santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Putman <putm...@georgetown.edu>
Subject Re: RSA key transport w/ SHA-2
Date Tue, 21 Jun 2011 19:50:17 GMT


On 6/21/11 3:41 PM, Cantor, Scott E. wrote:
> On 6/21/11 3:36 PM, "Cantor, Scott E." <cantor.2@osu.edu> wrote:
> 
>> This is somewhat directed at Sean, but if somebody else knows...
>>
>> It looks like the RSA-OAEP key transport support is limited to SHA-1 as a
>> digest right now in the Java code. It seemed as though Java might support
>> the full range of SHA-2 options with that, but I guess the API here
>> doesn't.
> 
> Correction: I guess just the algorithms are missing from the config file.
> 
> Should I file a RFE to add them?


(Scott and I were just discussing this offline)

The issue isn't really that they are missing, it's that there can be
only one defined.  The RSA-OAEP algorithm URI maps to a (single) Java
JCA algorithm identifier. So you could change the mapping to something
else other than the default of SHA-1, but there's no real way to have
multiple mappings for the same xmlenc algorithm URI, and additionally no
way in the API to select the one that you want.  I think there would
probably have to be some API work on XMLCipher to allow selection of the
OAEP digest method (as well as the mask generation function).




Mime
View raw message