santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vishal Mahajan <vmaha...@amberpoint.com>
Subject Re: AW: Re: how to specify JCE provider for XML encryption
Date Sun, 06 Nov 2005 19:02:21 GMT
Depends on the Sun JDK version being used. AFAIK, 1.4.2 does not support 
both DESede/CBC/ISO10126Padding or RSA/ECB/PKCS1Padding, but 1.5 does.

Regarding instantiating XMLCipher (for performing XML encryption) for a 
given algorithm and provider combination 
XMLCipher.getProviderInstance(algorithm, provider) should work, no 
change to config.xml should be required.

Vishal

Dittmann, Werner wrote:

>Alexey,
>
>DESede/CBC/ISO10126Padding is support with the Sun provider
>AFAIK, als the RSA mode. Did you install the unresticted
>security policy for the Sun provider? if not you may have
>problems with RSA greater than 512bit AFAIK.
>
>Regards,
>Werner
>
>  
>
>>-----Urspr√ľngliche Nachricht-----
>>Von: news [mailto:news@sea.gmane.org] Im Auftrag von Alexey
>>Gesendet: Montag, 24. Oktober 2005 22:11
>>An: security-dev@xml.apache.org
>>Betreff: Re: how to specify JCE provider for XML encryption
>>
>>
>>Werner Dittmann <Werner.Dittmann <at> t-online.de> writes:
>>
>>    
>>
>>>Alexey,
>>>
>>>I've used such a mechansims in Apache's WSS4J project:
>>>
>>>- generate a symmetric key, e.g. for 3DES
>>>- encrypt some data with this key
>>>- uses RSA/ECB/PKCS1Padding to encrypt this symmetric
>>>  key (not DESedeWarp, this would be used if you encrypt
>>>  - wrap - a key with e.g. 3DES). Alternatively you may
>>>  use RSA-OAEP (also provided by BC) to encrypt the
>>>  generated symmetric key.
>>>
>>>The module in WSS4J that uses and implements this is
>>>WSEncryptEnvelop.java
>>>
>>>Regards,
>>>Werner
>>>      
>>>
>>Hi Werner,
>>My fault - I misspelled. I actually meant 
>>"DESede/CBC/ISO10126Padding", which is
>>not a valid cipher in IBMJCE (wrong padding). 
>>"RSA/ECB/PKCS1Padding" is not a
>>supported cipher either. BouncyCastle can not be used as a 
>>JCE provider in my
>>environment.
>>Thanks,
>>Alexey
>>
>>
>>    
>>
>
>  
>


Mime
View raw message