[
https://issues.apache.org/jira/browse/WSS-472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-472.
-----------------------------------
> Incorrect Symmetric Key Derivation Length validation
> ----------------------------------------------------
>
> Key: WSS-472
> URL: https://issues.apache.org/jira/browse/WSS-472
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0.0
>
>
> There is an error in validating Signature Key Lengths against policy when
> derived keys are used with the Symmetric binding. For the "Basic256" policy
> for example, symmetric key lengths must be 256 bits, but derived keys for
> signature purposes can be 192 bits. The problem is that the SignatureVerifier
> class in Santuario asks for a secret key using XMLSecurityConstants.Sym_Sig,
> and eventually AbstractInboundSecurityToken ends up creating a new
> AlgorithmSuiteSecurityEvent using this. We need some way to distinguish
> between the two cases for validating against the AlgorithmSuite policy.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
