santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Konstantinides <Thomas.Konstantini...@isb-ag.de>
Subject Patch for using RSA/ECB/OAEPWithSHA-256AndMGF1Padding
Date Thu, 20 Nov 2014 15:04:14 GMT
Hi,

I was trying to use the version 2.0.2 of santuario to encrypt a XML document with an AES key
where the AES key itself should be encrypted using an RSA public key.

However at the moment it seems not possible to use the Cipher "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
as the encryption algorithm to encrypt the AES key. This algorithm is supposed to be supported
by every implementation of the Java 7 platform  (see https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html)
and is also provided by the SunJCE in Java 6 (https://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJCEProvider).

The attached patch fixes this behavior by considering that the digestAlgorithm given to the
method constructCipher() in XMLCipher can be SHA-256 as well.

Maybe someone can double check if the patch is really needed or if there's other possibilities
to get RSA/ECB/OAEPWithSHA-256AndMGF1Padding to work with version 2.0.2.

I'd rise a jira issue if you find that this is really a bug.

Thanks and regards,
Thomas

Mime
View raw message