Thanks, guys,
as i thought, the cerebral capacity was not big enough on my side... I got a copy and waste error
at the marked line in andrejs code: instead of RSA there was some other algorithm identifier used and that
was the source of the error.
Now i finally have my business logic : client signs, server verifies using trustlists and CRLs and then replies
sending the response encrypted using the key found in the certificate...
Again, many many thanks!
Juergen Key
Andrej Konkow wrote:
The solution for me was to change the encryption algorithm. So my code looks something like:
... KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); Key symkey = keyGenerator.generateKey();
XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128); xmlCipher.init(XMLCipher.ENCRYPT_MODE, symkey); XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5); keyCipher.init(XMLCipher.WRAP_MODE, kenkey); ...
regards,
Andrej
-----Urspr�ngliche Nachricht-----
Von: Dittmann Werner [mailto:[EMAIL PROTECTED] Gesendet: Montag, 20. September 2004 17:55
An: '[EMAIL PROTECTED]'
Betreff: AW: XML-Encryption
Juergen,
some time ago I had the same problem. The problem was that
the public key size was to small to encrypt my symmetric
key. "Small" means: I used a PKI with a keysize of 512 bits only, after switching to 1024 it was ok.
The PKI algorithms encrypt only one block of plain data at a time. There is a maximum blocksize for a PKI algorithm, this blocksize depends on the PKI algo and the chosen key size.
You may have a look at the "getBlockSize()" method of the your cipher instance to get the maximum block size for your PKI.
Regards, Werner
PS: you may also have a look at Apache's WSS4J project that provides you Web Service Security functions accroding to the OASIS WSS specifications. It may already give you the functions you need if you plan to use Web Service (SOAP) interfaces.
Werner
-----Urspr�ngliche Nachricht-----
Von: Juergen Key [mailto:[EMAIL PROTECTED] Gesendet: Montag, 20. September 2004 15:14
An: [EMAIL PROTECTED]
Betreff: XML-Encryption
Hi, there,
hope anyone has had the following problem and knows a solution
I want to send a certificate by signing a XML document. The other party shall answer
with an encrypted XML document (encrypted, that is, with the public key contained in my certificate).
This means i use the public key as key encryption key.
When i try to achieve this, i get an IllegalArgumentException saying
key size greater than 24 bytes.
Do i do something entirely horribly wrong?
Is my cerebral capacity inadequate?
Please show me a way out of the darkness
Juergen Key
