3.1.4.26 SetMasterSecretKey

  • Article

This operation is used to retrieve the encrypted master secret key from the SSS store and decrypt using the specified passphrase hash as the key using an implementation specific algorithm. The plain text master secret key is maintained locally by the protocol server for encrypting and decrypting credentials.

The following is the WSDL port type specification of the SetMasterSecretKey WSDL operation.

 <wsdl:operation name="SetMasterSecretKey" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
   <wsdl:input wsaw:Action="http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/SetMasterSecretKey" message="tns:ISecureStoreServiceApplication_SetMasterSecretKey_InputMessage" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"/>
   <wsdl:output wsaw:Action="http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/SetMasterSecretKeyResponse" message="tns:ISecureStoreServiceApplication_SetMasterSecretKey_OutputMessage" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"/>
   <wsdl:fault wsaw:Action="http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/SetMasterSecretKeySecureStoreServiceFaultFault" name="SecureStoreServiceFaultFault" message="tns:ISecureStoreServiceApplication_SetMasterSecretKey_SecureStoreServiceFaultFault_FaultMessage" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"/>
 </wsdl:operation>

The protocol client sends an ISecureStoreServiceApplication_SetMasterSecretKey_InputMessage request message and the protocol server MUST respond with an ISecureStoreServiceApplication_SetMasterSecretKey_OutputMessage message.

  • The protocol server MUST use the given byte array to perform implementation-specific decryption on the encrypted master secret key in the SSS store and store the decrypted key on the protocol server.

If any one of the conditions in the following table is met, the protocol server MUST respond with a SOAP fault containing the corresponding error complex type, serialized as specified in section 2.2.2.1. If more than one error condition is encountered, the protocol server MUST respond with exactly one error complex type, determined in an implementation-specific manner.

Error Complex Type

Condition

SecureStoreServiceFault

The caller failed an implementation specific authorization check for setting the decrypted master secret key.

SecureStoreServiceFault

The protocol server cannot retrieve the master secret key from the SSS store.