ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <Werner.Dittm...@t-online.de>
Subject Re: WS-Security RSA Excrytion exception..
Date Thu, 11 Jun 2009 11:08:31 GMT
Daniel Kulp schrieb:
....
> 
> I did a little digging and I THINK this particular exception could be fixed 
> with a simple change in WSS4J.   If the line:
> 
> cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
> 
> was surrounded with a try/catch that would then try:
> 
> cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
> 
> I THINK it would work.   Bouncycastle uses "NONE" for the mode whereas the Sun 
> provider uses ECB.   Not sure what the Sun setting for "RSA/NONE/OAEPPADDING" 
> is.  That would need to be investigated more.  It would be one of:
> OAEPWITHMD5ANDMGF1PADDING, OAEPWITHSHA1ANDMGF1PADDING, 
> OAEPWITHSHA-1ANDMGF1PADDING, OAEPWITHSHA-256ANDMGF1PADDING, 
> OAEPWITHSHA-384ANDMGF1PADDING, OAEPWITHSHA-512ANDMGF1PADDING
> but cryptography is definitely not my area.
> 
> In any case, that would require you to patch WSS4J.  If that's an option for 
> you, you could give that a try.

The notation of a "cipher mode" is not common for public key crypto algorithms
because you can use it in one way only (usually), that's why "NONE" is used here.
(Maybe Sun has invented other modes too ;-) ?)

For symmetric crypto algorithms you can choose between several modes
(ECB - Electronic Code Book, CFB - Cipher Feedback, and a lot of others).

> 
> To the WSS4j folks:  why is this method not calling XMLCipher.getInstance like 
> every other cipher related thing?  Should it be?   Would that alone fix it?
> 

XMLCipher is a specific instance that wraps (or unwraps) the cipher data
(or plain data) according to W3C xmlenc specification. In the above case we need
the plain public key algorithm to encrypt (or decrypt) the ephemeral symmetric
key with the public (private) key of the receiver.

No - it won't fix this particular problem.

Regards,
Werner
> 
> Dan
> 
> 
>>
>>
>>
>> Jun 10, 2009 5:11:04 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
>> handleMessage
>>
>> WARNING:
>>
>> org.apache.ws.security.WSSecurityException: An unsupported signature or
>> encryption algorithm was used (unsupported key t
>>
>> ransport encryption algorithm: No such algorithm:
>> http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested exception is:
>>
>>         java.security.NoSuchAlgorithmException: Cannot find any provider
>> supporting RSA/NONE/PKCS1PADDING
>>
>>         at
>> org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil
>> .java:690)
>>
>>         at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>> ncryptedKeyProcessor.java:145)
>>
>>         at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>> ncryptedKeyProcessor.java:107)
>>
>>         at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>> dKeyProcessor.java:87)
>>
>>
>>
>> thanks and regards,
>>
>> Bharath
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message