I'm using Axis2 and Rampart to encrypt SOAP messages. I'm trying to understand the structure of encrypted SOAP message.
My current understanding is, the soap body is encrypted using AES-128, and the AES key is encrypted and embedded in the soap header, in <xenc:EncryptedKey> tag. Is that right? could someone confirm? (or point out my mistakes)
Here's a encrypted SOAP request
subject: When encrypting a SOAP, does the AES key embedded in SOAP header?