Encryption using RSA Public Key with SoapUI

This section provides a tutorial example on how to encryption the SOAP body element content with a RSA public key certificate using SoapUI.

To try to fix the error occurred in the previous tutorial, let's grab a RSA public key certificate from JDK's "cacerts" keystore file.

1. Export the "globalsignca" certificate JDK's "cacerts" keystore file to certificate file, globalsignca.crt:

C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -exportcert 
   -alias globalsignca -file globalsignca.crt
   -keystore "\Program Files\java\jdk1.8.0\jre\lib\security\cacerts" 

Enter keystore password: changeit
Certificate stored in file <globalsignca.crt>

2. Import the certificate from globalsignca.crt into "MyKeyStore.jks" file:

C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -importcert 
   -alias globalsignca -keystore MyKeyStore.jks -storepass MyKeyStore
   -file globalsignca.crt

Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Serial number: 40000000001154b5ac394
Valid from: Tue Sep 01 08:00:00 EDT 1998 
   until: Fri Jan 28 07:00:00 EST 2028
Certificate fingerprints:
   MD5:  3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
   SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
   SHA256: EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:
           68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99
   Signature algorithm name: SHA1withRSA
   Version: 3
...

Trust this certificate? [no]:  yes
Certificate was added to keystore

3. Restart SoapUI and modify the "Encryption" configuration setting:

Keystore: MyKeyStore.jks
ALias: mycertificate
Password:
... 

4. Resubmit the SOAP request. The response message will be displayed.

5. Click on the "Raw" vertical tab. This time, you should see "wsse:Security" SOAP header element added to the request message automatically. And the SOAP body element content is replaced with a "xenc:EncryptedData" element:

<soapenv:Envelope ...>
<soapenv:Header>
 <wsse:Security>
  ...
 </wsse:Security>
</soapenv:Header>
<soapenv:Body>
 <xenc:EncryptedData Id="ED-3F60678EF1C89DEFF1140372822597218" ...>
  ...
 </xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>

Congratulations! We have successfully encrypted SOAP request message with SoapUI with a X.509 certificate from "globalsignca". No body can see what we are actually sending in the SOAP body except for the owner of "globalsignca", who has the private key associated with the public key in the certificate.

Of course, in a real world integration, we need to use a certificate of RSA public key from the message receiver.

Last update: 2014.

Table of Contents

 About This Book

 Introduction to Web Service

 Introduction to SOAP (Simple Object Access Protocol)

 SOAP Message Structure

 SOAP Message Transmission and Processing

 SOAP Data Model

 SOAP Encoding

 SOAP RPC Presentation

 SOAP Properties Model

 SOAP Message Exchange Patterns

 SOAP HTTP Binding

 SOAP Perl Implementations

 SOAP PHP Implementations

 SOAP Java Implementations

 Perl SOAP::Lite - SOAP Server-Client Communication Module

 Perl Socket Test Program for HTTP and SOAP

 Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service

 Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services

 Perl SOAP::Lite 0.710 for WSDL

 PHP SOAP Extension Client Programs

 PHP SOAP Extension Server Programs

 Java Socket and HttpURLConnection for SOAP

 SAAJ - SOAP with Attachments API for Java

 SoapUI - SOAP Web Service Testing Tool

 WS-Security - SOAP Message Security Extension

WS-Security X.509 Certificate Token

 What Is WS-Security X.509 Certificate Token Profile?

 What Is XML Signature Syntax and Processing?

 Generating a Self-Signed Certificate with "keytool"

 SoapUI Configuration for Messaging Signing

 Generating Digital Signature with SoapUI

 Validating ds:Signature with X.509 Certificate

 Digital Signature Options Supported in SoapUI

 What Is XML Encryption Syntax and Processing?

 SoapUI Configuration for Messaging Encryption

 "not an RSA key" - Encryption Failed in SoapUI

Encryption using RSA Public Key with SoapUI

 2-Step Message Encryption - Symmetric and RSA

 Decrypting Encrypted SOAP Message

 Message Encryption Options Supported in SoapUI

 Web Services and SOAP Terminology

 References

 PDF Printing Version