Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 40791 invoked from network); 6 Nov 2005 18:59:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 6 Nov 2005 18:59:24 -0000 Received: (qmail 67357 invoked by uid 500); 6 Nov 2005 18:59:23 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 67337 invoked by uid 500); 6 Nov 2005 18:59:22 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 67326 invoked by uid 99); 6 Nov 2005 18:59:22 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 06 Nov 2005 10:59:22 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [67.116.30.6] (HELO red.amberpoint.com) (67.116.30.6) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 06 Nov 2005 10:59:16 -0800 Received: from [127.0.0.1] (vitalstatistix.edgility.com [10.10.11.89]) by red.amberpoint.com (8.12.11/8.12.11) with ESMTP id jA6Iwuod003456 for ; Sun, 6 Nov 2005 10:58:58 -0800 (PST) Message-ID: <436E533D.9010901@amberpoint.com> Date: Mon, 07 Nov 2005 00:32:21 +0530 From: Vishal Mahajan User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: security-dev@xml.apache.org Subject: Re: AW: Re: how to specify JCE provider for XML encryption References: In-Reply-To: Content-Type: multipart/alternative; boundary="------------010204080005020907050507" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multi-part message in MIME format. --------------010204080005020907050507 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Depends on the Sun JDK version being used. AFAIK, 1.4.2 does not support both DESede/CBC/ISO10126Padding or RSA/ECB/PKCS1Padding, but 1.5 does. Regarding instantiating XMLCipher (for performing XML encryption) for a given algorithm and provider combination XMLCipher.getProviderInstance(algorithm, provider) should work, no change to config.xml should be required. Vishal Dittmann, Werner wrote: >Alexey, > >DESede/CBC/ISO10126Padding is support with the Sun provider >AFAIK, als the RSA mode. Did you install the unresticted >security policy for the Sun provider? if not you may have >problems with RSA greater than 512bit AFAIK. > >Regards, >Werner > > > >>-----Urspr�ngliche Nachricht----- >>Von: news [mailto:news@sea.gmane.org] Im Auftrag von Alexey >>Gesendet: Montag, 24. Oktober 2005 22:11 >>An: security-dev@xml.apache.org >>Betreff: Re: how to specify JCE provider for XML encryption >> >> >>Werner Dittmann t-online.de> writes: >> >> >> >>>Alexey, >>> >>>I've used such a mechansims in Apache's WSS4J project: >>> >>>- generate a symmetric key, e.g. for 3DES >>>- encrypt some data with this key >>>- uses RSA/ECB/PKCS1Padding to encrypt this symmetric >>> key (not DESedeWarp, this would be used if you encrypt >>> - wrap - a key with e.g. 3DES). Alternatively you may >>> use RSA-OAEP (also provided by BC) to encrypt the >>> generated symmetric key. >>> >>>The module in WSS4J that uses and implements this is >>>WSEncryptEnvelop.java >>> >>>Regards, >>>Werner >>> >>> >>Hi Werner, >>My fault - I misspelled. I actually meant >>"DESede/CBC/ISO10126Padding", which is >>not a valid cipher in IBMJCE (wrong padding). >>"RSA/ECB/PKCS1Padding" is not a >>supported cipher either. BouncyCastle can not be used as a >>JCE provider in my >>environment. >>Thanks, >>Alexey >> >> >> >> > > > --------------010204080005020907050507 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Depends on the Sun JDK version being used. AFAIK, 1.4.2 does not support both DESede/CBC/ISO10126Padding or RSA/ECB/PKCS1Padding, but 1.5 does.

Regarding instantiating XMLCipher (for performing XML encryption) for a given algorithm and provider combination XMLCipher.getProviderInstance(algorithm, provider) should work, no change to config.xml should be required.

Vishal

Dittmann, Werner wrote: 
Alexey,

DESede/CBC/ISO10126Padding is support with the Sun provider
AFAIK, als the RSA mode. Did you install the unresticted
security policy for the Sun provider? if not you may have
problems with RSA greater than 512bit AFAIK.

Regards,
Werner

  
-----Ursprüngliche Nachricht-----
Von: news [mailto:news@sea.gmane.org] Im Auftrag von Alexey
Gesendet: Montag, 24. Oktober 2005 22:11
An: security-dev@xml.apache.org
Betreff: Re: how to specify JCE provider for XML encryption


Werner Dittmann <Werner.Dittmann <at> t-online.de> writes:

    
Alexey,

I've used such a mechansims in Apache's WSS4J project:

- generate a symmetric key, e.g. for 3DES
- encrypt some data with this key
- uses RSA/ECB/PKCS1Padding to encrypt this symmetric
  key (not DESedeWarp, this would be used if you encrypt
  - wrap - a key with e.g. 3DES). Alternatively you may
  use RSA-OAEP (also provided by BC) to encrypt the
  generated symmetric key.

The module in WSS4J that uses and implements this is
WSEncryptEnvelop.java

Regards,
Werner
      
Hi Werner,
My fault - I misspelled. I actually meant 
"DESede/CBC/ISO10126Padding", which is
not a valid cipher in IBMJCE (wrong padding). 
"RSA/ECB/PKCS1Padding" is not a
supported cipher either. BouncyCastle can not be used as a 
JCE provider in my
environment.
Thanks,
Alexey

--------------010204080005020907050507--