santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hess Yvan" <Yvan.H...@imtf.ch>
Subject RE: Problem with rsa-1_5 padding mechanism
Date Thu, 30 Mar 2006 09:24:21 GMT
I continued my investigation and I can confirm that IBM XSS4J is using
noPadding for algorithm RSA-1_5 (RSA/ECB/NoPadding). 
I replaced into my XML document the encrypted secret key with noPadding
and its works fine. 

Seems to be a very critical bug into XSS4J library because all XML
documents encrypted with this library can never been decrypted into the
future by some others library doing things conform to the XML Encryption
Syntax and Processing specifications !!!

May be a guys of IBM can confirm that...

Regards. Yvan

-----Original Message-----
From: Berin Lautenbach [mailto:berin@wingsofhermes.org] 
Sent: jeudi, 30. mars 2006 11:07
To: security-dev@xml.apache.org
Cc: tomicmilan@yahoo.com
Subject: Re: Problem with rsa-1_5 padding mechanism

Hess Yvan wrote:
> - Does it means that XML apache security using RSA/ECB/PKCS1Padding is

> the correct one and that IBM XSS4J contains a critical bug ?
> - Is it right to map RSA 1.5 alg to a Java Cipher
"RSA/ECB/PKCS1Padding"
> ?

PKCS1Padding is the most common form of padding for RSA.  There is also
OAEP, which is supported within the dsig spec.

Using RSA without padding is potentially dangerous - lack of padding can
lead to potentially easy to decipher ciphertext when the plain text
sizes are small.

So to answer your questions

- PKCS1 padding is correct, and if XSS4J is uing no padding, it is an
error.  However I would be surprised if this were the case - would be
interesting to understand some background.
- Needs to be answered by the more Java minded people, but from memory
that is correct.

Cheers,
	Berin



Mime
View raw message