[
https://issues.apache.org/jira/browse/WSS-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725350#comment-13725350
]
Marc Giger commented on WSS-472:
--------------------------------
fixed in r1508931.
> Incorrect Symmetric Key Derivation Length validation
> ----------------------------------------------------
>
> Key: WSS-472
> URL: https://issues.apache.org/jira/browse/WSS-472
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0
>
>
> There is an error in validating Signature Key Lengths against policy when
> derived keys are used with the Symmetric binding. For the "Basic256" policy
> for example, symmetric key lengths must be 256 bits, but derived keys for
> signature purposes can be 192 bits. The problem is that the SignatureVerifier
> class in Santuario asks for a secret key using XMLSecurityConstants.Sym_Sig,
> and eventually AbstractInboundSecurityToken ends up creating a new
> AlgorithmSuiteSecurityEvent using this. We need some way to distinguish
> between the two cases for validating against the AlgorithmSuite policy.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
