[
https://issues.apache.org/jira/browse/WSS-575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223964#comment-15223964
]
Stefan Müller commented on WSS-575:
-----------------------------------
Where do I set this?
This is a snippet of our AlgorithmSuite:
{{{quote}algorithmSuiteTypes.put(
BASIC_128_GCM_SHA_256_MGF_SHA_256,
new AlgorithmSuiteType(
BASIC_128_GCM_SHA_256_MGF_SHA_256,
SPConstants.SHA256,
DomibusAlgorithmSuiteLoader.AES128_GCM_ALGORITHM,
SPConstants.KW_AES128,
WSS4JConstants.KEYTRANSPORT_RSAOEP_XENC11,
SPConstants.P_SHA1_L128,
SPConstants.P_SHA1_L128,
128, 128, 128, 256, 1024, 4096
)
);
algorithmSuiteTypes.get(BASIC_128_GCM_SHA_256_MGF_SHA_256).setMGFAlgo(WSConstants.MGF_SHA256);{quote}}}
However this results in:
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EK-8c28ac44-3e1c-421c-b6dd-2a259b1c3462">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep";>
<xenc11:MGF
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"/>
</xenc:EncryptionMethod>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>...</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
URI="#ED-812abd3c-6d16-410f-b607-93219590b511"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
According to https://www.w3.org/TR/xmlenc-core1/#sec-RSA-OAEP {quote}The
message digest function SHOULD be specified using the Algorithm attribute of
the ds:DigestMethod child element of the xenc:EncryptionMethod element. If it
is not specified, the default value of SHA1 is to be used. {quote}
So we are looking for a way to specify the ds:DigestMethod.
If there already is a way we would be very grateful if you could point us
towards it.
> Support for Digest other than sha1 in xenc:EncryptionMethod
> ------------------------------------------------------------
>
> Key: WSS-575
> URL: https://issues.apache.org/jira/browse/WSS-575
> Project: WSS4J
> Issue Type: New Feature
> Components: WSS4J Core
> Affects Versions: 2.1.3
> Reporter: Stefan Müller
> Assignee: Colm O hEigeartaigh
> Labels: security
>
> To support a specific security profile we need to be able to set the
> DigestMethod to sha256. We already have a custom algorithmsuite implementing
> org.apache.wss4j.policy.model.AlgorithmSuite supporting everyhting but the
> ds:DigestMethod:
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep";>
> <xenc11:MGF
> xmlns:xenc11="http://www.w3.org/2009/xmlenc11#";
> Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"/>
> *<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256"; />*
> </xenc:EncryptionMethod>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
