[
https://issues.apache.org/jira/browse/WSS-717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Beckers updated WSS-717:
-------------------------------
Labels: pull-request-available (was: )
> Support for encryption with KeyInfo indication via X509Data/X509SKI
> -------------------------------------------------------------------
>
> Key: WSS-717
> URL: https://issues.apache.org/jira/browse/WSS-717
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 3.0.4
> Reporter: Thomas Beckers
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2025-01-08-09-15-19-954.png, wss-issue.xml
>
>
> When encrypting, it is currently not possible to indicate any key info using
> only X509Data/X509SKI children:
> !image-2025-01-08-09-15-19-954.png|width=695,height=147!
> According to XML DSIG specification
> ([https://www.w3.org/TR/xmldsig-core1/#sec-X509Data|https://www.w3.org/TR/xmldsig-core1/%23sec-X509Data]),
> a key identifier can be indicated by adding a X509Data element with a
> X509SKI child containing "the base64 encoded plain (i.e. non-DER-encoded)
> value of a X509 V.3 SubjectKeyIdentifier extension".
> At the moment, wss4j only supports various other types (e.g.
> {_}BST_DIRECT_REFERENCE{_}, {_}ISSUER_SERIAL{_}, etc.) who are additionally
> *always* wrapped in a SecurityTokenReference (STR) element. We would like to
> use X509Data/X509SKI without the STR.
> The missing handling of X509SKI for the decryption side is already addressed
> in https://issues.apache.org/jira/browse/WSS-714 (this is nearly the same
> context).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
