PROTOCOL: Symmetric Key Services (SKS) response with a symmetric key


PROTOCOL: Symmetric Key Services (SKS) response with a symmetric key
A successful response to a symmetric key request (without the WSS overlay) resembles the following:
	<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:symkey="http://www.strongauth.com/2006/01/symkey#">
		<ds:KeyInfo>
			<ds:KeyName>2-2</ds:KeyName>
		</ds:KeyInfo> <xenc:CipherData>
			<xenc:CipherValue>CKd4hXZkFGXagTaSPXfOzGgmRVQDik377GZ8hbXfL/XxyzynxGRCS1QUusbgSBqXqjq8goRLcb6l rDtyM+q3MeWIv0/BAoZyUJrGGflSJ7OqVwH1vClmhrMfqPmPTWlvBznsPJeG9ICb/kPNFQEFyn8Y 8pRnbgc38XkMl7uPWAo=</xenc:CipherValue>
		</xenc:CipherData> <xenc:EncryptionProperties>
			<xenc:EncryptionProperty>
				<symkey:KeyUsePolicy>
					<symkey:pid>4</symkey:pid> <symkey:name>DES-EDE KeyUsePolicy</symkey:name> <symkey:start_date>1969-12-31 16:00:00.0</symkey:start_date> <symkey:end_date>1969-12-31 16:00:00.0</symkey:end_date> <symkey:duration>0</symkey:duration> <symkey:tx_allowed>10</symkey:tx_allowed> <symkey:policy_type>Tx</symkey:policy_type> <symkey:algorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</symkey:algorithm> <symkey:keysize>192</symkey:keysize> <symkey:status>Active</symkey:status>
				</symkey:KeyUsePolicy>
			</xenc:EncryptionProperty>
		</xenc:EncryptionProperties>
	</xenc:EncryptedKey>

The same response when wrapped within the OASIS WSS protocol:

	<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1154633913199-187277365">MIIEJTCCAw2gAwIBAgIIK8YzLjBJ0qswDQYJKoZIhvcNAQELBQAwZzEmMCQGA1UEAxMdU3Ryb25n S2V5IERFTU8gU3Vib3JkaW5hdGUgQ0ExJDAiBgNVBAsTG0ZvciBTdHJvbmdLZXkgREVNTyBVc2Ug T25seTEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMwHhcNMDYwNzI1MTYzODE4WhcNMDcwNzI1MTY0 ODE4WjBqMRIwEAYKCZImiZPyLGQBARMCMTAxFTATBgNVBAMTDFNLUyBTZXJ2ZXItMjEkMCIGA1UE CxMbRm9yIFN0cm9uZ0tleSBERU1PIFVzZSBPbmx5MRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ2Kge/hQG7b7Tv7vWzt+phYWQxGsurJ0fUM ILXJ+BfY7INZ7g9K9ZuqjE62Vds6odX2C91Wk0vIPeeyl10EQ6u2LsYi0qswlydrW4Qbt6zR8376 NuQdhGtyNsboeG7UDzFDJDIu8NxO6tE72t5nFdtTIbM6O11mZ43KZxhUizst8qGR1cpnU7bhTuRm Ud737tLvowe4ubYRk8n/9DDTG1MR3BhKD9ylqW7j1+9nAG9JUshIbNoZZ6Z0aCxp7QvpiOjLnkIq znwq50gWEyZYJSVu5W++XCORIIGjEiRJqHKblwjHF3HXCGQqIuzGnFf275sOi9qO3ALtNpS75li4 bF0CAwEAAaOB0TCBzjAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFB7F74j+RVORjhNyCeaLcGpR GhFiMB8GA1UdIwQYMBaAFPTYwEHoJG4iFVHRnt2EWxGluAQVMCYGA1UdEQQfMB2BG3NlcnZlci5h ZG1pbkBzdHJvbmdhdXRoLmNvbTAYBgNVHSAEETAPMA0GCysGBAHSEoN9AQQBMDoGA1UdHwQzMDEw L6AtoCuGKWh0dHA6Ly9kZW1vLnN0cm9uZ2tleS5vcmcvZGVtby1zdWItY2EuY3JsMA0GCSqGSIb3 DQEBCwUAA4IBAQAkhGJr1wg/Qt6JKnxvWKK/0fOlguSRRQl1in37MTtnqot7H8ahkaDP2sVXNW1V LrEeXyNfHE4vTAoP5VIiT8nXlsvdujqRAsY0gigJ5VJ/D990DBqKN2kotvZMvbAY4mcDdU+TaX4z k/oetZqrAYX7Szs3NUgxopd8K+GzdR+b1FzlAhvf39zqrCjEGYjJyxfPQruWKPmdvRO1ccIxvQlG kMP9nDOKbnRNTmS1ZOJqktytFAjAlfEVoaV5/mACOZOYKpUJsOHm+TwSyR9373kMjIWh8oCpiFYf 2kQKk66f86UazwChKnDQn1THnFFBukr6VRw50AaIaXVTauCM+R1X</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#XWSSGID-1154633932515-1329561154"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>oO8dmj3ncj7qmPo/qAX769gF2AM=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#XWSSGID-1154633932515550194145"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>8azioIE1pIHmncKSYOvnjlLpWw8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>OAKCtdomOdhwyLpUhVn+xi3ZG4IIf3VagV1/rMBkTIVxNbHQ5HrMRDst5wbk7BhbM+BYPbErAFdy 3bB3hFL208Kxs0wtv/J5T+HlOJG7uUBPQRVTJCmHrEiW1VfKxEaOmocBoXOnAM/eNd7Ge0jXPZ2I qOmWKKM4i9yoaPcvY8bZljKTaaALW+Amg6+H1jC+27fMBcfQvi7HurtUKX0m3eda6Bwxk6yaMIZx nogeITw9ytDnYXGMz7YwNOBOt3eP4PzWq98ApdcsK1XzsD6JsigHJZ9sd7SHP2PyLg9606Z4PQ6O PbQ3nVtWURkkwOF4batbRgJz0/iurJx0+YH4WA==</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1154633932510-1780208888"> <wsse:Reference URI="#XWSSGID-1154633913199-187277365" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1154633932515550194145"> <wsu:Created>2006-08-03T19:38:52Z</wsu:Created> <wsu:Expires>2006-09-02T19:38:52Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1154633932515-1329561154"> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:symkey="http://www.strongauth.com/2006/01/symkey#"> <ds:KeyInfo> <ds:KeyName>2-2</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>CKd4hXZkFGXagTaSPXfOzGgmRVQDik377GZ8hbXfL/XxyzynxGRCS1QUusbgSBqXqjq8goRLcb6l rDtyM+q3MeWIv0/BAoZyUJrGGflSJ7OqVwH1vClmhrMfqPmPTWlvBznsPJeG9ICb/kPNFQEFyn8Y 8pRnbgc38XkMl7uPWAo=</xenc:CipherValue> </xenc:CipherData> <xenc:EncryptionProperties> <xenc:EncryptionProperty> <symkey:KeyUsePolicy> <symkey:pid>4</symkey:pid> <symkey:name>DES-EDE KeyUsePolicy</symkey:name> <symkey:start_date>1969-12-31 16:00:00.0</symkey:start_date> <symkey:end_date>1969-12-31 16:00:00.0</symkey:end_date> <symkey:duration>0</symkey:duration> <symkey:tx_allowed>10</symkey:tx_allowed> <symkey:policy_type>Tx</symkey:policy_type> <symkey:algorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</symkey:algorithm> <symkey:keysize>192</symkey:keysize> <symkey:status>Active</symkey:status> </symkey:KeyUsePolicy> </xenc:EncryptionProperty> </xenc:EncryptionProperties> </xenc:EncryptedKey> </SOAP-ENV:Body> </SOAP-ENV:Envelope>