santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Giger <gi...@apache.org>
Subject Re: AES 256 bit encryption
Date Thu, 14 Aug 2014 18:19:14 GMT
Hi Mujahed,

On Thu, 14 Aug 2014 08:48:04 -0700 (PDT)
mujahedsyed <msyed1983@gmail.com> wrote:

> Hi All,
> 
> I am trying to upgrade the existing sample application that I have
> been creating since past few weeks to work with AES 256 bit algorithm
> instead of AES 128.
> 
> Following this link on creating aes 256 keys
> http://www.ensor.cc/#setup I have create a key using keytool as: 
> keytool -genseckey -keystore aes-keystore.jck -storetype jceks -storepass mystorepass -keyalg AES -keysize 256 -alias jceksaes -keypass mykeypass  
> 
> do someone know if the keystore that is available here
> https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-encryption/src/test/resources/servicestore.jks
> was created using the same command (shown above).
> 
> I am asking this because when I do following in my code keystore
> returns null:
> 
> 
> I would really appreciate the guidance here, please let me know if
> you can point to some guide?
> 
> So, in summary I have three questions:
> 1. does anyone know if servicestore.jks was created using the same
> command I have used?

Most probably not since you are creating a symmetric key but the
sample project uses hybrid encryption and has therefore ony
asymmetric-keys stored in the jks.

> 2. why is defaultCert returing null for me? I think I have created my
> certificate incorrectly. I tried to debug this but the method source
> code "engineGetCertificate" in java.security.KeyStore.keyStoreSpi is
> not available.

Which defaultCert? Independent of that since you created a symmetric key
there is no cert. See 1. above

> 3. I have been googling all day to find out if there is any link
> available that can help me create a aes 256 bit key but i failed

If your goal is to create a symmetric key your command above seems to
be fine. But if you want to extend the sample project, which I think is
your goal, so that it encrypts the document with AES256 you simply have
to change the algo-uri in the code to
"http://www.w3.org/2001/04/xmlenc#aes256-cbc". That's it.
And if you want to create a new keystore to replace the provided one
in the sample project (of course you shouldn't use the provided one in
your projects, therefore this is the right thing todo) use "keytool
-genkeypair ..."
This will generate a Keypair incl. certificate (asymmetric keys used to
encrypt the session-key (the symmetric aes-key generated as defined
by the algo-uri).


Marc


> 
> Your help really appreciated,
> Thanks.
> Regards,
> Mujahed
> 
> 
> 
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/AES-256-bit-encryption-tp41373.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.


Mime
View raw message