<keyAlgorithm> Element for <binarySecurityTokenManager>

Article
09/15/2006

Specifies the cryptographic algorithm used by the specified binary security token to transform data.

<microsoft.web.services2> Element
<security> Element
<binarySecurityTokenManager> Element

<keyAlgorithm name />

Attributes and Elements

Attributes

Attribute	Description
name	Required attribute. When the security token uses asymmetric keys, the name attribute must be either RSA15 or RSAOAEP, which refer to the RSA15 and RSA_OAEP cryptographic algorithms, respectively.

name

Required attribute.

When the security token uses asymmetric keys, the name attribute must be either RSA15 or RSAOAEP, which refer to the RSA15 and RSA_OAEP cryptographic algorithms, respectively.

Child Elements

None

Parent Elements

Element	Description
<binarySecurityTokenManager> Element	Specifies a user supplied custom security manager for a binary-based security token.

Remarks

Use the <keyAlgorithm> element to specify the algorithm used to encrypt the session keys generated for X509SecurityToken security tokens. X509SecurityToken security tokens are based on asymmetric key pairs that require more CPU cycles than symmetric keys relatively expensive to encrypt data. Therefore, when a SOAP message is encrypted or digitally signed using an X509SecurityToken security token, a symmetric session key is generated to encrypt the SOAP message. That session key is encrypted using the public key of the asymmetric key pair associated with the X509SecurityToken security token using the algorithm specified in the <keyAlgorithm> element. Possible values are RSA15 and RSAOAEP, which refer to the RSA15 and RSA_OAEP key algorithms, respectively. RSAOAEP is not supported on versions of Windows that are earlier than Windows XP.

Use the <sessionKeyAlgorithm> Element to specify the algorithm that is used to generate the symmetric key.

Example

The following code specifies that symmetric session keys generated for X509SecurityToken security tokens are encrypted using the RSA_OAEP algorithm.

<configuration>
  <microsoft.web.services2>
    <security> 
      <binarySecurityTokenManager 
        valueType="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
        type="Microsoft.Web.Services2.Security.Tokens.X509SecurityTokenManager, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0">
      <keyAlgorithm name="RSAOAEP"/>
    </security>
  </microsoft.web.services2>
</configuration>