Thomas Beckers created WSS-717:
----------------------------------
Summary: Support for encryption with KeyInfo indication via
X509Data/X509SKI
Key: WSS-717
URL: https://issues.apache.org/jira/browse/WSS-717
Project: WSS4J
Issue Type: Improvement
Components: WSS4J Core
Affects Versions: 3.0.4
Reporter: Thomas Beckers
Assignee: Colm O hEigeartaigh
Attachments: image-2025-01-08-09-15-19-954.png, wss-issue.xml
When encrypting, it is currently not possible to indicate any key info using
only X509Data/X509SKI children:
!image-2025-01-08-09-15-19-954.png|width=695,height=147!
According to XML DSIG specification
([https://www.w3.org/TR/xmldsig-core1/#sec-X509Data|https://www.w3.org/TR/xmldsig-core1/%23sec-X509Data]),
a key identifier can be indicated by adding a X509Data element with a X509SKI
child containing "the base64 encoded plain (i.e. non-DER-encoded) value of a
X509 V.3 SubjectKeyIdentifier extension".
At the moment, wss4j only supports various other types (e.g.
{_}BST_DIRECT_REFERENCE{_}, {_}ISSUER_SERIAL{_}, etc.) who are additionally
*always* wrapped in a SecurityTokenReference (STR) element. We would like to
use X509Data/X509SKI without the STR.
The missing handling of X509SKI for the decryption side is already addressed in
https://issues.apache.org/jira/browse/WSS-714 (this is nearly the same context).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
