assumed "Data encryption" was the correct setting for encrypting the data of the message, but the infocenter clearly states that "Data encryption" is used for symmetric encryption only.


Changing the setting to "Key encryption" solved the InvalidKeyException!

Information center info about the setting:

Usage of key information reference
This field is available on this panel if you are configuring encryption protection and it specifies that the encryption key information is either data encryption key information or key encryption key information. Select Data encryption for symmetric algorithms and Key encryption for asymmetric algorithms.
 

No comments:

Post a Comment