When encrypting a SOAP, does the AES key embedded in SOAP header?
posted 9 years ago
I'm using Axis2 and Rampart to encrypt SOAP messages. I'm trying to understand the structure of encrypted SOAP message.
My current understanding is, the soap body is encrypted using AES-128, and the AES key is encrypted and embedded in the soap header, in <xenc:EncryptedKey> tag. Is that right? could someone confirm? (or point out my mistakes)