santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Putman <>
Subject Re: RSA key transport w/ SHA-2
Date Tue, 21 Jun 2011 19:50:17 GMT

On 6/21/11 3:41 PM, Cantor, Scott E. wrote:
> On 6/21/11 3:36 PM, "Cantor, Scott E." <> wrote:
>> This is somewhat directed at Sean, but if somebody else knows...
>> It looks like the RSA-OAEP key transport support is limited to SHA-1 as a
>> digest right now in the Java code. It seemed as though Java might support
>> the full range of SHA-2 options with that, but I guess the API here
>> doesn't.
> Correction: I guess just the algorithms are missing from the config file.
> Should I file a RFE to add them?

(Scott and I were just discussing this offline)

The issue isn't really that they are missing, it's that there can be
only one defined.  The RSA-OAEP algorithm URI maps to a (single) Java
JCA algorithm identifier. So you could change the mapping to something
else other than the default of SHA-1, but there's no real way to have
multiple mappings for the same xmlenc algorithm URI, and additionally no
way in the API to select the one that you want.  I think there would
probably have to be some API work on XMLCipher to allow selection of the
OAEP digest method (as well as the mask generation function).

View raw message