I would like to know how message confidentiality is achieved for SOAP messages. My

Question

0

Asked: May 27, 20262026-05-27T14:11:26+00:00 2026-05-27T14:11:26+00:00

I would like to know how message confidentiality is achieved for SOAP messages. My

0

I would like to know how message confidentiality is achieved for SOAP messages.
My project uses IBM Websphere.In SOAP messages exchanged, there is

<wsse:KeyIdentifier>xxxx</wsse:KeyIdentifier>

It also has:

<EncryptionMethod Algorithm="yyyy"></EncryptionMethod>
<CipherData>
      <CipherValue>zzzzzzzzzzz</CipherValue>
</CipherData>

My doubt is whether can’t a third party decrypt the cipher text using the Key ?

If not how the receiver of this message is able to decrypt the message with the information available in the SOAP message?

Or is there any initial exchange of certificates required for this?

Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T14:11:26+00:00

Editorial Team

2026-05-27T14:11:26+00:00Added an answer on May 27, 2026 at 2:11 pm

Yes, you need to first set up a PKI infrastructure for this. The key identifier is just that, an identifier to select some private key from your key store – it is certainly not the key itself.

Please make sure handle the contents of that field in a secure fashion, since an attacker may change the value as well. My own implementation silently ignores the field since the key has been set in advance.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I would like to know how message confidentiality is achieved for SOAP messages. My

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply