On 6/21/11 3:50 PM, Brent Putman wrote:
On 6/21/11 3:41 PM, Cantor, Scott E. wrote:
On 6/21/11 3:36 PM, "Cantor, Scott E."<[email protected]> wrote:
This is somewhat directed at Sean, but if somebody else knows...
It looks like the RSA-OAEP key transport support is limited to SHA-1 as a
digest right now in the Java code. It seemed as though Java might support
the full range of SHA-2 options with that, but I guess the API here
doesn't.
Correction: I guess just the algorithms are missing from the config file.
Should I file a RFE to add them?
(Scott and I were just discussing this offline)
The issue isn't really that they are missing, it's that there can be
only one defined. The RSA-OAEP algorithm URI maps to a (single) Java
JCA algorithm identifier. So you could change the mapping to something
else other than the default of SHA-1, but there's no real way to have
multiple mappings for the same xmlenc algorithm URI, and additionally no
way in the API to select the one that you want. I think there would
probably have to be some API work on XMLCipher to allow selection of the
OAEP digest method (as well as the mask generation function).
Yes. Also, the JCEMapper should actually map
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p to the "RSA/ECB/OAEPPadding"
Cipher algorithm name, and then use the javax.crypto.spec.OAEPParameterSpec
class to specify the digest and mgf algorithms (which would either be specified
as XMLCipher API parameters when encrypting, or contained in the
EncryptionMethod element when decrypting).
--Sean
