Java Security

This is a problem we are facing during XML encryption-decryption. We are getting the ""org.apache.xml.security.encryption.XMLEncryptionException: No Key Encryption Key loaded and cannot determine using key resolvers". error.

Scenario:
We have Java Code (Decryptor Class) deployed in our server box. We also have the Client Code which encrypts the XML document and sends it to Decryptor.

We are using the XML Encryption method. .i.e. On the server box, we use Sun utility keytool to generate the public-private key pair. Then we export them in to public.cer file. We then import it into client-truststore.jks file and distribute it to the client boxes who would like to send us the encrypted message.

In the client side Encryptor class, it generates the Symmetric Key (AES_128) and encrypts the XML data. Then it extracts the public key from the client-truststore.jks file, encrypts the Symmetric key with this Public Key (RSA_1024) and attaches the encrypted symmetric key to the XML Message and sends it to Decryptor function.

Once the encrypted XML messages comes, Decryptor class will take the private key and decrypts the "encrypted the Symmetric Key". Then using the Symmetric Key it will decrypt the XML message and sends it for further processing.

We are using the IBM JDK 1.4.2 along with BouncyCastle JCE provider on the server side. Client side we are using Sun JDK 1.4.2 with BouncyCastle JCE.

Client side we have the following JAR files in it.
1. bvprov-jdk14-133.jar
2. xerces.jar
3. xalan.jar
4. xmlsec-1.3.0.jar
5. xml.jar

The Encrypter Java package runs fine from the client machine if run independently from the command line using the same JVM. But when you import this package in to webmethod, it creates the encrypted XML message and when decrypter on server side tries to decrypt it is failing with error "org.apache.xml.security.encryption.XMLEncryptionException: No Key Encryption Key loaded and cannot determine using key resolvers"

Message was edited by:
rajeshpalled