santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hess Yvan" <Yvan.H...@imtf.ch>
Subject RE: Problem with rsa-1_5 padding mechanism
Date Thu, 30 Mar 2006 08:41:46 GMT
- Does it means that XML apache security using RSA/ECB/PKCS1Padding is
the correct one and that IBM XSS4J contains a critical bug ?
- Is it right to map RSA 1.5 alg to a Java Cipher "RSA/ECB/PKCS1Padding"
?

Thanks for you answer. 

Yvan

-----Original Message-----
From: Milan Tomic [mailto:tomicmilan@yahoo.com] 
Sent: jeudi, 30. mars 2006 10:25
To: security-dev@xml.apache.org
Subject: Re: Problem with rsa-1_5 padding mechanism

Hi,

W3C is being very clear about padding while encrypting using RSA 1.5
alg:

http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport

In other words: you have to use padding. Btw, padding is not something
complex and can be easily implemented.

Hope it helps,
Milan


--- Hess Yvan <Yvan.Hess@imtf.ch> wrote:

> I encrypted a XML document containing a <xenc:EncryptedKey> element 
> and a <xenc:EncryptedData> element using XML Apache XML security. I 
> tried to decrypt it using XSS4J library and I didn't succeed!!! The 
> problem seems to occur when the secret key encapsulated into the 
> <xenc:EncryptedKey> element is decrypted by XSS4J library.
> 
>  
> 
> Doing some investigation, I found that XML Apache security library 
> encrypts the secret key using the algorithm
> http://www.w3.org/2001/04/xmlenc#rsa-1_5 with a cipher 
> 'RSA/ECB/PKCS1Padding' and that IBM XSS4J uses 'RSA/ECB/NoPadding'.
> 
>  
> 
> The "XML Encryption Syntax and Processing" specifications of the W3C 
> is not clear for me concernig the rsa-1_5 encryption algorithm. Is a 
> padding associated to rsa-1_5 encryption or not ?
> 
>  
> 
> Who has right ? IBM XSS4J library or XML Apache Security library ?
> 
>  
> 
> I think it is a critical bug either into XSS4J or into Apache XML 
> security ... or am I wrong ?
> 
>  
> 
> Thanks for your answer. 
> 
>  
> 
> Regards. Yvan Hess
> 
>  
> 
> Here is the XML encrypted (partial).
> 
>  
> 
> <edoc:data xmlns:edoc="http://www.imtf.com/hypersuite/edoc/2.0/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> 
>   <xenc:EncryptedKey Id="Revision-1-Encryption-1-EncryptedKey-1">
> 
>      <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> 
>      <ds:KeyInfo>
> 
>         <ds:KeyName>SphinxTest</ds:KeyName>
> 
>      </ds:KeyInfo>
> 
>      <xenc:CipherData>
> 
>  
> <xenc:CipherValue>PMblWX1U9dQhiMTSMXsX9kO8Udg8Pii8XhrRmOKJ+HiuSZUEvsfB
> tD
> wFzoXjwnCdYb+LkqPxYZ8EzgQxbxObI1RrUdg6iy4R3T0d+/H/tK34cjm8itoqDDSkyod9
> wFzoXjwnCdYb+LkqPxYZ8EzgQxbxObI1RrUdg6iy4R3T0d+/b
> OtqnEnv3AzAgkBFNCbR7NZ3N7i7gonjMAzes6wuNRCYsg=</xenc:CipherValue>
> 
>      </xenc:CipherData>
> 
>      <xenc:CarriedKeyName>secretKey</xenc:CarriedKeyName>
> 
>   </xenc:EncryptedKey>
> 
>   <xenc:EncryptedData Id="Revision-1-Encryption-1-EncryptedData-1">
> 
>      <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> 
>      <ds:KeyInfo>
> 
>         <ds:KeyName>secretKey</ds:KeyName>
> 
>      </ds:KeyInfo>
> 
>      <xenc:CipherData>
> 
>         <xenc:CipherReference
> URI="urn:hypersuite:534177D3-C0A8027601B4E829-57982AC1.txt"/>
> 
>      </xenc:CipherData>
> 
>   </xenc:EncryptedData>
> 
> </edoc:data>
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

Mime
View raw message