-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AS4RequestHandler: Different keystores for decryption and signing of response message #139
Comments
Thanks! Do you expect a PR or are you going to have a look at it first? |
I don't expect anything, but I am happy about ideas how to add that feature in a backwards compatible way :) Lets really use it for discussion here. |
… response message phax#139
I created a draft PR with a solution that I got managed working using a Involves some bit of chaining new and existing constructors, but that should help maintaining backwards compatibility for current solutions that only work with a single crypto factory. Feedback is welcome. |
… response message phax#139
So the different cryptoFactories are available from v2.2.0 onwards - please bare in mind, that some of the (especially internal) APIs have changed to allow for 2 different cryptoFactories. |
Discussed in #138
Originally posted by sopgreg June 27, 2023
Right now, in the
AS4RequestHandler
the sameIAS4CryptoFactory
is used for decryption/signature verification as well as for signing/encrypting the response message (signal/error) message.In the German BDEW process, different keys must be used for encryption and signature purposes. Right now, since the same crypto factory is used, the response message will be signed with the private key defined in the crypto factory, which actually is the private key used for decryption.
Here, a different private key must be used.
Is there currently a way to achieve this, or would a change be necessary in the
AS4RequestHandler
code, like two separateIAS4CryptoFactory
instances?The text was updated successfully, but these errors were encountered: