<keyAlgorithm> Element for <binarySecurityTokenManager>
Specifies the cryptographic algorithm used by the specified binary security token to transform data.
<microsoft.web.services3> Element
<security> Element
<binarySecurityTokenManager> Element
<add> Element for <binarySecurityTokenManager>
<keyAlgorithm name />
Attributes and Elements
Attributes
Attribute | Description |
---|---|
name |
Required attribute. When the security token uses asymmetric keys, the name attribute must be either RSA15 or RSAOAEP, which refer to the RSA15 and RSA_OAEP cryptographic algorithms, respectively. |
Child Elements
None
Parent Elements
Element | Description |
---|---|
Adds a user-supplied custom security manager. |
Remarks
Use the <keyAlgorithm> element to specify the algorithm used to encrypt the session keys generated for X509SecurityToken security tokens. X509SecurityToken security tokens are based on asymmetric key pairs that require more CPU cycles than symmetric keys relatively expensive to encrypt data. Therefore, when a SOAP message is encrypted using an X509SecurityToken security token, a symmetric session key is generated to encrypt the SOAP message. That session key is encrypted using the public key of the asymmetric key pair associated with the X509SecurityToken security token, which uses the algorithm specified in the <keyAlgorithm> element. Possible values are RSA15 and RSAOAEP, which refer to the RSA15 and RSA_OAEP key algorithms, respectively. RSAOAEP is not supported on versions of Windows that are earlier than Windows XP.
Use the <sessionKeyAlgorithm> Element to specify the algorithm that is used to generate the symmetric key.
Example
The following code example specifies that symmetric session keys generated for X509SecurityToken security tokens are encrypted using the RSA_OAEP algorithm.
<configuration>
<microsoft.web.services3>
<security>
<binarySecurityTokenManager>
<add valueType="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
type="Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager, Microsoft.Web.Services3, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0">
<keyAlgorithm name="RSAOAEP"/>
</add>
</security>
</microsoft.web.services3>
</configuration>