When encrypting a SOAP, does the AES key embedded in SOAP header?

I'm using Axis2 and Rampart to encrypt SOAP messages. I'm trying to understand the structure of encrypted SOAP message.

My current understanding is, the soap body is encrypted using AES-128, and the AES key is encrypted and embedded in the soap header, in <xenc:EncryptedKey> tag. Is that right? could someone confirm? (or point out my mistakes)

Here's a encrypted SOAP request

<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <xenc:EncryptedKey Id="EncKeyId-14111765"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <ds:KeyInfo xmlns :mrgreen: s="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName> CN=Sample Service,OU=Rampart,O=Apache,L=Colombo,ST=Western,C=LK </ds:X509IssuerName> <ds:X509SerialNumber> 1187603713 </ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> gobOw+cbBJ4YweQkl/fNP2gZe8N/ihy7LFWWPJsveM10N+XKvUKWSefHoQF27UiKc67KLv/fJ3pI+N8HMGRHL72bAuTdWhMa9VC8S60hiNQusfAI3k3WPJh3Byhkr0ZSvPvLOfGZzSa60jfDXaLP7EjiI6tYXZhLeu0GRhfkdCI= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc :mrgreen: ataReference URI="#EncDataId-29705835" /> </xenc:ReferenceList> </xenc:EncryptedKey> </wsse:Security> </soapenv:Header> <soapenv:Body> <xenc:EncryptedData Id="EncDataId-29705835" Type="http://www.w3.org/2001/04/xmlenc#Content"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <ds:KeyInfo xmlns :mrgreen: s="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#EncKeyId-14111765" /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> 1IpKX0sFxuCclnwy7dmhja3F6MrRONuE69QsbNwwKTRma38qfETHDZnU4eP3k+hWMmiHVk6saEKi QiyBFu++g6uNKFRzitWR2qj2xE+WvU4TTg0CgrCExKnbV3jnZ0dr2GEd6Wfw9LSrOj8CBsH4xxnv /p6uAJqLg9rpm99prwVCkzWpS6QZOmFXYZWJQ0qvyHp8Qa2maGo2Ovc9paewf8YCXniR+5qY5uXz arVR8xdfNQiB7QZm8wemfPZzFI5/f0GZBsEIWmrdM0KZYbpGwTi4hdELZ/GplXYhwZRUrvUYzFLD rf7iIVQ6whE70bLY </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>