[jira] [Updated] (WSS-716) DigestMethod is written for key EncryptionMethod AES-KW

Tue, 07 Jan 2025 04:42:24 -0800 


     [ 
https://issues.apache.org/jira/browse/WSS-716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thomas Beckers updated WSS-716:
-------------------------------
    Description: 
_DigestMethod_ is written for key _EncryptionMethod_ AES-KW:

!image-2025-01-07-13-30-48-625.png|width=693,height=225!

The digest is only relevant for RSA-OAEP key transport, not for AES-KW:

!image-2025-01-07-13-31-45-738.png|width=457,height=61!

 According to XML Encryption 1.1 spec this must also be treated as an error:

!image-2025-01-07-13-33-47-690.png|width=694,height=120!
[https://www.w3.org/TR/xmlenc-core1/#sec-EncryptionMethod]

 

phase4 ([https://github.com/phax/phase4)] sets the digest to SHA-256 which 
should be no problem because the RSA-OAEP parameters must not be written for 
AES-KW.

  was:
_DigestMethod_ is written for key _EncryptionMethod_ AES-KW:

!image-2025-01-07-13-30-48-625.png|width=693,height=225!

The digest is only relevant for RSA-OAEP key transport, not for AES-KW:

!image-2025-01-07-13-31-45-738.png|width=457,height=61!

 According to XML Encryption 1.1 spec this must also be treated as an error:

!image-2025-01-07-13-33-47-690.png|width=694,height=120!
[https://www.w3.org/TR/xmlenc-core1/#sec-EncryptionMethod]


> DigestMethod is written for key EncryptionMethod AES-KW
> -------------------------------------------------------
>
>                 Key: WSS-716
>                 URL: https://issues.apache.org/jira/browse/WSS-716
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 3.0.4
>            Reporter: Thomas Beckers
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>         Attachments: image-2025-01-07-13-30-48-625.png, 
> image-2025-01-07-13-31-45-738.png, image-2025-01-07-13-33-47-690.png, 
> wss4j.xml
>
>
> _DigestMethod_ is written for key _EncryptionMethod_ AES-KW:
> !image-2025-01-07-13-30-48-625.png|width=693,height=225!
> The digest is only relevant for RSA-OAEP key transport, not for AES-KW:
> !image-2025-01-07-13-31-45-738.png|width=457,height=61!
>  According to XML Encryption 1.1 spec this must also be treated as an error:
> !image-2025-01-07-13-33-47-690.png|width=694,height=120!
> [https://www.w3.org/TR/xmlenc-core1/#sec-EncryptionMethod]
>  
> phase4 ([https://github.com/phax/phase4)] sets the digest to SHA-256 which 
> should be no problem because the RSA-OAEP parameters must not be written for 
> AES-KW.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org

Reply via email to