Hi Leos, SHA256 is not supported right now.
I just checked the rampart code to verify this and seems like we are not using the digest value from the AlgorithmSuite available in the policy. Also asymmetricSignature in AlgorithmSuite is hard coded to http://www.w3.org/2000/09/xmldsig#rsa-sha1 This value should be constructed properly depending on the parameters available. (Example : See the use of http://www.w3.org/2001/04/xmlenc#sha256 in [1]) Thanks, Ruchith 1. http://www.w3.org/TR/2010/WD-xmldsig-core1-20101130/Overview.html#sec-o-Simple 2011/3/17 Leos Literak <[email protected]>: > Hi, > > > > Can anybody reply me? Is SHA256 really supported? > > > > Leos > > > > Od: Leos Literak [mailto:[email protected]] > Odesláno: 15. března 2011 8:48 > > Komu: [email protected] > Předmět: RE: SHA2 support > > > > Hello, > > > > Is there anybody out there who has ever used the SHA256 algorithm / knows > how to configure it? > > > > Can you please help us? It becomes a major issue as SHA1 is obsoleted. > > Thank you in advance > > > > Leos > > > > Od: Leos Literak [mailto:[email protected]] > Odesláno: 11. března 2011 15:49 > Komu: [email protected] > Předmět: RE: SHA2 support > > > > As mentioned in https://issues.apache.org/jira/browse/RAMPART-216 we used > <sp:Basic256Sha256/> as well (and few others) with no luck. > > > > Od: Leos Literak [mailto:[email protected]] > Odesláno: 11. března 2011 15:36 > Komu: '[email protected]' > Předmět: RE: SHA2 support > > > > Martin, > > > > Thank you for your quick reply. Can you help us, how to setup axis to use > SHA256? > > > > Leoš > > > > Od: Martin Gainty [mailto:[email protected]] > Odesláno: 11. března 2011 15:06 > Komu: [email protected] > Předmět: RE: SHA2 support > > > > the currently supported (Rampart) Digest Algorithms are: > > contents of org.apache.ws.secpolicy.SPConstants: > > public final static String SHA1 = > "http://www.w3.org/2000/09/xmldsig#sha1";; > public final static String SHA256 = > "http://www.w3.org/2001/04/xmlenc#sha256";; > public final static String SHA512 = > "http://www.w3.org/2001/04/xmlenc#sha512";; > > if wish to request (rampart) support for a new Algorithm please file jira > request at > > https://issues.apache.org/jira/browse/Rampart -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
