Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Web Services Security concepts > Web Services Security concepts for v5.x applications
Keys
Keys are used for XML signature and encryption.
There is an important distinction between v5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WAS v6.0.x and later. The information does not apply to Version 6 and later applications.
There are two predominant kinds of keys used in the current Web Services Security implementation:
- Public key - such as Rivest Shamir Adleman (RSA) encryption and Digital Signature Algorithm (DSA) encryption
- Secret key - such as Data Encryption Standard (DES) encryption
In public key-based signature, a message is signed using the sender private key and is verified using the sender public key. In public key-based encryption, a message is encrypted using the receiver public key and is decrypted using the receiver private key. In secret key-based signature and encryption, the same key is used by both parties.
While the current implementation of Web Services Security can support both kinds of keys, there are a few items to note:
- Secret key-based signature is not supported.
- The format of the message differs slightly between public key-based encryption and secret key-based encryption.
Key locator
Secure web services for v5.x applications using XML digital signature