[jira] [Comment Edited] (CAMEL-12857) Enhance the AS2 Component to support RSA-OAEP

Thu, 04 Oct 2018 07:48:09 -0700 


    [ 
https://issues.apache.org/jira/browse/CAMEL-12857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16638323#comment-16638323
 ] 

Martin Hoffmann edited comment on CAMEL-12857 at 10/4/18 2:47 PM:
------------------------------------------------------------------

To use OAEP with BouncyCastle you must and an additional parameter to the 
JceKeyTransRecipientInfoGenerator
{code:java}
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;

...

JcaAlgorithmParametersConverter paramsConverter = new 
JcaAlgorithmParametersConverter();
AlgorithmIdentifier algorithmIdentifier = 
paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, 
OAEPParameterSpec.DEFAULT);
JceKeyTransRecipientInfoGenerator generator = new 
JceKeyTransRecipientInfoGenerator(encryptionCertificate, 
algorithmIdentifier);{code}


was (Author: exx_communication):
To use OAEP with BouncyCastle you must and an additional parameter to the 
JceKeyTransRecipientInfoGenerator
{code:java}
JcaAlgorithmParametersConverter paramsConverter = new 
JcaAlgorithmParametersConverter();
AlgorithmIdentifier algorithmIdentifier = 
paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, 
OAEPParameterSpec.DEFAULT);
JceKeyTransRecipientInfoGenerator generator = new 
JceKeyTransRecipientInfoGenerator(encryptionCertificate, 
algorithmIdentifier);{code}

> Enhance the AS2 Component to support RSA-OAEP
> ---------------------------------------------
>
>                 Key: CAMEL-12857
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12857
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-as2
>    Affects Versions: 2.22.1
>            Reporter: Martin Hoffmann
>            Priority: Major
>
> The use of AS2 in Germany for business application could require to follow 
> regulations set by the BSI (German Federal Office for Information Security).
> The BSI requeries to use OAEP (Optimal asymmetric encryption padding) when 
> sending encrypted SMIME-messages between public institutions. As AS2 uses 
> SMIME as message structur this regulation affects AS2 implementation used in 
> Germany.
> [https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding]
> The BouncyCastle libary already supports OAEP.
> See [https://www.bouncycastle.org/specifications.html]
>  * RSA/NONE/OAEPWithMD5AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA1AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA224AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA256AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA384AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA512AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA3-224AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA3-256AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA3-384AndMGF1Padding
>  * RSA/NONE/OAEPWithSHA3-512AndMGF1Padding



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to